Please use this identifier to cite or link to this item:
標題: 實行於線上系統之空間性認證架構
作者: 許哲瑋
Hsu, Che-Wei
關鍵字: spatial;空間;authentication;security;image;驗證;網路安全;圖像
出版社: 電機工程學系所
引用: [1] (2011) Merriam-Webster on Security [online] Available: [2] Data and Network Security Course Reader. Lecture Notes in Network Security. University of Canterbury Print, New Zealand, 2006. [3] K.D. Mitnick, W.L. Simon, ”The Art of Deception”. Scanned by Kineticstomp, revised and enlarged by swift [4] J.Yan, ”Continuous Authentication Based on Computer Security”, M. Sc. Thesis, Lulea University of Technology, Lulea, Sweden, May. 2009. [5] J. Mckendrick (2010, Jan 21) Top 20 most common passwords of all time revealed: '123456,' 'princess,' 'qwerty' [online] Available: [6] (2011, Dec 16) Wikimedia Foundation on Brute-force attack [online] Available: [7] J. Pozadzides (2007) How I'd Hack Your Weak Password [online] Available: [8] T. W. Olzak, “Keystroke Logging (Keylogging)”, Erudio Security, LLC. Apr. 2008. [9] (2009, Apr 23) OWASP Foundation on Man-in-the-middle attack [online] Available: [10] P. Burkholder ”SSL Man-in-the-Middle Attacks”, SANS institue. Feb. 2002. [11] R. Lemos (2009, Feb 18) Man-in-the-middle attack sidesteps SSL [online] Available: [12] B. Schneier. Secrets and Lies. Wiley, Indianapolis, 2000. [13] Cadzow TECH on Phishing Examples [online] Available: [14] T.V. Wilson. How Phishing Works [online] Available: [15] S. Granger (2010, Nov 03) Social Engineering Fundamentals, Part 1: Hacker Tactics [online] Available: [16] Jas (2011, Jul 18) Public key encryption made easy [online] Available: [17] (2011) facebook [online] Available: [18] Treasury Direct [online] Available: [19] D. Bensinger, “Human memory and the graphical password” Passlogix, Inc. 1998. [20] F. Monrose, M.K.Reiter, ”Graphics Passwords” 2005, Ch09. pp. 161-180. [21] Oracle and Passlogix [online]. Available: [22] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon (HCII 2005), "Authentication using graphical passwords: Basic results", Ph.D, IST Dept., Comp.Sc Dept., Comp.Sc, Dept., Drexel Univ., Rutgers Univ., Polytechnic Univ., Philadelphia., PA, Camden, NJ., Brooklyn, NY., [23] M. N. Doja and N. Kumar. “Image Authentication Schemes Against Keylogger Software”, Ph.D, Comp. Eng. Dept., Jamia Millia Islamia, New Delhi, India. [24] N. Gwabe (2008, Nov 06) Aurora Detective Bust ID Theft Ring [online]. Available: [25] RFID and The Mark of the Beast [online]. Available: [26] (2011, Jun 09) HSBC Credit Card (Higher Approval Rate) [online]. Available: [27] Classifications / Types of Biometrics [online]. Available: [28] Deb (2006, Dec 29) You Are Here 2 [online] Available: [29] J. Snifferman (2010, Dec 13) Success is a Skill [online] Available: [30] Konigsmark (2010, Dec 11) Crying Baby [online] Available:!/2010/12/crying-baby.html [31] (2011) Wikimedia Foundation on Spyware [online] Available: [32] (2011) Refog Inc. on Keylogger Software [online] Available: [33] (2011, Mar 12) Cain & Abel [online] Available: [34] (2011) Google [online] Available:

Humans are not machines. Humans are organisms with emotions and conscious. The different states of humans make us error-prone and weaker than machines at performing logical tasks. Humans are the weakest link in a network security system and human-machine interaction occurs during the authentication phase. The chain of a security system is only as good as the weakest link. Strengthening the authentication phase can strengthen the overall security of a system. There is a trade-off between usability and security in existing authentication methods. Longer and random passwords used to authenticate users increase security but diminish usability and vice versa for shorter and common passwords. The problem with existing authentication methods lie in the password itself. Passwords need to be long and random, changed on a regular basis but also easy to remember. We proposed an innovative authentication scheme which combined the concept of space and image. Passwords were selected from a picture through mouse clicks. In terms of usability, more memorable points arose from using pictures compared to random text due to the amount of context pictures had in association with users. In terms of security, our proposed method had a larger pool of passwords to choose from which yielded in more password combinations. We constructed a prototype of the authentication system and produced theoretical results through analytical models. Results showed that our proposed method had at one point 796 times more password combinations compared to existing alphanumeric passwords. Our authentication method displayed improvements in both usability and security. This research developed a platform for further improvements to current authentication methods to help strengthen the overall security and performance of network security systems.
其他識別: U0005-0201201222232000
Appears in Collections:電機工程學系所

Show full item record

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.