• Smart Media Journal
• /
• v.9 no.4
• /
• pp.52-59
• /
• 2020

This second survey, which collected 2392 disclosing grades data for 2012~ 2017, nearly twice the first survey, was conducted to supplement the result of the first survey on the reuse of 4-digit passcodes(PCs) data. In addition of second survey, we found that the more number of used PCs, the higher reuse rate, up to 4 numbers of PCs were used for reusing and there may be personal differences even on the single site. The results of this paper that were not available in the first survey were close to the those of foreign research on the reuse of passwords using a mixture of numbers, letters and special characters. This second survey provided an inference that an opportunity to indirectly approach the domestic situation of re-using password, where data collection is impossible and that domestic regulation such as periodic change of password may increase the re-using password.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.81-90
• /
• 2023

Cloud computing is an emerging business model popularized during the last few years by the IT industry. Providing "Everything as a Service" has shifted many organizations to choose cloud-based services. However, some companies still fear shifting their data to the cloud due to issues related to the security and privacy. The paper suggests a novel Trust based Mutual Authentication Mechanism using Secret P-box based Mutual Authentication Mechanism (TbMAM-SPb) on the criticality of information. It uses a particular passcodes from one of the secret P-box to act as challenge to one party. The response is another passcode from other P-box. The mechanism is designed in a way that the response given by a party to a challenge is itself a new challenge for the other party. Access to data is provided after ensuring certain number of correct challenge-responses. The complexity can be dynamically updated on basis of criticality of the information and trust factor between the two parties. The communication is encrypted and time-stamped to avoid interceptions and reuse. Overall, it is good authentication mechanism without the use of expensive devices and participation of a trusted third party.