Security Analysis on Password Authentication System of Web Sites |
Noh, Heekyeong
(고려대학교 정보보호대학원)
Choi, Changkuk (고려대학교 정보보호대학원) Park, Minsu (고려대학교 정보보호대학원) Kim, Seungjoo (고려대학교 정보보호대학원) |
1 | Ji Sun Shin, "Study on Anti-Phishing Solutions, Related Researches and Future Directions," Journal of The Korea Institute of Information Security & Cryptology, Vol.23, No.6, Dec., 2013. |
2 | Leijten, Marielle, and Luuk Van Waes, "Keystroke Logging in Writing Research Using Inputlog to Analyze and Visualize Writing Processes," Written Communication 30.3, pp.358-392, 2013. DOI |
3 | "2014 Trustwave Global Security Report," Trustwave, 2014. |
4 | Dell'Amico, Matteo, Pietro Michiardi, and Yves Roudier, "Password strength: An empirical analysis," INFOCOM, 2010 Proceedings IEEE. IEEE, 2010. |
5 | Irani, Danesh, et al., "Modeling unintended personalinformation leakage from multiple online social networks," Internet Computing, IEEE 15.3, pp.13-19, 2011. |
6 | HyeongKyu Lee, "The Problems and Reformation of the Personal Identification by the Resident Registration Number on the Internet," Hanyang Law Review, Vol.23-1, pp.341-371, Feb., 2012. |
7 | Von Ahn, Luis, et al., "CAPTCHA: Using hard AI problems for security," Advances in Cryptology-EUROCRYPT 2003. Springer Berlin Heidelberg, pp.294-311, 2003. |
8 | Lei Jin, Hassan Takabi, James B.D. Joshi, "Analysing security and privacy issues of using e-mail address as identity," International Journal of Information Privacy, Security and Integrity, Vol.1, No.1, pp.34-58, 2011. DOI |
9 | Goring, Stuart P., Joseph R. Rabaiotti, and Antonia J. Jones, "Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences," Computers & Security 26.6, pp.421-426, 2007. DOI |
10 | Lei Jin, Hassan Takabi, James B.D. Joshi, "Analysing security and privacy issues of using e-mail address as identity," International Journal of Information Privacy, Security and Integrity, Vol.1, No.1, pp.34-58, 2011. DOI |
11 | Bruce Schneier, "Applied Cryptography," John Wiley & Sons, 1996. |
12 | Perlman, Radia, and Charlie Kaufman, "User-centric PKI," Proceedings of the 7th Symposium on Identity and Trust on the Internet. ACM, 2008. |
13 | Komanduri, Saranga, et al., "Of passwords and people: measuring the effect of password-composition policies," Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2011. |
14 | Just, Mike, and David Aspinall, "Personal Choice and Challenge Questions: A Security and Usability Assessment," Poceedings of the 5th Symposium on Usable Privacy and Security. ACM, 2009. |
15 | Jin, Lei, Hassan Takabi, and James BD Joshi, "Analysing security and privacy issues of using e-mail address as identity," International Journal of Information Privacy, Security and Integrity, 1.1. pp.34-58, 2011. DOI |
16 | C.E. Shannon, "A mathematical theory of communication," Bell System Technical Journal, Vol.27, pp.379-423, 1948. DOI |
17 | Ma, Wanli, et al., "Password entropy and password quality," Network and System Security (NSS), 2010 4th International Conference on. IEEE, 2010. |
18 | Yan, Jianxin Jeff, "A note on proactive password checking," Proceedings of the 2001 workshop on New security paradigms. ACM, 2001. |
19 | Bishop, Matt, "Proactive password checking," 4th Workshop on Computer Security Incident Handling, 1992. |
20 | "Common Methodology for Information Technology Security Evaluation," Common Criteria, Version 3.1. Jul., 2009. |
21 | Cazier, Joseph A., and B. Dawn Medlin, "Password security: An empirical investigation into e-commerce passwords and their crack times," Information Systems Security 15.6. pp.45-55, 2006. DOI |
22 | "Kaspersky Releases Q1 Spam Report," Kaspersky, 2014. |