Information and Communications Magazine (정보와 통신)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

인지 및 역할 기반 사용자 인증 기법

  • Published : 2008.03.29
Download PDF
⟨ Previous Next ⟩

Abstract

높은 보안성을 요구하는 어떠한 환경에서는 인간의 기억력을 고려한다면 문자열 패스워드는 사용자의 인증을 위해서 적합하지 않을 수 있다. 이 글에서는 기존의 문자열 패스워드가 갖는 문제점을 살펴보고 이를 해결하기 위한 제시되었던, 인지(認知) 및 역할(役割) 기반의 사용자 인증 기법들에 대해서 살펴본다.

Keywords

References

  1. S. Bellovin and M. Merritt, 'Encrypted key exchange: password-based protocols secure against dictionary attacks,' In Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992
  2. T. Kwon, 'Practical Authenticated Key Agreement Using Passwords,' In Proceedings of 7th International Conference Information Security (ISC), LNCS 3225, pp. 1-12, 2004
  3. X. Suo, Y. Zhu, and G.S. Owen, 'Graphical Passwords: A Survey,' In Proceedings of 21st Annual Computer Security Applications Conference (ACSAC), pp. 463-472, 2005
  4. D. Weinshall and S. Kirpatrik, 'Passwords You'll Never Forget, but Can't Recall,' In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), pp. 1399-1402, 2004
  5. PassfacesTM, httpi//www.realuser.com
  6. T. Valentine, 'An evaluation of the Passface personal authentication system,' Technical Report, Goldsmiths College, University of London, 1998
  7. T. Valentine, 'Memory for Passfaces after a Long Delay,' Technical Report, Goldsmiths College, University of London, 1999
  8. S. Brostoff and M.A. Sasse, 'Are Passfaces More Usable Than Passwords? A Field Trial Investigation,' In People and Computers XIV - Usability or Else! Proceedings of HCI, 2000
  9. R. Dhamija and A. Perrig, 'Deja Vu: A User Study Using Images for Authentication,' In Proceedings of 9th USENIX Security Symposium, 2000
  10. A. De Angeli, M. Coutts, L. Coventry, D. Cameron, G.I. Johnson, and M. Fischer, 'VIP: A visual approach to user authentication,' In Proceedings of Advanced Visual Interfaces (AVI), 2002
  11. A. Perrig and D. Song, 'Hash Visualization: A New Technique to Improve Real-World Security,' In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce, 1999
  12. S. Wiedenbeck,J. Waters,J.C. Birget, A. Brodskily, and N. Memon, 'PassPoints: Design and longitudinal evaluation of a graphical passwords system,' International Journal of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security), Vol. 63, pp. 102-127, 2005 https://doi.org/10.1016/j.ijhcs.2005.04.010
  13. S. Wiedenbeck,J. Waters,J.C. Birget. A, Brodskily, and N. Memon, 'Authentication using graphical passwords: Effects of tolerance and image choice,' In Proceedings of ACM Symposium on Usable Privacy and Security (SOUPS), 2005
  14. S. Wiedenbeck,J. Waters,J.C. Birget, A. Brodskily, and N. Memon, 'Authentication using graphical passwords: Basic results,' In Proceedings of Human-Computer Interaction International (HCII), 2005
  15. A.E, Dirik, N. Memon, and J.C, Birget, 'Modeling user choice in the PassPoints graphical password scheme,' In Proceedings of ACM Symposium on Usable Privacy and Security (SOUPS), 2007
  16. S. Wiedenbeck,J. Waters, L. Sobrado, and J. C. Birget, 'Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme,' In Proceedings of Advanced Visual Interfaces (AVI), 2006
  17. L, Sobrado and J.C, Birget, 'Graphical passwords,' The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, Vol. 4, 2002
  18. S. Man, D. Hong, and M. Matthews, 'A ShoulderSurfing Resistant Graphical Password Scheme - WIW,' In Proceedings of International Conference on Security and Managernent, pp. 105-111, 2003
  19. S. Man, D. Hong, B. Hayes, and M, Matthews, 'A Password Scheme Strongly Resistant to Spyware,' In Proceedings of International Conference on Security and Management, pp. 94-100, 2004
  20. D. Davis, F. Monrose, and M. K. Reiter, 'On User Choice in Graphical Password Schemes,' In Proceedings of the 13th USENIK Security Symposium, 2004
  21. I. Jermynn, A. Mayer, F. Monrose, M.K. Reiter, and A.D. Rubin, 'The Design and Analysis of Graphical Passwords,' In Proceedings of the 8th USENIK Security Symposium, 1999
  22. J. Thorpe and P.C. van Oorschot, 'Graphical Dictionaries and the Mernorable Space of Graphical Passwords,' In Proceedings of the 13th USENIK Security Symposium, 2004
  23. J. Thorpe and P.C. van Oorschot, 'Towards Secure Design Choices for Implementing Graphical Passwords,' In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC), 2004
  24. T. Matumoto and H. Imai, 'Human Identification Through Insecure Channel,' Advances in Cryptology EUROCRYT, LNCS 547, pp. 402-421, 1991
  25. D. Weinshall, 'Cognitive Authentication Schemes Safe Against Spyware (Short Paper),' In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2006
  26. P, Golle and D. Wagner, 'Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract),' In Proceedings of the IEEE Symposium on Security and Privacy (S&P), pp. 66-70, 2007
  27. C.H. Wang, T. Hwang, and J.J. Tsai, 'On the Matsumoto and Imai's Human Identification Scheme,' Advances in Cryptology - EUROCRYT, LNCS 921, pp. 382-392, 1995
  28. X. Y. Li and S.H. Teng, 'Practical Human-Machine Identification over Insecure Channels,' Journal of Combinational Optimization, Kluwer Academic Publishers, Vol. 3, No. 4, 1999
  29. T. Matsumoto, 'Human-Computer Cryptography: An Attempt,' In Proceedings of ACM Conference on Computer and Communications Security (CCS), 1996
  30. N. Hopper and M. Blum, 'Secure Human Identification Protocols,' In Proceeding of ASIACRYPT, LNCS 2248, pp. 52-66, 2001
  31. H. Zhao and X. Li, 'S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme,' In Proceedings of 21st IEEE International Conference on Advanced Information Networking and Applications Workshop (AINAW), 2007
  32. H. Jameel, R.A. Shaikh, H. Lee, and S. Lee, 'Human Identification Through Image Evaluation Using Secret Predicates,' In Proceedings of The Cryptographer's Track at RSA Conference (CT-RSA), LNCS 4377, pp. 67-84, 2007