• Title/Summary/Keyword: 패스워드강화

Search Result 56, Processing Time 0.021 seconds

Password based Augmented Key agreement Protocol (패스워드 기반의 강화된 키 교환 프로토콜)

  • 김우헌;이성운;유기영;김현성
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04a
    • /
    • pp.488-490
    • /
    • 2003
  • Diffie-Hellman 키 교환 프로토콜에 패스워드를 기반으로 하는 인증수단을 추가하여 Seo와 Sweeney는 SAKA를 제안하였다. 하지만 SAKA와 SAKA 변형 프로토콜들은 중간자 공격, 오프라인 패스워드 추측공격, 데닝-사코 공격, 완전한 전방향 보안의 측면에서 송.수신자 상호간의 인증 수단을 유효하게 제공하지 못하였다. 본 논문에서는 패스워드 기반의 키 교환 프로토콜에서 이루어지는 인증과정에서의 취약점을 해결하기 위해 키를 이용한 일방향 해쉬 함수를 이용하여 강화된 키 교환 프로토콜을 제안한다. 본 논문에서 제안한 프로토콜은 이전의 SAKA 변형 프로토콜들에 비해 적은 수의 메시지 교환이 필요한 장점이 있다.

  • PDF

A Study on Key exchange using password (패스워드를 이용한 키 분배에 관한 연구)

  • 이덕규;이임영
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2002.11b
    • /
    • pp.279-282
    • /
    • 2002
  • 고전적인 암호 프로토콜은 사용자-선택 키를 기반으로 하였다. 하지만 이러한 방법은 공격자에게 패스워드-예측 공격을 허용하는 문제점을 가지고 있다. 기존에 제안된 방식들은 패스워드에 대한 보호를 강화함으로써 패스워드를 보호하여 하였다. 이러한 문제점으로부터 안전하지 못한 네트워크 상에서 사용자를 인증하고 서로간의 세션키를 공유하는 새로운 방법을 제안한다. 제안된 프로토콜은 능동적인 공격자에 의한 사전공격(Dictionary attack), 패스워트 추측 공격, forward secrecy, server compromise, client compromise와 세션키 분실에 안전하게 설계되었다.

  • PDF

A Design of One-time Password Verification System with Enhanced Security Using Certificate (인증서를 이용한 보안성이 강화된 일회용 패스워드 검증 시스템의 설계)

  • Kim, Hyun-Chul;Lee, Chang-Soo;Lee, Kyung-Seok;Jun, Moon-Seog
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.4B
    • /
    • pp.435-441
    • /
    • 2009
  • The one-time password system solves the problem concerning password reuse caused by the repeated utilization of an identical password. The password reuse problem occurs due to the cyclic repetition at the time of password creation, and authentication failure can occur due to time deviation or non-synchronization of the number of authentication. In this study, the password is created asynchronously and exchanged with the user, who then signs using a digital signature in exchange for the password and a valid verification is requested along with the certificate to ensure non-repudiation. Besides this, a verification system for one-time password is proposed and designed to improve security by utilizing the validity verification that is divided into certificate verification and password verification. Comparative analysis shows that the mechanism proposed in this study is better than the existing methods in terms of replay attack, non-repudiation and synchronization failure.

A Study on Authentication and Encrypted Key Exchange with Security and Efficiency (안전하고 효율적인 A-EKE에 관한 연구)

  • Lee, Deok-Gyu;Lee, Im-Yeong
    • Annual Conference of KIPS
    • /
    • 2003.05c
    • /
    • pp.2105-2108
    • /
    • 2003
  • 고전적인 암호 프로토콜은 사용자-선택키를 기반으로 하였다. 하지만 이러한 방법은 공격자에게 패스워드-예측 공격을 허용하는 문제점을 가지고 있다. 기존에 제안된 방식들은 패스워드에 대한 보호를 강화함으로써 패스워드를 보호하여 하였다. 이리한 문제점으로부터 안전하지 못한 네트워크 상에서 사용자를 인증하고 서로간의 세션키를 공유하는 새로운 방법을 제안한다. 제안된 프로토콜은 능동적인 공격자에 의한 사전공격(Dictionary attack), 패스워드 추측 공격, forward secrecy. server compromise, client compromise와 세션키 분실에 안전하게 설계되었다.

  • PDF

A Case Study of Password Usage for Domestic Users (국내 사용자의 패스워드 사용 현황 분석)

  • Kim, Seung-Yeon;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.961-972
    • /
    • 2016
  • For securing password-based authentication, a user must select and manage a strong password that has sufficient length and randomness. Unfortunately, however, it is known that many users are likely to choose easy-to-remember weak passwords and very poorly manage them. In this paper, we study a domestic user case of password selection and management. We conducted a survey on 327 domestic users and analyzed their tendency on password creation and update strategies, and also on the password structure and account management. We then analyzed an effect of a server's password creation rule on a structure of a user-chosen password. Our findings include that there are password structures and special characters that users significantly prefer while the effect of server's password creation rule is insignificant.

A study on User Authentication Technology of Numeric based Pattern Password (숫자기반의 패턴 형식 패스워드 사용자인증 기술)

  • Ju, Seung-Hwan;Seo, Hee-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.9
    • /
    • pp.65-73
    • /
    • 2012
  • The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

Design of the MS-SQL Password Vulnerability Checking Function Using OLE Remote Connection (OLE 원격 접속 기능을 이용한 MS-SQL 패스워드 취약점 점검 기능 설계)

  • Jang, Seung Ju
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.3
    • /
    • pp.97-104
    • /
    • 2015
  • This paper will feature designs for security vulnerability based on MS-SQL Database and OLE connectivity by checking the MS-SQL database password policy, the user account password access attempts, a user without password, and password does not be changed for a period of time. This paper uses the MS-SQL database and C++ linkage in order to use the OLE DB function. The design module should judge presence or absence of security vulnerability by checking database password policy, the user account password access attempts, a user without password, password does not be changed for a period of time. The MS-SQL database password associated with a feature, judging from the many features allows you to check for security vulnerability. This paper strengthen the security of the MS-SQL database by taking the advantage of the proposed ability.

(A Key Roaming Protocol with a New Password Hardening Scheme) (새로운 패스워드 강화 기법을 이용한 키 로밍 프로토콜)

  • 정현철;김승호
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.3
    • /
    • pp.387-396
    • /
    • 2003
  • In this paper, we present more efficient Protocol than that of Ford and Kaliski. We use RSA in the roaming protocol and it Plays decisive role to reduce the total time cost. We show that our protocol is safe from various attacks. We present the performance of our protocol and verify that This protocol needs fewer secure channel like SSL than other protocols.

Security Requisite Definition-Analysis (Identification and Authentication) (보안 요건의 정의 - 분석(식별 및 인증))

  • Shin, Seong-Yoon;Lee, Hyun-Chang
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2014.07a
    • /
    • pp.83-84
    • /
    • 2014
  • 식별 및 인증은 어플리케이션 보안 요건에서 분석단계의 보안 요건의 한 영역이다. 어플리케이션은 개별 ID를 유일하게 식별해야 한다. 패스워드는 길이 제한을 두어서 관리하고 패스워드 조합 표준을 적용해서 저장해 두어야 한다. 패스워드는 일정한 주기적인 변경을 수행해야 한다. ID/PW 이외의 강화된 인증 방식을 제공하여 관리를 해야 하는 것은 당연하다. 이러한 인증 프로세스는 정의된 보안 요건을 충분히 총족해야 한다.

  • PDF

Cryptanalysis and Remedy Scheme on Qiu et al.'s Enhanced Password Authentication Scheme for SIP (SIP를 위한 Qiu등의 개선된 패스워드 인증 기법에 대한 보안 분석 및 강화 기법)

  • Kim, Hyunsung
    • Journal of Digital Convergence
    • /
    • v.18 no.5
    • /
    • pp.249-256
    • /
    • 2020
  • The session initiation protocol (SIP) is a signaling protocol, which is used to controlling communication session creation, manage and finish over Internet protocol. Based on it, we can implement various services like voice based electronic commerce or instant messaging. Recently, Qiu et al. proposed an enhanced password authentication scheme for SIP. However, this paper withdraws that Qiu et al.'s scheme is weak against the off-line password guessing attack and has denial of service problem. Addition to this, we propose an improved password authentication scheme as a remedy scheme of Qiu et al.'s scheme. For this, the proposed scheme does not use server's verifier and is based on elliptic curve cryptography. Security validation is provided based on a formal validation tool ProVerif. Security analysis shows that the improved authentication scheme is strong against various attacks over SIP.