LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

LI Jian-jun,GUO Wei-qing,XU Duan-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.15.056

2006-01-01

Abstract:Authentication is the core and the first gateway to computer security system. With mentality of middleware and the tokencard authentication system, the improved project of GINA and extensional technology on Windows are introduced and a more flexible mecha- nism for the two-factor authentication module is provided. With the virtual tokencard technology, the Tokencard make the multi-role logon authentication possible and it proves to be more flexible and reliable.

Jing Tian,Chengzhang Qu,Wenyuan Xu,Song Wang

2013-01-01

Abstract:Password-based authentication is easy to use but its security is bounded by how much a user can remember. Biometrics-based authentication requires no memorization but ‘resetting’ a biometric password may not always be possible. In this paper, we propose a user-friendly authentication system (KinWrite) that allows users to choose arbitrary, short and easy-to-memorize passwords while providing resilience to password cracking and password theft. KinWrite lets users write their passwords in 3D space and captures the handwriting motion using a low cost motion input sensing device—Kinect. The low resolution and noisy data captured by Kinect, combined with low consistency of in-space handwriting, have made it challenging to verify users. To overcome these challenges, we exploit the Dynamic Time Warping (DTW) algorithm to quantify similarities between handwritten passwords. Our experimental results involving 35 signatures from 18 subjects and a brute-force attacker have shown that KinWrite can achieve a 100% precision and a 70% recall (the worst case) for verifying honest users, encouraging us to carry out a much larger scale study towards designing a foolproof system.

Suyun Borjigin

2024-05-31

Abstract:Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is useless. If unauthorized inputs are invalidated, remote attacks can be disabled. Thus, credential secrets and account input fields can be controlled. Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. Subsequently, the authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks. Thus, the usability-security tradeoff and password reuse issues are resolved; local authentication password storage is no longer necessary. More importantly, the password converter acts as an open hashing algorithm, meaning that its intermediate elements can be used to define a truly unique identity for the login process to implement a novel dual-identity authentication scheme. In particular, the system-managed elements are concealed, inaccessible, and independent of any personal information and therefore can be used to define a perfect unforgeable process identifier to identify unauthorized inputs.

Cryptography and Security,Emerging Technologies,Systems and Control

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

WANG Jun

DOI: https://doi.org/10.3969/j.issn.1009-3044.2012.23.013

2012-01-01

Abstract:Along with the social informatization is getting higher and higher,the data stored in the DBMS to security requirements are also gradually improve.Systems generally will require the user to input the password,that is,by setting a password to protect the security of the database.It’s talking about commonly used methods of password analysis about database encryption.It’s obvious that encryption algorithm has been greatly enhanced in the new version through to the contrast analysis between an encrypted database of Access 2003 and an encrypt ed database of Access 2010,improved the password security of Access 2010.

Travis Z. Suel

DOI: https://doi.org/10.48550/arXiv.1209.0967

2012-09-05

Abstract:Passwords are a fragile, inadequate, and insecure tool for authenticating users, and are especially fraught with problems when used to secure access to network resources and services. In many cases, passwords provide a false sense of security. Creating passwords which are both secure (i.e., hard for attackers to guess) and easy for humans to remember is, at best, a paradoxical task because these two criteria are diametrically opposed. Fortunately, a far more secure and user-friendly alternative is available. Public-key cryptography provides a means of both identifying and authenticating users without the need for passwords. KeyAuth is a generic and universal implementation of public-key authentication aimed at supplanting password-based authentication and significantly improving the security of network accessible resources by enhancing the usability of frequently used authentication mechanisms. KeyAuth is an application-, language-, operating system-, and protocol-independent public-key authentication service.

Cryptography and Security,Human-Computer Interaction

Ping Wang,Ding Wang,Xinyi Huang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160483

2016-01-01

Abstract:Identity authentication is the first line of defense for information systems ,and passwords are the most widely used authentication method .Though there are a number of issues in passwords regarding security and usability , and various alternative authentication methods have also been successively proposed , password‐based authentication will remain the dominant method in the foreseeable future due to its simplicity ,low cost and easiness to change .T hus ,this topic has attracted extensive interests from worldwide researchers ,and many important results have been revealed .This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics ,distribution and reuse rate .Next we summarize the primary cracking algorithms that have appeared in the past 30 years , and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker .Then ,we revisit the various statistical‐based evaluation metrics for measuring the strength of password distributions .Further ,we compare the state‐of‐the‐art password strength meters .Finally ,we summarize our results and outline some future research trends .

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

Ding Wang,Ping Wang

DOI: https://doi.org/10.1007/978-3-319-23829-6_11

2015-01-01

Abstract:Smart-card-based password authentication, known as two-factor authentication, is one of the most widely used security mechanisms to validate the legitimacy of a remote client, who must hold a valid smart card and the correct password in order to successfully login the server. So far the research on this domain has mainly focused on developing more secure, privacy-preserving and efficient protocols, which has led to numerous efficient proposals with a diversity of security provisions, yet little attention has been directed towards another important aspect, i.e. the usability of a scheme. This paper focuses on the study of two specific security threats on usability in two-factor authentication. Using two representative protocols as case studies, we demonstrate two types of security threats on usability: (1) Password change attack, which may easily render the smart card completely unusable by changing the password to a random value; and (2) De-synchronization attack, which breaks the consistence of the pseudo-identities between the user and the server. These threats, though realistic in practice, have been paid little attention in the literature. In addition to revealing the vulnerabilities, we discuss how to thwart these security threats and secure the protocols.

Yuanwei Hou,Yu Gu,Weiping Li,Zhi Liu

DOI: https://doi.org/10.1587/transfun.2021eap1119

2022-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show thatWiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Yanjiang Yang,Shuhong Wang,Feng Bao,Jie Wang,Robert H. Deng

DOI: https://doi.org/10.1016/j.cose.2004.08.005

IF: 5.105

2004-01-01

Computers & Security

Abstract:Apart from user identification and key distribution, it is very useful for the login process to achieve user anonymity. Recently, Wu and Hsu proposed an efficient user identification scheme with key distribution while preserving user anonymity by extending an earlier work of Lee and Chang. We however find out that the Wu and Hsu scheme has a serious weakness, which can be exploited by the service provider to learn the secret token of the user who requests services from the service provider. We further propose a scheme to overcome this limitation while attaining the same set of objectives as the previous works. Performance analyses have shown that efficiency in terms of both computation and communication is not sacrificed in our scheme.

Kim-Phuong L. Vu,Robert W. Proctor,Abhilasha Bhargav-Spantzel,Bik-Lam Tai,Joshua Cook,E. Eugene Schultz,Bik-Lam (Belin) Tai

DOI: https://doi.org/10.1016/j.ijhcs.2007.03.007

2007-08-01

Abstract:Personal information and organizational information need to be protected, which requires that only authorized users gain access to the information. The most commonly used method for authenticating users who attempt to access such information is through the use of username–password combinations. However, this is a weak method of authentication because users tend to generate passwords that are easy to remember but also easy to crack. Proactive password checking, for which passwords must satisfy certain criteria, is one method for improving the security of user-generated passwords. The present study evaluated the time and number of attempts needed to generate unique passwords satisfying different restrictions for multiple accounts, as well as the login time and accuracy for recalling those passwords. Imposing password restrictions alone did not necessarily lead to more secure passwords. However, the use of a technique for which the first letter of each word of a sentence was used coupled with a requirement to insert a special character and digit yielded more secure passwords that were more memorable.

computer science, cybernetics,ergonomics,psychology, multidisciplinary

Wang Yi,Wang Lixing,Zhang Lei,Han Weili

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.12.087

2009-01-01

Abstract:This paper provides a novel approach for password management through the smart phone with bluetooth.It brings users high efficiency along with security as general password management has,and avoids unsafe factors which would be a big issue of normal password management tool due to being installed on vulnerable PC.The approach discussed here also provides authentication for web-based login applications which ensures the password will be inputted precisely on legitimate websites while login so as to effectively cope with common phishing attacks.

Gloriya Mathew,Shiney Thomas

DOI: https://doi.org/10.48550/arXiv.1311.4037

2013-11-16

Abstract:User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authentication is Graphical User Authentication based on the fact that humans tends to remember images better than text. Graphical password authentication systems provide passwords which are easy to be created and remembered by the user. However, the main issues of simple graphical password techniques are shoulder surfing attack and image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable or usable but not secure. In this paper, a new technique that uses cued click point graphical password method along with the one-time session key is proposed. The goal is to propose a new authentication mechanism using graphical password to achieve higher security and better usability levels. The result of the system testing is evaluated and it reveals that the proposed system ensures security and usability to a great extent.

Cryptography and Security

BT Hsieh,HM Sun,T Hwang

DOI: https://doi.org/10.15388/informatica.2003.014

2003-01-01

Informatica

Abstract:In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password provides convenience without needing any auxiliary devices, such as smart card. A user authentication protocol via username and password should basically withstand the off-line password guessing attack, the stolen verifier attack, and the DoS attack. Recently, Peyravian and Zunic proposed one password transmission protocol and one password change protocol. Later, Tseng et al. (2001) pointed out that Peyravian and Zunic's protocols can not withstand the off-line password guessing attack, and therefore proposed an improved protocol to defeat the attack. Independently, Hwang and Yeh also showed that Peyravian and Zunic's protocols suffer from some secury flaws, and an improved protocol was also presented. In this paper, we show that both Peyravian and Zunic's protocols and Tseng et al.'s improved protocol are insecure against the stolen verifier attack. Moreover, we show that all Peyravian and Zunic's, Tseng et al.'s, and Hwang and Yeh's protocols are insecure against DoS attack.

QIAN Min,CHEN Xiangning

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.05.048

2007-01-01

Abstract:USB device functions only when a communication channel is set up between the USB device and its host after the completion of host-device recognition.A USB device can be used as a USB identity token.When it is used as an identity token in an network identity authentication system,a USB token requires more security than normal USB device.An improved USB token recognition scheme is proposed using a manufacturer authentication protocol.It upgrades the security level of the token identification by adding authentication procedures to the normal USB device recognition.

Qingshuang Han,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/cis.2016.0144

2016-01-01

Abstract:With the development of Public Key Infrastructure (PKI) information technology, USB Key are being more and more used. When the Side Channel Attacks (SCA) caused a huge threat to the smart card, we also concerned about the impact which will be given on USB Key's security. Because of the different implementation and interface protocols, the side channel security characteristics between them are different in collecting the information of side channel. This paper proposes a method for acquiring power trace of USB Key. The method is a kind of driving design, which involves three aspects: Bus driver, card Reader driver and USB Key device driver. In order to confirm the design, we collected power trace from four kinds of USB Key, then the SCA performed to prove that the information we collected can be used. Some specific experimental results will be demonstrated in this paper.