共查询到20条相似文献,搜索用时 15 毫秒
1.
Lip Yee Por Chin Soon Ku Amanul Islam Tan Fong Ang 《Frontiers of Computer Science》2017,11(6):1098-1108
In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity required to derive password-images is proposed. In the proposed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each challenge set for three consecutive sets.While this activity is simple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowledge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the proposed method, the scenario information used in each challenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks. 相似文献
2.
3.
《Journal of Network and Computer Applications》2012,35(4):1235-1248
Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication channel. Until now, there have been ample of remote user authentication schemes published in the literature and each published scheme has its own merits and demerits. A common feature among most of the published schemes is that the user's identity (ID) is static in all the transaction sessions, which may leak some information about that user and can create risk of identity theft during the message transmission. To overcome this risk, many researchers have proposed dynamic ID based remote user authentication schemes. In this paper, we have defined all the security requirements and all the goals an ideal password authentication scheme should satisfy and achieve. We have presented the results of our survey through six of the currently available dynamic ID based remote user authentication schemes. All the schemes are vulnerable to guessing attack except Khan et al.'s scheme, and do not meet the goals such as session key agreement, secret key forward secrecy. In the future, we hope an ideal dynamic ID based password authentication scheme, which meets all the security requirements and achieves all the goals can be developed. 相似文献
4.
Fanbao Liu Yi Liu Tao Xie Dengguo Feng Yumeng Feng 《Journal of Intelligent Manufacturing》2014,25(2):251-261
In this paper, we improve the password recovery attack to Authentication Post Office Protocol (APOP) from two aspects. First, we propose new tunnels to control more fixed bits of MD5 collision, hence, we can recover passwords with more characters, for example, as long as 43 characters can be recovered practically. Second, we propose a group satisfaction scheme, apply divide-and-conquer strategy and a new suitable MD5 collision attack, to greatly reduce the computational complexity in collision searching with high number of chosen bits. We propose a fast password recovery attack to application APOP in local that can recover a password with 11 characters in >1 min, recover a password with 31 characters extremely fast, about 6 min, and for 43 characters in practical time. These attacks truly simulate the practical password recovery attacks launched by malware in real life, and further confirm that the security of APOP is totally broken. 相似文献
5.
User authentication is highly necessary technology in a variety of services. Many researchers have proposed a two-factor authentication scheme using certificate and OTP, smartcard and password, and so on. Two-factor authentication requires an additional factor rather than one-factor authentication. Therefore, loss or exposure can occur, since users always must carry and manage the additional device or factor. For this reason, biometric authentication, used in many services, needs a verification method of the user without an additional factor. Fingerprinting is widely used in service due to excellent recognition, low cost device, and less user-hostile. However, fingerprint recognition always uses the same fingerprint template, due to the inalterability. This causes a problem of reusable fingerprint by a malicious attacker. Therefore, we proposed a secure two-factor user authentication system using fingerprint information and password to solve the existing two-factor problem. The proposed scheme is secure against reuse of a fingerprint. It does not need an extra device, so efficiency and accessibility are improved. 相似文献
6.
Anoosha Prathapani Lakshmi Santhanam Dharma P. Agrawal 《The Journal of supercomputing》2013,64(3):777-804
A Wireless Mesh Network (WMN) is a promising way of providing low-cost broadband Internet access. The underlying routing protocol naively assumes that all the nodes in the network are non-malicious. The open architecture of WMN, multi-hop nature of communication, different management styles, and wireless communication paves way to malicious attackers. The attackers can exploit hidden loopholes in the multipath mesh routing protocol to have a suction attack called the blackhole attack. The attacker can falsify routing metrics such as the shortest transmission time to reach any destination and thereby suck the network traffic. We propose a novel strategy by employing mobile honeypot agents that utilize their topological knowledge and detect such spurious route advertisements. They are deployed as roaming software agents that tour the network and lure attackers by sending route request advertisements. We collect valuable information on attacker’s strategy from the intrusion logs gathered at a given honeypot. We finally evaluate the effectiveness of the proposed architecture using simulation in ns-2. 相似文献
7.
动态口令用户认证机制是当前身份认证技术发展的一个重要方面,在分析了SAS-2和2GS两种动态口令用户认证协议的基础上,提出了一种更安全的动态口令用户认证协议。该协议不仅能有效地抵御SAS-2协议不能抵御盗取验证因子的攻击,而且纠正了2GS协议不能实现双向认证和抵御拒绝服务攻击的缺陷,有效地保护了用户的信息,提高了网络安全。 相似文献
8.
Li Xiaoxue Cao Yanan Li Qian Shang Yanmin Li Yangxi Liu Yanbing Xu Guandong 《World Wide Web》2021,24(1):85-103
World Wide Web - User identity linkage is a task of recognizing the identities of the same user across different social networks (SN). Previous works tackle this problem via estimating the pairwise... 相似文献
9.
目前对于智慧校园中的家校沟通,缺乏一种衡量和参考的方法。针对智慧校园中特有的聊天特点即存在明显的身份特征,提出了一种基于用户身份特征的多标签分类算法——Adaboost.ML。首先,新增加了启发式规则;然后,引入Adaboost.MH算法,同时摒弃了把数据集进行分片的概念;最后,直接利用单条数据作为分析的焦点,减少了由于时间片边缘带来的误差和推断时间,综合决策出聊天用户之间的关联关系。实验结果表明,与基于规则的启发式方法相比,所提算法在智慧校园数据集上的误报率、漏报率分别降低了53%、66%,同时在微信数据集上也具有良好的分类效果。该算法已应用到智慧校园项目中,能够迅速并准确地了解到家校沟通的情况。 相似文献
10.
11.
Cognitive radio is an effective technology to alleviate the spectrum resource scarcity problem by opportunistically allocating the spare spectrum to unauthorized users. However, a serious denial-of-service (DoS) attack, named the ‘primary user emulation attack (PUEA)’, exists in the network to deteriorate the system performance. In this paper, we propose a PUEA detection method that exploits the radio channel information to detect the PUEA in the cognitive radio network. In the proposed method, the uniqueness of the channel impulse response (CIR) between the secondary user (SU) and the signal source is used to determine whether the received signal is transmitted by the primary user (PU) or the primary user emulator (PUE). The closed-form expressions for the false-alarm probability and the detection probability of the proposed PUEA detection method are derived. In addition, a modified subspace-based blind channel estimation method is presented to estimate the CIR, in order for the proposed PUEA detection method to work in the scenario where the SU has no prior knowledge about the structure and content of the PU signal. Numerical results show that the proposed PUEA detection method performs well although the difference in channel characteristics between the PU and PUE is small. 相似文献
12.
International Journal of Information Security - While other authentication methods exist, passwords are still the dominant way for user authentication and system security. Over the years, passwords... 相似文献
13.
14.
口令认证一直是最主要的身份认证方式。考虑到口令要满足口令策略和易记忆的要求,用户常常会将个人信息组合起来作为口令。因此,为了调查此类口令的比例,以2011年泄露的四种真实口令集为实验素材,预先设定口令的组合结构和格式,使用程序统计使用个人信息组合作为口令的比例。实验结果表明,使用姓名、电话号码、特殊日期等信息组合而成的口令比例为12.41%~25.53%。根据这一规律,提出了动态字典攻击。攻击者可以在获得用户部分个人信息后,生成具有针对性的动态字词典,并以此来破解用户口令。最后,还讨论了如何选择口令以防止攻击者通过动态字典破解用户口令。 相似文献
15.
Recently, Wang et al. showed that two new verifier-free remote user password authentication schemes, Ku-Chen's scheme and Yoon et al.'s scheme, are vulnerable to an off-line password guessing attack, a forgery attack, and a denial-of-service attack, and then proposed an improved scheme for the real application in resource-limited environments. Unfortunately, we find that Wang et al.'s scheme is still vulnerable to an impersonation attack and an off-line password guessing attack. In addition, Wang et al.'s scheme is not easily reparable and is unable to provide perfect forward secrecy. Finally, we propose an improved scheme with better security strength. 相似文献
16.
Salehifar Hananeh Bayat Peyman Majd Mojtaba Amiri 《Multimedia Tools and Applications》2019,78(12):16861-16885
Multimedia Tools and Applications - Authentication systems in which eye is used for entering the password are categorized into two gaze-based and gesture-based groups. In the accurate... 相似文献
17.
User authentication such as password setting has become increasingly important for the secure management of the information stored in mobile devices. However, in the password authentication schemes used in mobile devices, enhancing security reduces their usability, and passwords become hard to memorize. In addition, enhancing their usability makes them vulnerable to shoulder-surfing or recording attacks involving stealing a glance at the authentication process through the system interface. In this paper, we propose a password authentication scheme that uses a virtual scroll wheel, called WheelLock, to ensure appropriate usability and prevent brute force, shoulder-surfing, and recording attacks. 相似文献
18.
《Behaviour & Information Technology》2012,31(6):342-357
Abstract This article explores the use of psycholinguistics in attempting to comprehend user behaviour. It aims at getting an idea of what cognitive processes underlie the generation and interpretation of interactions with computers. The key claim of the article is that the cognitive processes underlying artificial language processing in human-computer interaction are analogous lo the ones underlying natural language processing in inter-human communication. The article presents a tentative model of the user's cognitive processes. The model generates interesting hypotheses and provides possible explanations of interaction phenomena. 相似文献
19.
The Web is becoming a global market place, where the same services and products are offered by different providers. When obtaining a service, consumers have to select one provider among many alternatives to receive a service or buy a product. In real life, when obtaining a service, many consumers depend on the user reviews. User reviews—presumably written by other consumers—provide details on the consumers’ experiences and thus are more informative than ratings. The down side is that such user reviews are written in natural language, making it extremely difficult to be interpreted by computers. Therefore, current technologies do not allow automation of user reviews and require too much human effort for tasks such as writing and reading reviews for the providers, aggregating existing information, and finally choosing among the possible candidates. In this paper, we represent consumers’ reviews as machine processable structures using ontologies and develop a layered multiagent framework to enable consumers to find satisfactory service providers for their needs automatically. The framework can still function successfully when consumers evolve their language and when deceptive reviewers enter the system. We show the flexibility of the framework by employing different algorithms for various tasks and evaluate them for different circumstances. 相似文献
20.
《Computer Communications》2007,30(1):52-54
Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (2006) 660–667] have proposed two set of protocols to perform remote user authentication and password change in a secure manner. The first set of protocols is based on hash functions, where no symmetric or asymmetric encryption scheme is applied. As Peyravian and Jeffries claim, these protocols suffer from an off-line password-guessing attack. They propose a second set of protocols based on Diffie–Hellman key agreement scheme to overcome the mentioned weakness. However, we show in this paper that this second set of protocols suffers also from the off-line password-guessing attack when a server impersonation attack is performed. 相似文献