Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Password base System for the safe and Efficient Identification

안전하고 효율적인 신원확인을 위한 암호기반 시스템

  • Published : 2009.01.30
Download PDF
⟨ Previous Next ⟩

Abstract

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we propose a new identification scheme One Pass Identification. The security of Password base System is based on the square root problem, and Password base System is secure against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of Password base System is one, and Password base System processes the password and does not need the key. We think that Password base System is excellent for the consuming time to verify the prover.

사용자 고유번호와 패스워드 기반의 사용자 인증 매커니즘을 수행하는 네트워크 시스템 환경에서는 스니퍼 프로그램 등을 이용하여 불법 도청함으로써 쉽게 사용자의 패스워드를 알아낼 수 있다. 이러한 불법적인 도청에 의한 패스워드 노출 문제를 해결하는 방법으로 일회용 패스워드, Challenge-Response 인증 방식이 유용하게 사용되며, 클라이언트/서버 환경에서는 별도 동기가 필요 없는 시간을 이용한 일회용 패스워드 방식이 특히 유용하게 사용될 수 있다. 본 논문에서는 안전성은 Square root problem에 기초를 두고 있고, 프리플레이 공격, 오프라인 사전적 공격 그리고 서버 등을 포함하여 지금까지 잘 알려진 공격(해킹)들에 대해서 안전성을 높이기 위한 암호기반 시스템을 제안한다. 암호기반 시스템 확인은 패스워드를 생성하는데 특별한 키를 생성할 필요가 없다는 것이다. 암호기반 시스템은 검증자를 확인하는데 걸리는 시간이 적게 소요되면서 특출하다.

Keywords

References

  1. A. Hill, A. D. Brett, and C. J. Taylor, "Automatic landmark identification using a new method of non-rigid correspondence" in Proceedings of IPMI '97 Conference, vol. 1230, pp. 483~488,1997
  2. E. Moulines, P. Duhamel, J.F. Cardoso, and S. Mayrargue, Subspace methods for the blind identification of multichannel fir filters, IEEE Transactions on Signal Processing, SP-43, pp. 516~525, 1995
  3. Bao, F., R. Deng and W. Mao. Efficient and practical fair exchange protocols with off-line TTP. 1998 IEEE Symposium on Security and Privacy. Oakland, IEEE Compute Society. pp 77~85. 1998
  4. A. W. Senior and A. J. Robinson. An off-line cursive handwriting recognition system. IEEE Transactions on Pattern Analysis and Machine Intelligence, 20(3) pp309~321, 1998 https://doi.org/10.1109/34.667887
  5. Jong-Min Park, Yong-Hun Kim, Beom-Joon Cho, "Password System Enhancing the Security against", The Korean Institute of Maritime Information & Communication Science, Vol. 8, No. 8, pp.2004
  6. Andreoni, J. and H. Varian, "Pre-play Contracting in the Prisoners' Dilemma", mimeo, University of Wisconsin, 1999
  7. Bensaid, B. and R.J. Gary-Bobo, 'An Exact Formula for the Lion's Share: A Model of Pre-Play Negotiation,' Games and Economic Behavior, 14, pp 44~89, 1996 https://doi.org/10.1006/game.1996.0042
  8. Neil Haller. The s/key(tm) one-time password system. In Proceedings of the 1994 Symposium on Network and Distributed System Security, pp 151~157, 1994
  9. Neil Haller. The s/key(tm) one-time password system. Symposium on Network and Distributed System Security, pp 151~157, February 1994
  10. B. Schneier, Applied cryptography, John Wiley & Sons, 1996
  11. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like cryptosystems", Advances in Cryptology - CRYPTO '90, LNCS 537, pp. 2-21
  12. P. MacKenzie, "The PAK suites: Protocols for Password-Authenticated Key Exchange", 2002
  13. Jong-Min Park, "Efficient and Secure Authenticated Key Exchange", The Korean Institute of Maritime Information & Communication Science, Vol. 3, No. 3, pp.2005
  14. H. Woll, "Reductions among number theoretic problems, Information and Computation, Vol. 72, pp. 167-179, 1987 https://doi.org/10.1016/0890-5401(87)90030-7
  15. E. Bach, Algorithmic Number Theory, Volumn 1: Efficient Algorithms, MIT Press, Cambridge Massachusetts, 1996