• Title/Summary/Keyword: password

Search Result 883, Processing Time 0.035 seconds

Improved Password Change Protocol Using One-way Function (일방향 함수를 이용한 개선된 패스월드 변경 프로토콜)

  • Jeon Il-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.2
    • /
    • pp.121-127
    • /
    • 2006
  • Recently, Chang et at.$^[9]$ proposed a new password-based key agreement protocol and a password change protocol to improve the efficiency in the password-based authenticated key agreement protocol proposed by Yeh et at.$^[8]$. However, Wang et al.$^[10]$ showed that their protected password change protocol is not secure under the denial of service attack and the dictionary attack This paper proposes an improved password change protocol to solve this problems in the Chang et al's protocol. In the proposed protocol, the format of communication messages is modified not to have any clue for the guessing of the password and verifying of the guessed password. The proposed protocol supports the advantages in the previous password-based protocols and solves the problems in them effectively.

Design of Improved Strong Password Authentication Scheme to Secure on Replay Attack (재전송 공격에 안전한 개선된 강력한 패스워드 인증 프로토콜 설계)

  • Kim, Jun-Sub;Kwak, Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.6
    • /
    • pp.133-140
    • /
    • 2011
  • Password-based authentication is the protocol that two entities share a password in advance and use the password as the basic of authentication. Password authentication schemes are divided into weak-password and strong-password authentication scheme. SPAS protocol, one of the strong-password authentication scheme, was proposed for secure against DoS attack. However it has vulnerability of the replay attack. In this paper, we analyze the vulnerability to the replay attack in SPAS protocol. Then we also propose an Improved-Strong Password Authentication Scheme (I-SPAS) with secure against the replay attack.

A Study On Enterprise Password Management Recommendations (대규모 조직에서의 패스워드 관리에 관한 권고 고찰)

  • Park, Jin-Sub
    • Journal of National Security and Military Science
    • /
    • s.8
    • /
    • pp.421-465
    • /
    • 2010
  • Passwords are used in many ways to protect data, systems, and networks. Passwords are also used to protect files and other stored information. In addition, passwords are often used in less visible ways for authentication. In this article, We provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users - and no unauthorized users - can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves.

  • PDF

A Study on Improvement of Password Algorithm (패스워드 알고리즘의 개선에 관한 연구)

  • 김영수;박연식;임재홍
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 1999.11a
    • /
    • pp.287-293
    • /
    • 1999
  • The first stage for computer security is password. If security of password is impotent even constructing of perfect fire-wall, fire-wall is not anything but a good-for-nothing. Because management of password is depend upon an end-user rather than a system-manager, carelessness of password management is an inevitable result. It is a reason that an end-user is actually not able to manage a high-difficulty-password. In this paper, algorithm of password is improved to be difficult of hacking, having a existing password input pattern for an end-user.

  • PDF

PC User Authentication using Hand Gesture Recognition and Challenge-Response

  • Shin, Sang-Min;Kim, Minsoo
    • Journal of Advanced Information Technology and Convergence
    • /
    • v.8 no.2
    • /
    • pp.79-87
    • /
    • 2018
  • The current PC user authentication uses character password based on user's knowledge. However, this can easily be exploited by password cracking or key-logging programs. In addition, the use of a difficult password and the periodic change of the password make it easy for the user to mistake exposing the password around the PC because it is difficult for the user to remember the password. In order to overcome this, we propose user gesture recognition and challenge-response authentication. We apply user's hand gesture instead of character password. In the challenge-response method, authentication is performed in the form of responding to a quiz, rather than using the same password every time. To apply the hand gesture to challenge-response authentication, the gesture is recognized and symbolized to be used in the quiz response. So we show that this method can be applied to PC user authentication.

Vulnerability of Two Password-based Key Exchange and Authentication Protocols against Off-line Password-Guessing Attacks (두 패스워드 기반 키 교환 및 인증 프로토콜들에 대한 오프라인 패스워드 추측 공격의 취약성 분석)

  • Shim, Kyung-Ah;Lee, Hyang-Sook;Lee, Ju-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.3-10
    • /
    • 2008
  • Since a number of password-based protocols are using human memorable passwords they are vulnerable to several kinds of password guessing attacks. In this paper, we show that two password-based key exchange and authentication protocols are insecure against off-line password-guessing attacks.

The Password base System for the safe and Efficient Identification (안전하고 효율적인 신원확인을 위한 암호기반 시스템)

  • Park, Jong-Min;Park, Byung-Jun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.1
    • /
    • pp.81-86
    • /
    • 2009
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we propose a new identification scheme One Pass Identification. The security of Password base System is based on the square root problem, and Password base System is secure against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of Password base System is one, and Password base System processes the password and does not need the key. We think that Password base System is excellent for the consuming time to verify the prover.

Advanced Password Input Method in Automated Teller Machines/Cash Dispenser (현금자동입출금기/현금지급기에서 개선된 비밀번호 입력 방법)

  • Kim, Tae-Hee;Park, Seung-Bae;Kang, Moon-Seol
    • The KIPS Transactions:PartC
    • /
    • v.18C no.2
    • /
    • pp.71-78
    • /
    • 2011
  • Financial accidents such as password exposure of credit cards or bankbooks occur often when a password is inputted to ATM/CD(Automated Teller Machines and Cash Dispenser), so particular attention is required when inputting a password. This study suggested a method to input a password safely to prevent stealing a glance at a password in case of the use of ATM/CD. The method is that users input a password when numbers are randomly displayed and disappear not to notice the password even though someone is next to or behind the users. As methods to input a password safely, the study verified safety by dividing the methods into a test of shoulder surfing, an intuitive perspective, and a theoretical analysis. In addition, the result of implementation to apply the method to ATM/CD shows that a percentage of acquiring a password from the attack of shoulder surfing is found to be lower than an existing method, so password exposure can be prevented.

A study on User Authentication Technology of Numeric based Pattern Password (숫자기반의 패턴 형식 패스워드 사용자인증 기술)

  • Ju, Seung-Hwan;Seo, Hee-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.9
    • /
    • pp.65-73
    • /
    • 2012
  • The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.