• Title/Summary/Keyword: Shadow Password

Search Result 6, Processing Time 0.032 seconds

User Behavior on Changing the Password from the Shadow Work View (그림자노동 차원에서 본 IT 사용자의 비밀번호 변경행동 연구)

  • Park, Sang Cheol
    • The Journal of Information Systems
    • /
    • v.28 no.2
    • /
    • pp.93-107
    • /
    • 2019
  • Purpose The purpose of this study is to explain the mechanism of user behaviors in password reset context based on descriptive data from conducting interviews. Specifically, this study attempted to describe the process of changing password from the shadow work perspective. Design/methodology/approach This study has interviewed 8 participants who can freely use numerous online web-sites. This study also employed the grounded theory methodology to analyze interview manuscripts. After conducting analyzing the manuscripts, this study has extracted 46 codes in the coding steps and ultimately presented 8 categories by combining similar concepts from those codes. Findings According to the results, this study provides new viewpoints to explain unique user behavior in the password reset context by capturing the shadow work based on the results. This study further offers practical implications to numerous practitioners by finding various codes, which related to users' reaction and behavior.

User Authentication by using SMART CARD and PAM (스마트 카드와 PAM을 이용한 사용자 인증)

  • 강민정;강민수;박연식
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2003.05a
    • /
    • pp.637-640
    • /
    • 2003
  • Authentication between Server and Client is necessary in most of Internet Service because of increasing of using of Internet. Unix-based Server upgraded security of user authentication using "Shadow Password" instead of "crypt" function. But "Shadow Password" most use same authentication method about all services. But we individually can set user authentication method using PAM(Pluggable Authentication Module). This paper will propose user authentication system using Linux-PAM that use SMART CARD as authentication token.

  • PDF

Affective Response to Feelings of Password Fatigue by Password Change Requirements

  • Sang Cheol Park
    • Asia pacific journal of information systems
    • /
    • v.33 no.3
    • /
    • pp.603-623
    • /
    • 2023
  • While prior work has conducted individuals' password security behavior, there is a relatively neglect to examine individuals' affect and feelings of password fatigue in password change context. Therefore, this study explicated individuals' affective response to the feelings of password fatigue by drawing on several theoretical lens. Survey data collected from 267 users were used to test the model using partial least square analysis. This study found that feelings of password fatigue positively affected the negative password fatigue-induced affect, and also both the feelings of password fatigue and the negative password fatigue-induced affect were negatively related to attitude toward changing passwords, which in turn, leads to the intention to change passwords. Furthermore, this study found that shadow work recognition negatively moderated the relationship between attitude and behavioral intention. This study could offer a new theoretical perspective to understand an individual's security behavior and provide empirical evidences for practitioners in charge of IT security in organizations.

A Study on Impersonation Attack of Linux Sudoers Through Shadow File Manipulation (Shadow 파일 조작을 통한 리눅스 Sudoer의 위장공격에 대한 연구)

  • Kim, Sanghun;Cho, Taenam
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.9 no.7
    • /
    • pp.149-156
    • /
    • 2020
  • All operating systems have privileged administrator accounts for efficient management. Dangerous or sensitive tasks or resources should be banned from normal users and should only be accessible by administrators. One example of this privilege is to reset a user's password when the user loses his/her password. In this paper, the privileges of the sudoer group, the administrator group of Linux Ubuntu, and the management system of the sudoer group were analyzed. We show the danger that a sudoer can use the privilege to change the password of other users, including other sudoers, and modify the log, and suggest a countermeasure to prevent the manipulation of shadow files as a solution to this. In addition, the proposed method was implemented and the possibility of practical use was confirmed with excellent performance.

Session Key Agreement Protocol for IoT Home Devices using Shadow Passwords (그림자 패스워드를 사용한 IoT 홈 디바이스 사이의 세션키 공유 프로토콜)

  • Jung, Seok Won
    • Journal of Internet of Things and Convergence
    • /
    • v.6 no.2
    • /
    • pp.93-100
    • /
    • 2020
  • Although various home services are developed as increasing the number of home devices with wire and wireless connection, privacy infringement and private information leakage are occurred by unauthorized remote connection. It is almost caused by without of device authentication and protection of transmission data. In this paper, the devices' secret value are stored in a safe memory of a smartphone. A smartphone processes device authentication. In order to prevent leakage of a device's password, a shadow password multiplied a password by the private key is stored in a device. It is proposed mutual authentication between a smartphone and a device, and session key agreement for devices using recovered passwords on SRP. The proposed protocol is resistant to eavesdropping, a reply attack, impersonation attack.

Hardware Crypto-Core Based Authentication System (하드웨어 암호코어 기반 인증 시스템)

  • Yoo, Sang-Guun;Park, Keun-Young;Kim, Tae-Jun;Kim, Ju-Ho
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.46 no.1
    • /
    • pp.121-132
    • /
    • 2009
  • Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.