請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37778
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 鄭士康(Shyh-Kang Jeng) | |
dc.contributor.author | Wen-Feng Yang | en |
dc.contributor.author | 楊文鋒 | zh_TW |
dc.date.accessioned | 2021-06-13T15:43:21Z | - |
dc.date.available | 2008-07-09 | |
dc.date.copyright | 2008-07-09 | |
dc.date.issued | 2008 | |
dc.date.submitted | 2008-07-03 | |
dc.identifier.citation | [1] 張國財, “使用圖形化通行碼之使用者身份認證設計的研究”, 碩士論文, 輔仁大學資訊工程學系, June 2006
[2] X. Y. Suo, Y. Zhu, and G. S. Owen, “Graphical Passwords: A Survey,” Journal, Publisher, Department of Computer Science, Georgia State University, Date. [3] L. Sobrado and J. C. Birget, “Graphical passwords”, Department of Computer Science, Rutgers University, Camden New Jersey 08102, 2002 [4] K. Renaud, and E. S. Olsen, “DynaHand: Observation-resistant recognition-based web authentication”, Univ. of Glasgow, Technology and Society Magazine, IEEE, Volume: 26, Issue: 2, Summer 2007 [5] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “Authentication using graphical passwords: effects of tolerance and image choice”, ACM International Conference Proceeding Series; Vol. 93, Proceedings of the 2005 symposium on Usable privacy and security, ACM New York, NY, USA, 2005 [6] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “Authentication Using Graphical Passwords: Basic Results” [7] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, 'PassPoints: Design and longitudinal evaluation of a graphical password system,' International Journal of Human Computer Studies. [8] D. Weinshall and S. Kirkpatrick, “Passwords you’ll never forget, but can’t recall”, ACM 1-58113-703-6/04/0004. [9] L. P. Heck, “Voice authentication system having cognitive recall mechanism for password verification”, United States Patent 6671672, US Patent Issued on December 30, 2003 [10] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, 'The Design and Analysis of Graphical Passwords,' in Proceedings of the 8th USENIX Security Symposium, 1999. [11] L. Sobrado and J.-C. Birget, 'Graphical passwords,' The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4, 2002. [12] S. Man, D. Hong, and M. Mathews, 'A shouldersurfing resistant graphical password scheme,' in Proceedings of International conference on security and management. Las Vegas, NV, 2003. [13] R. Dhamija and A. Perrig, 'Deja Vu: A User Study Using Images for Authentication,' in Proceedings of 9th USENIX Security Symposium, 2000 [14] D. Nali and J. Thorpey, “Analyzing User Choice in Graphical Passwords”, May 27, 2004. [15] K. Chalkias, A. Alexiadis, and G. Stephanides, “A Multi-Grid Graphical Password Scheme”, Dept. of Applied Informatics, Macedonia University, 156 Egnatia str., 540 06 Thessaloniki, Greece. [16] B. Malek, M. Orozco, and A. E. Saddik, “Novel Shoulder-Surfing Resistant Haptic-based Graphical Password”, Multimedia Communications Research Laboratory (MCRLAB), School of Information Technology and Engineering (SITE), University of Ottawa, ON, Canada. [17] Z. Li, Q. Sun, Y. Lian, and D. D. Giusto, “An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack”, Multimedia and Expo, 2005. ICME 2005. IEEE International Conference, 6-8 July 2005. [18] S. Akula and V. Devisetty, 'Image Based Registration and Authentication System,' in Proceedings of Midwest Instruction and Computing Symposium, 2004. [19] X. Y. Suo, “A Design and Analysis of Graphical Password”, A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in the College of Arts and Sciences, Georgia State University, 2006. [20] G. E. Blonder, 'Graphical passwords,' in Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States, 1996. [21] J. Thorpe and P.C. v. Oorschot, “Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords”, appear in the Proceedings of the 16th USENIX Security Symposium, Boston, USA, August 6-10, 2007. cUSENIX. [22] A. E. Dirik, N. Memon, and J. C. Birget, “Modeling user choice in the PassPoints graphical password scheme”, Symposium On Usable Privacy and Security (SOUPS) 2007, July 18-20, 2007, Pittsburgh, PA, USA. [23] H. Y. Zhao and X. L. Li, “S3PAS:A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme”, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) [24] J. C. Birget, D. Hong, and N. Memon, “Graphical passwords based on robust discretization”, Information Forensics and Security, IEEE Transactions, Sept. 2006. [25] L. D. Paulson, 'Taking a Graphical Approach to the Password,' Computer, vol. 35, pp. 19, 2002. [26] A. Kerckhoffs, 'La cryptographie militaire', Journal des sciences militaires, vol. IX, pp. 5–83, Jan. 1883, pp. 161–191, Feb. 1883. [27] S. Wiedenbeck, J. Waters, L. Sobrado, and J. C. Birget, “Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme”, Proceedings of the working conference on Advanced visual interfaces, ACM New York, NY, USA, 2006. [28] M. Bishop and D. V. Klein, “Improving System Security via Proactive Password Checking” [29] J. Thorpe, P.C. v. Oorschot, and A. Somayaji, “Pass-thoughts: Authenticating With Our Minds”, Digital Security Group, School of Computer Science, Carleton University, Canada, April 18, 2005 [30] J. W. Wells, “Authentication program for a computer operating system”, United States Patent 6779117, US Patent Issued on August 17, 2004 [31] Kerberos: The Network Authentication Protocol, http://www.mit.edu/~kerberos/ [32] IDCAS, http://www.idcas.com/ [33] F. Tari, A. A. Ozok, and S. H. Holden, “A Comparison of Perceived and Real Shoulder-surfing Risks between Alphanumeric and Graphical Passwords”, Symposium On Usable Privacy and Security (SOUPS) 2006, Pittsburgh, PA, USA , July 12-14, 2006. [34] M. Kumar, T. Garfinkel, and D. Boneh, T. Winograd, “Reducing Shoulder-surfing by Using Gaze-based Password Entry”, Symposium On Usable Privacy and Security (SOUPS) 2007, Pittsburgh, PA, USA. 2, July 18-20, 2007 [35] T. TAKADA, “fakePointer: A User Authentication Scheme that makes Peeping Attack with a Video Camera hard”, submitted to Annual Computer Security Applications Conference 2007(ACSAC23) for Works in Progress(WiP) session. [36] M. N. Wegman and J. L. Carter, “Universal classes of hash functions”, Journal of Computer and System Sciences, 18:143-154, 1979. [37] M. N. Wegman and J. L. Carter, “New hash functions and their use in authentication and set equality”, Journal of Computer and System Sciences, 22:265-279, 1981. [38] J. Katz and Y. Lindell, Introduction to Modern Cryptography, Chapman & Hall/CRC Press, August 2007. [39] W. Mao, Modern Cryptography: Theory and Practice, Prentice Hall, July 25, 2003. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37778 | - |
dc.description.abstract | 從1990年末開始有人開始思考文字通行碼(Textual Password)之外的替代方法,以彌補文字通行碼的不足之處,諸如文字記錄器的側錄問題、字典檔的攻擊問題。這其中被討論最多的且最具代表性的或許就是圖形化密碼(Graphical Password),因其獨有的一些特性使被側錄的難度大幅提高,進而增加了某些方面的安全性。在此論文中,我們首先回顧現存的通行機制與什麼是肩窺(Shoulder Surfing)問題的核心本質,進而分析目前存在各式各樣可抵禦肩窺的認證機制,並比較其異同優劣之處。另外對於目前許多關於肩窺發表的文章之盲點提出了次肩窺抵禦(偽肩窺抵禦)的概念。最後提出幾套具肩窺抵禦功能的使用者可定義通行碼機制,並比較其與現存的其他方法之優劣。此篇論文中,我們也同時提出了使用者可定義通行機制的許多優勢。此篇論文所要討論的則不包含生物特徵(Biometric Based Authentication)等包含個人特定身份資訊或實體裝置(Token Based Authentication)的認證方式;而專注在知識基礎認證 (Knowledge Based Authentication) 的討論。 | zh_TW |
dc.description.abstract | From the late 1990’s, researchers have dedicated to find the alternative authentication methods for Textual Password to solve the many shortcuts in it such as the keyboard logger and dictionary attack threats. Among many of these methods, the most represented one might be graphical password. Based on some of the specific qualities of it, the security level increases. In this thesis, we first review many related authentication method now presented and what shoulder surfing problem is, analyzing them and their difference. In the awareness of nowadays misuse of the word ‘shoulder surfing resistant’, we presented ‘sub shoulder surfing resistant’ concept. In last, we present a user defined pass mechanism authentication method and compare it to the many methods now existed. We also explain what user defined pass mechanism’s advantage is. What we are going to discuss in this thesis does not contain those bio-authentication method containing person-to-person variant information. The most widely discussed and most representative method might be Graphical Password since some of its unique features make logging more difficult for mal-intention attackers. | en |
dc.description.provenance | Made available in DSpace on 2021-06-13T15:43:21Z (GMT). No. of bitstreams: 1 ntu-97-R95921041-1.pdf: 607386 bytes, checksum: 1dca9549e6330e894a19d687713318ee (MD5) Previous issue date: 2008 | en |
dc.description.tableofcontents | 口試委員會審定書 #
誌謝 i 中文摘要 ii 英文摘要 iii 目錄 iv 圖目錄 vi 表目錄 vii 第1章 緒論 1 第2章 研究背景知識 4 2.1 通行物件及通行機制 4 2.2 常見的通行機制 5 2.2.1 回想基礎(recall-based)及辨識基礎(recognition-based) 5 2.2.2 一次性通行碼概念 6 2.2.3 文字通行碼、圖形通行碼及各式改良 7 2.2.4 其他類通行機制 11 2.3 攻擊手法回顧 11 2.3.1 側錄裝置 12 2.3.2 頻率分析 12 2.3.3 暴力破解 12 2.3.4 用戶種子攻擊(Human-Seeded Attack) 13 2.4 肩窺問題的定位與肩窺抵擋的條件 13 2.4.1 肩窺問題的定位 13 2.4.2 肩窺問題的抵擋 14 2.4.3 次肩窺抵禦(偽肩窺抵禦) 16 2.4.4 幾種肩窺抵禦機制回顧 19 2.5 密碼學的相關知識 20 第3章 使用者可定義之肩窺抵禦通行碼機制 23 3.1使用者可定義通行機制概念 24 3.2替換通行碼認證系統 26 3.3 FMNS使用者自行定義通行碼認證系統 30 第4章 使用者可定義通行碼機制與傳統方法之比較 36 4.1 密碼空間大小與隨機登入機率的比較 37 4.2肩窺抵禦功能的比較 38 4.2.1 IDCAS弱點分析 39 4.2.2 Sobrado和Birget之幾何方法弱點分析 39 4.2.3 本文替換通行碼之弱點分析 40 4.2.4 FMNS使用者自行定義通行機制弱點分析 41 4.3 使用者友善度的比較 46 4.3.1 登入與設定通行碼的時間成本 47 4.3.2 通行碼的可記憶性 47 第5章 結論 50 參考文獻 51 | |
dc.language.iso | zh-TW | |
dc.title | 使用者可定義之肩窺抵禦通行機制 | zh_TW |
dc.title | User Defined Pass Mechanism with Shoulder-Surfing Resistant Functionality | en |
dc.type | Thesis | |
dc.date.schoolyear | 96-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 雷欽隆(Chin-Laung Lei),鄭振牟(Chen-Mou Cheng) | |
dc.subject.keyword | 圖形密碼,肩窺問題,身分認證,側錄問題,鍵盤記錄器,使用者可定義通行機制, | zh_TW |
dc.subject.keyword | Graphical Passwords,Shoulder Surfing Problem,Authentication,Keyboard Logger,User Defined Pass Mechanism, | en |
dc.relation.page | 55 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2008-07-04 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-97-1.pdf 目前未授權公開取用 | 593.15 kB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。