Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

Password System Enhancing the Security agains

타인의 관찰에서 안전한 패스워드 시스템

  • 박종민 (조선대학교 컴퓨터공학과) ;
  • 김용훈 (조선대학교 컴퓨터공학과) ;
  • 조범준 (조선대학교 컴퓨터공학과)
  • Published : 2004.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, the new password system called SPS(Secure Password System) in order to enhance the security of the system as well as to improve the weakness of the password which is very easy to be disclosed by other people, improving the methods which is identifying the users' legality using the computer system in the multi-users computer. SPS is adopting several strong points such as Easy Embodiment, Low Cost, and most of the good points of the traditional password system. In addition, it makes an easy introduction from the traditional password system. Above SPS has the high stable security in the practical experiments about both the literal attack of the online intruders and the exposure of Clients' password.

본 논문에서는 다중 사용자가 컴퓨터 시스템을 이용하려는 사용자의 적법성을 확인하는 방법을 개선하기 위하여 타인의 관찰로부터 노출되기 쉬운 패스워드의 약점들을 보안하고, 시스템의 안전성을 높이기 위한 SPS(Secure Password System)라는 패스워드 시스템을 제안하였다. SPS는 쉬운 구현과 낮은 비용을 포함한 전통적 패스워드 시스템의 대부분의 이점들을 받아들였고, 또한 전통적 패스워드 시스템에 쉽게 이식될 수 있다. 제안한 SPS는 실험 결과 침입자의 온라인 사전적 공격과, 클라이언트에서의 패스워드 노출에 대해 높은 안전성을 보였다

Keywords

References

  1. D. C. Feldmeier and P. R. Karn, 'UNIX Password Security-ten years later,' Advances in Cryptology-CRYPTO '89,LNCS 435, pp.44-63, 1990
  2. D. V. Klein, 'Foiling the cracker: a survey of, and improvements to, password security,' Proceedings of the 2nd USENIX UNIX Security Workshop, pp. 5-14, 1990
  3. G. Denker and J. Millen, 'CAPSL Integrated Protocol Environment' In DARPA Information Survivability Conference (DISCEX 2000), pp207-221, IEEE Computer Society, 2000
  4. L. Gong, 'A Security Risk of Depending on Synchronized Clocks', ACM Operating Systems Review, Vo1.26, No.l, January, pp.49-53, 1992 https://doi.org/10.1145/130704.130709
  5. Li Gong. Variations on the Themes of Message Freshness and Replay or, the Difficulty of Devising Formal Methods to Analyze Cryptographic Protocols, In Proceedings of the Computer Security Foundations Workshop VI, pages 131-136. IEEE Computer Society Press, LosAlamitos, California, 1993
  6. V. Boyko, P. MacKenzie, and S.Patel. Provably Secure Password Authenticated Key Exchange Using Diffie Hellman. Eurocrypt 2000 https://doi.org/10.1007/3-540-45539-6
  7. D. Jablon. Strong password-only authenticated key exchange, Computer Communication Review, 26(5):5-26, October 1996 https://doi.org/10.1145/242896.242897
  8. Neil Haller. The s/key(tm) one-time password system, In Proceedings of the 1994 Symposium on Network and Distributed System Security, pages 151-157, February 1994
  9. Neil Haller. The s/key(tm) one-time password system, Symposium on Network and Distributed System Security, pages 151-157, february 1994