Browse > Article
http://dx.doi.org/10.3745/KTCCS.2014.3.12.463

Security Analysis on Password Authentication System of Web Sites  

Noh, Heekyeong (고려대학교 정보보호대학원)
Choi, Changkuk (고려대학교 정보보호대학원)
Park, Minsu (고려대학교 정보보호대학원)
Kim, Seungjoo (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.3, no.12, 2014 , pp. 463-478 More about this Journal
Abstract
Portal site is not only providing search engine and e-mail service but also various services including blog, news, shopping, and others. The fact that average number of daily login for Korean portal site Naver is reaching 300 million suggests that many people are using portal sites. With the increase in number of users followed by the diversity in types of services provided by portal sites, the attack is also increasing. Most of studies of password authentication is focused on threat and countermeasures, however, in this study, we analyse the security threats and security requirement of membership, login, password reset first phase, password reset second phase. Also, we measure security score with common criteria of attack potential. As a result, we compare password authentication system of domestic and abroad portal sites.
Keywords
Password Authentication System of Web Portal; Threat of Web Portal; Security Requirement of Web Portal; Attack Potential;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Ji Sun Shin, "Study on Anti-Phishing Solutions, Related Researches and Future Directions," Journal of The Korea Institute of Information Security & Cryptology, Vol.23, No.6, Dec., 2013.
2 Leijten, Marielle, and Luuk Van Waes, "Keystroke Logging in Writing Research Using Inputlog to Analyze and Visualize Writing Processes," Written Communication 30.3, pp.358-392, 2013.   DOI
3 "2014 Trustwave Global Security Report," Trustwave, 2014.
4 Dell'Amico, Matteo, Pietro Michiardi, and Yves Roudier, "Password strength: An empirical analysis," INFOCOM, 2010 Proceedings IEEE. IEEE, 2010.
5 Irani, Danesh, et al., "Modeling unintended personalinformation leakage from multiple online social networks," Internet Computing, IEEE 15.3, pp.13-19, 2011.
6 HyeongKyu Lee, "The Problems and Reformation of the Personal Identification by the Resident Registration Number on the Internet," Hanyang Law Review, Vol.23-1, pp.341-371, Feb., 2012.
7 Von Ahn, Luis, et al., "CAPTCHA: Using hard AI problems for security," Advances in Cryptology-EUROCRYPT 2003. Springer Berlin Heidelberg, pp.294-311, 2003.
8 Lei Jin, Hassan Takabi, James B.D. Joshi, "Analysing security and privacy issues of using e-mail address as identity," International Journal of Information Privacy, Security and Integrity, Vol.1, No.1, pp.34-58, 2011.   DOI
9 Goring, Stuart P., Joseph R. Rabaiotti, and Antonia J. Jones, "Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences," Computers & Security 26.6, pp.421-426, 2007.   DOI
10 Lei Jin, Hassan Takabi, James B.D. Joshi, "Analysing security and privacy issues of using e-mail address as identity," International Journal of Information Privacy, Security and Integrity, Vol.1, No.1, pp.34-58, 2011.   DOI
11 Bruce Schneier, "Applied Cryptography," John Wiley & Sons, 1996.
12 Perlman, Radia, and Charlie Kaufman, "User-centric PKI," Proceedings of the 7th Symposium on Identity and Trust on the Internet. ACM, 2008.
13 Komanduri, Saranga, et al., "Of passwords and people: measuring the effect of password-composition policies," Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2011.
14 Just, Mike, and David Aspinall, "Personal Choice and Challenge Questions: A Security and Usability Assessment," Poceedings of the 5th Symposium on Usable Privacy and Security. ACM, 2009.
15 Jin, Lei, Hassan Takabi, and James BD Joshi, "Analysing security and privacy issues of using e-mail address as identity," International Journal of Information Privacy, Security and Integrity, 1.1. pp.34-58, 2011.   DOI
16 C.E. Shannon, "A mathematical theory of communication," Bell System Technical Journal, Vol.27, pp.379-423, 1948.   DOI
17 Ma, Wanli, et al., "Password entropy and password quality," Network and System Security (NSS), 2010 4th International Conference on. IEEE, 2010.
18 Yan, Jianxin Jeff, "A note on proactive password checking," Proceedings of the 2001 workshop on New security paradigms. ACM, 2001.
19 Bishop, Matt, "Proactive password checking," 4th Workshop on Computer Security Incident Handling, 1992.
20 "Common Methodology for Information Technology Security Evaluation," Common Criteria, Version 3.1. Jul., 2009.
21 Cazier, Joseph A., and B. Dawn Medlin, "Password security: An empirical investigation into e-commerce passwords and their crack times," Information Systems Security 15.6. pp.45-55, 2006.   DOI
22 "Kaspersky Releases Q1 Spam Report," Kaspersky, 2014.