口令重用行为与多维口令体系研究

Research on Password Reuse Behavior and Multidimensional Password System

下载PDF

导出

摘要互联网的迅速发展与网络服务的高度分散,促使广大网民不断注册更多的账户,并导致口令重用行为普遍化,使得用户信息面临泄露的风险。为此,基于2011年底互联网泄密门数据和大学生在线调查数据,分析了网民口令的结构特征和重用行为,并由此设计融入信息维度和分级管理思想的多维口令体系。该体系以根口令-重用码结构为基础,内容维包含多个独立的信息因子,构成口令的可记忆性主体;形式维负责形式变换,以提升口令的复杂性和安全性;时空维用于保障口令的时效性和重用性。对比量化分析结果表明,该口令体系具备良好的记忆性和便捷性,能有效抵御暴力攻击和熟人攻击。 The rapid development of the Internet and highly decentralized network services prompts the majority of Internet users to register more accounts,and causes a high incidence of password reuse,which makes the user information leakage risks facing the domino-style. Based on the data of Internet password leak door at the end of 2011 as well as the college students online survey,this paper analyzes the structural characteristics and reuse behavior of netizen passwords in detail,and thus designs a multidimensional password system which infuses into the information dimensions and classified management. This system,based on the structure of＆quot;seed-reuse code＆quot;,includes three dimensions：the content dimension contains multi-independent＆quot;information factor＆quot;,which constitutes the main part of the password,the formal dimension is responsible for conversion formatting,in order to enhance the complexity and security of the password,and space-time dimension is targeted designed to protect the password timeliness and reusability. Through comparative analysis and quantitative analysis,the password system not only has good memorability and convenience,but also can effectively resist the violent attacks and acquaintances attacks.

作者杨城赵奇康立

机构地区中国支付体系研究中心西南财经大学经济信息工程学院

出处《计算机工程》 CAS CSCD 2014年第12期114-120,125,共8页 Computer Engineering

基金国家自然科学基金资助重大项目(91218301) 国家社会科学基金资助项目(11AZD077) 中央高校基本科研业务费专项基金资助项目(JBK130503 JBK120505)

关键词口令安全口令重用根口令重用码多维口令体系 password security password reuse seed password reuse code multidimensional password system

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献16

1de Rodrigo L G,Carlos A L,Atman A,et al.Biometric Identification Systems[J].Signal Processing,2003,83(12):2539-2557.
2Halderman J A,Waters B,Felten E W.A Convenient Method for Securely Managing Passwords[C]//Proceedings of the14th International Conference on World Wide Web.[S.1.]:ACM Press,2005:471-479.
3Shirley G,Edword W F.Password Management Strategies for Online Accounts[C]//Proceedings of the2nd Symposium on Usable Privacy and Security.[S.1.]:ACM Press,2006:44-55.
4Pinkas B,Sander T.Securing Passwords Against Dictionary Attacks[C]//Proceedings of the9th ACM Conference on Computer and Communications Security.[S.1.]:ACM Press,2002:161-170.
5中国互联网信息中心.第28次中国互联网发展状况统计报告[EB/OL].http://www.cnnic.net.cn.
6Zhang J,Luo X,Akkaladevi S,et al.Improving Multiplepassword Recall:An Empirical Study[J].European Journal of Information Systems,2009,18(2):165-176.
7Notoatmodjo G,Thomborson C.Passwords and Perceptions[C]//Proceedings of the7th Australasian Conference on Information Security.[S.1.]:Australian Computer Society,Inc.,2009:71-78.
8Devi S M,Geetha M.OPass:Attractive Presentation of User Authentication Protocol with Resist to Password Reuse Attacks[J].International Journal of Computer Science and Mobile Computing,2013,8(2):174-180.
9Ives B,Walsh K R,Schneider H.The Domino Effect of Password Reuse[J].Communications of the ACM,2004,47(4):75-78.
10Schneier B.Schneier on Security[M].[S.1.]:Wiley,2006.

1李茂春,王和顺.JAVA WEB系统用MD5算法加密用户口令[J].电脑与信息技术,2010,18(5):38-39. 被引量：4
2王锋,张新建.基于虚拟用户管理的数据库安全策略设计[J].网络安全技术与应用,2012(7):12-15. 被引量：1
3历亚韬.让你的口令更安全[J].电子与电脑,2002(5):124-124.
4姚雷.利用动态链接库DLL加强Oracle数据库用户口令的安全[J].电脑编程技巧与维护,2003(3):82-84.
5靳慧云.网络系统中的口令安全[J].中国人民公安大学学报（自然科学版）,2002,8(1):51-53. 被引量：1
6凌晓峰.计算机网络中的口令安全[J].微型机与应用,2000,19(10):35-36. 被引量：4
7关闭不安全的接口服务[J].网管员世界,2008(8):86-87.
8陈怀青.UNIX系统的安全策略[J].南平师专学报,2001,20(4):88-90.
9王义学,彭小宁.网络“黑客”及其防范策略[J].怀化师专学报,2000,19(5):35-37. 被引量：1
10终端用户需要注意的五大安全事项[J].计算机与网络,2008,0(9):37-37.

计算机工程

2014年第12期

浏览历史

内容加载中请稍等...

口令重用行为与多维口令体系研究

参考文献16

相关作者

相关机构

相关主题

浏览历史