地圖密碼：一種以地圖為基礎的實用圖形密碼驗証

Chun-Hsun FanChiang; 范姜俊勛

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/41169

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	雷欽隆(Chin-Laung Lei)
dc.contributor.author	Chun-Hsun FanChiang	en
dc.contributor.author	范姜俊勛	zh_TW
dc.date.accessioned	2021-06-14T17:21:21Z	-
dc.date.available	2013-08-05
dc.date.copyright	2008-08-05
dc.date.issued	2008
dc.date.submitted	2008-07-24
dc.identifier.citation	1. Klein, D. “Foiling the cracker: A survey of, and improvements to, password security.” In Proceedings of the 2nd USENIX Security Symposium, 1990. 2. Van Oorschot, P. C. and Thorpe, J. “On predictive models and user-drawn graphical passwords. ACM Trans. Inform. Syst. Secur. 10, 4, Article 17, Jan. 2008. 3. Blonder, G. E. “Graphical passwords” United States Patent 5559961, 1996. 4. Suo, X., Zhu, Y., and Owen, G. S. “Graphical passwords: A survey.” In 21st Annual Computer Security Applications Conference(ACSAC) (Dec.5-9), 2005. 5. Jermyn, I., Mayer, A., Monrose, F., Reiter, M., and Rubin, A. “The design and analysis of graphical passwords.” In 8th USENIX Security Symposium, 1999. 6. Syukri, A. F., Okamoto, E. and Mambo, M. “A User Identification System Using System Using Signature Written with Mouse”, in 3rd Australasian Conference on Information Security and Privacy (ACISP): Springer-Verlag Lecture Notes in Computer Sience (1438), pp. 403-441, 1998. 7. Goldberg, J., Hagman, J., and Sazawal, V. “ Doodling our way to better authentication.” In Conference on Human Factor and Computing Systems (April 20-25). ACM Press, New York.868-869. CHI’ 02 extended abstracts on Human Factors in Computer Systems, 2002. 8. Tao, H. “Pass-Go, a New Graphical Password Scheme.” M. S. thesis, School of Information Technology and Engineering, University of Ottawa, Canada, 2006. 9. Real User Corporation. “About passfaces.” http://www.passfaces.com/, site accessed April 22, 2008. 10. Davis, D., Monrose, F., and Reiter, M. “On user choice in graphical password scheme.” In 13th USENIX Security Symposium, 2004. 11. Dhamija, R., 2000. “Hash visualization in user authentication.” In Proceedings of CHI 2000. ACM Press, New York, pp.279-280, 2000. 12. Dhamija, R. and Perrig, A. “ Deja Vu: A user study using images for authentication.” In 9th USENIX Security Symposium, 2000. 13. Perrig, A. and Song D. “Hash visualization: A new technique to improve real-world security.” In International Workshop on Cryptography Techniques and E-Commerce. 131-138, 1999. 14. Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., and Memon, N. “PassPoints: Design and longitudinal evaluation of a graphical password system.” International J. of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security) 63, 102-127, 2005. 15. Nali, D. and Thorpe, J. “Analyzing user choice in Graphical passwords.” Tech Report TR-04-01, School of Computer Science, Carleton University, Canada, 2004. 16. Thorpe, J. and Van Oorschot, P. “On the Security of Graphical Password Schemes (Extended Version).” Tech Report TR-05-11, School of Computer Science, Carleton University, Canada, http://www.scs.carleton.ca/research/tech_repots/2005 /download/TR-05-11.pdf. 17. Thorpe, J. and Van Oorschot, P. “Graphical dictionaries and the memorable space of graphical passwords.” In 13th USENIX Security Symposium, 2004a (Aug.9-13). 18. Thorpe, J. and Van Oorschot, P. “Towards secure design choices for implementing graphical passwords.” In 20th Annual Computer Security Applications Conference(ACSAC2004) (Dec.6-10), IEEE, Los Alamitos CA., 2004b. 19. Tyler, C. “Human symmetry perception.” In Human Symmetry Perception and Its Computational Analysis, C. Tyler, Ed. VSP, The Netherlands. 3-22, 1996. 20. Wagemans, J. “Detection of Visual Symmetries.” In Human Symmetry Perception and its Computational Analysis, C. Tyler, Ed. VSP, The Netherlands. 25-48, 1996. 21. Birget, J. C., Hong, D., and Memon, N. “Graphical passwords based on robust discretization.” IEEE Transactions on Information Forensics and Security 1, 3, 395-399, Sept. 2003. 22. Halderman, J. A., Waters B., and Felten, E. W. “A convenient method for securely managing passwords.” In Proceedings of the 14th International World Wide Web Conference. ACM Press, New York. 471-479, 2005. 23. Jansen, W., Gavrilla, S., Korolev, V., Ayers, R., and R. S. “Picture password: A visual login technique for mobile devices.” NIST Report – NISTIR7030, 2003. 24. Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. “Handbook of applied cryptography.” CRC Press , Boca Raton, FL. 290-291. Note 8.8., 1996. 25. Pinkas, B. and Sander, T. “ Securing passwords against dictionary attacks .” In 9th ACM Conference on Computer and Communications Security, ACM Press, 161-170, 2002. 26. Provos, N. and Mazieres, D. “A future-adaptable password scheme.” In Proceedings of the USENIX Annual Technical Conference, 1999. 27. Stubblebine, S., and Van Oorschot, P. “Addressing online dictionary attacks with login histories and humans-in-the–loop.” In Financial Cryptography '04. Springer-Verlag LNCS (to appear), 2004. 28. Van Oorschot, P. C. and Stubblebine, S. “On countering online dictionary attacks with login histories and humans-in-the–loop.” ACM TISSEC 9, 3 (Aug.), 235-258, 2006.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/41169	-
dc.description.abstract	近年來，許多圖形密碼機制被提出用來克服文字密碼的缺點。然而，先前的一些研究對於圖形密碼的分類並不一致。因此我們根據使用者輸入的動作來對這些圖形密碼作分類，其中包括點選與繪畫。這篇論文提出了一個新概念，藉由把原本空白的背景設置為地圖的方式，來結合以上兩種圖形密碼機制。所以，為了驗証使用地圖的優勢，我們將蒐集來的幾份圖片分成兩組，一組只含有地圖，另一組則為非地圖類別。實驗結果顯示，使用地圖類別所產生的大多數密碼都能有效抵抗現存的圖形字典攻擊。另外，地圖類別使用者比非地圖類別使用者在登入時耗費更少的時間並且擁有更高的成功率。由此可知，我們所提出的機制的確比先前的機制更有效地提升安全性以及可用性。	zh_TW
dc.description.abstract	In recent years, several graphical password schemes are proposed to overcome the drawbacks of text-based passwords. However, the classification of these schemes is not consistent in prior studies. Thus, we classify the existing schemes according to the events of input passwords, clicking and drawing. This thesis also provides a concept of combining the two types of graphical password schemes. We adopt maps as background pictures and conduct a user study to verify the superiority of using maps. We collected several images that are divided into two groups which contain maps and non-maps respectively. The results show that most passwords produced by maps are able to resist the present graphical dictionary attacks. Furthermore, the participants spent less time and had higher success rate to login when using maps. Based on the facts mentioned above, our scheme offers stronger security and better usability than those of the prior scheme indeed.	en
dc.description.provenance	Made available in DSpace on 2021-06-14T17:21:21Z (GMT). No. of bitstreams: 1 ntu-97-R95944031-1.pdf: 1949484 bytes, checksum: 5198038ed88b4cb41635644c484c3950 (MD5) Previous issue date: 2008	en
dc.description.tableofcontents	Chapter 1 Introduction 1 1.1 Research Background 1 1.2 Thesis Contribution 2 1.3 Thesis Organization 4 Chapter 2 Related Work 5 2.1 History 5 2.2 Classification of Graphical Password Schemes 6 2.2.1 Draw-Based Schemes 6 2.2.2 Click-Based Schemes 10 Chapter 3 Design and Analysis of Pass-Maps 15 3.1 Motivation 15 3.2 Review of DAS 17 3.2.1 DAS Encoding 17 3.2.2 Password Space of DAS 18 3.2.3 Prior Studies of DAS 21 3.3 Design of Pass-Maps 27 3.3.1 Adding a Background 27 3.3.2 Adjustable Size of Grids 28 3.3.3 System Description 28 3.3.4 Encoding 30 3.4 Shoulder-Surfing Prevention 31 Chapter 4 Methodology 32 4.1 Objective 32 4.2 Experiment Design 32 4.3 Participants 33 4.4 Procedure 33 Chapter 5 User Study Analysis 34 5.1 Security Analysis 34 5.1.1 Results of Password Length 34 5.1.2 Probability of Symmetry 36 5.1.3 Trend of Selecting Grid Dimension 38 5.1.4 Similarity of User Input 38 5.2 Usability Analysis 40 5.2.1 Time to Login 40 5.2.2 Ultra Success Rate 41 Chapter 6 Conclusions 42 Chapter 7 Future Work 43
dc.language.iso	en
dc.title	地圖密碼：一種以地圖為基礎的實用圖形密碼驗証	zh_TW
dc.title	Pass-Maps:A Usable Map-Based Scheme of Graphical Password	en
dc.type	Thesis
dc.date.schoolyear	96-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	劉立(Li Liu),陳英一(Ing-Yi Chen),黃秋煌(Chiu-Huang Huang)
dc.subject.keyword	圖形密碼,字典攻擊,安全性,可用性,	zh_TW
dc.subject.keyword	graphical password,dictionary attack,security,usability,	en
dc.relation.page	47
dc.rights.note	有償授權
dc.date.accepted	2008-07-26
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊網路與多媒體研究所	zh_TW
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
ntu-97-1.pdf 目前未授權公開取用	1.9 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。