Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/6059
標題: 實行於線上系統之空間性認證架構
SPATIAL AUTHENTICATION SCHEME FOR ONLINE TRANSACTIONS
作者: 許哲瑋
Hsu, Che-Wei
關鍵字: spatial;空間;authentication;security;image;驗證;網路安全;圖像
出版社: 電機工程學系所
引用: [1] (2011) Merriam-Webster on Security [online] Available: http://www.merriam-webster.com/dictionary/security. [2] Data and Network Security Course Reader. Lecture Notes in Network Security. University of Canterbury Print, New Zealand, 2006. [3] K.D. Mitnick, W.L. Simon, ”The Art of Deception”. Scanned by Kineticstomp, revised and enlarged by swift [4] J.Yan, ”Continuous Authentication Based on Computer Security”, M. Sc. Thesis, Lulea University of Technology, Lulea, Sweden, May. 2009. [5] J. Mckendrick (2010, Jan 21) Top 20 most common passwords of all time revealed: '123456,' 'princess,' 'qwerty' [online] Available:http://www.smartplanet.com/blog/business-brains/top-20-most-common-passwords-of-all-time-revealed-8216123456-8216princess-8216qwerty/4519 [6] (2011, Dec 16) Wikimedia Foundation on Brute-force attack [online] Available: http://en.wikipedia.org/wiki/Brute-force_attack [7] J. Pozadzides (2007) How I'd Hack Your Weak Password [online] Available: http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/ [8] T. W. Olzak, “Keystroke Logging (Keylogging)”, Erudio Security, LLC. Apr. 2008. [9] (2009, Apr 23) OWASP Foundation on Man-in-the-middle attack [online] Available: https://www.owasp.org/index.php/Man-in-the-middle_attack [10] P. Burkholder ”SSL Man-in-the-Middle Attacks”, SANS institue. Feb. 2002. [11] R. Lemos (2009, Feb 18) Man-in-the-middle attack sidesteps SSL [online] Available: http://www.securityfocus.com/brief/910 [12] B. Schneier. Secrets and Lies. Wiley, Indianapolis, 2000. [13] Cadzow TECH on Phishing Examples [online] Available: http://kb.cadzow.com.au:15384/cadzow/details.aspx?ID=1422 [14] T.V. Wilson. How Phishing Works [online] Available: http://www.howstuffworks.com/phishing.htm [15] S. Granger (2010, Nov 03) Social Engineering Fundamentals, Part 1: Hacker Tactics [online] Available: http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics [16] Jas (2011, Jul 18) Public key encryption made easy [online] Available: http://www.in-my-cloud.com/breaking-news/2259/ [17] (2011) facebook [online] Available: http://www.facebook.com [18] Treasury Direct [online] Available: https://www.treasurydirect.gov/RS/BPDLogin?application=rs [19] D. Bensinger, “Human memory and the graphical password” Passlogix, Inc. 1998. [20] F. Monrose, M.K.Reiter, ”Graphics Passwords” 2005, Ch09. pp. 161-180. [21] Oracle and Passlogix [online]. Available: http://www.oracle.com/us/corporate/Acquisitions/passlogix/index.html [22] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon (HCII 2005), "Authentication using graphical passwords: Basic results", Ph.D, IST Dept., Comp.Sc Dept., Comp.Sc, Dept., Drexel Univ., Rutgers Univ., Polytechnic Univ., Philadelphia., PA, Camden, NJ., Brooklyn, NY., [23] M. N. Doja and N. Kumar. “Image Authentication Schemes Against Keylogger Software”, Ph.D, Comp. Eng. Dept., Jamia Millia Islamia, New Delhi, India. [24] N. Gwabe (2008, Nov 06) Aurora Detective Bust ID Theft Ring [online]. Available: http://www.pc1news.com/news/0350/detectives-bust-id-theft-ring.html [25] RFID and The Mark of the Beast [online]. Available: http://www.indexoftheweb.com/Patriot/RFID_Mark_Of_The_Beast.htm [26] (2011, Jun 09) HSBC Credit Card (Higher Approval Rate) [online]. Available:http://www.sulit.com.ph/index.php/view+classifieds/id/3075521/HSBC+Credit+Card+(Higher+Approval+Rate) [27] Classifications / Types of Biometrics [online]. Available: http://www.bio-metrica.com/RC_KC_BT2.php [28] Deb (2006, Dec 29) You Are Here 2 [online] Available: http://accuracyandaesthetics.com/?p=197 [29] J. Snifferman (2010, Dec 13) Success is a Skill [online] Available: http://physicalliving.com/success-is-a-skill/ [30] Konigsmark (2010, Dec 11) Crying Baby [online] Available: http://konigsmark.blogspot.com/2010/12/crying-baby.html#!/2010/12/crying-baby.html [31] (2011) Wikimedia Foundation on Spyware [online] Available: http://en.wikipedia.org/wiki/Spyware. [32] (2011) Refog Inc. on Keylogger Software [online] Available: http://www.refog.com [33] (2011, Mar 12) Cain & Abel [online] Available: http://www.oxid.it [34] (2011) Google [online] Available: http://www.google.com
摘要: 
人類並非機器,人是有感情、有知覺的生物。人類的各種狀態使我們易於犯錯,並且在執行邏輯性作業時表現不如機器。人類是網路安全系統中最弱的環節,而人類與機器的互動出現在認證階段。整體安全系統的強度在於最弱的環節,因此,強化認證階段便能強化整個安全系統。在現有的認證系統中,適用性與安全性是相對立的。使用隨機而較長的密碼做為使用者的認證可加強安全,但卻降低適用性,而普遍並較短的密碼則反之亦然。現有認證系統的問題在於密碼,密碼必須長且隨機、經常替換、並且易記。本研究提出一種創新的認證系統方案,結合空間與圖像,由滑鼠點選圖片選擇密碼。適用性方面,使用圖像所得到的記憶分數比隨機文字高,原因為圖片與使用者的關聯性。安全性方面,本系統擁有較大的密碼群可選擇,導致較多種密碼組合。本研究建構了此認證系統的原型,並使用分析雛形建構出理論性結論。結果顯示,本研究所提出的系統在一個時刻比現有字母與數字的密碼系統多出796倍的密碼數量,同時,本認證系統於適用性與安全性兩方面皆有改善。本研究發展出改善現有認證系統的平台以供日後更深的研究參考,目的在於強化網路安全系統的整體安全性及效能。

Humans are not machines. Humans are organisms with emotions and conscious. The different states of humans make us error-prone and weaker than machines at performing logical tasks. Humans are the weakest link in a network security system and human-machine interaction occurs during the authentication phase. The chain of a security system is only as good as the weakest link. Strengthening the authentication phase can strengthen the overall security of a system. There is a trade-off between usability and security in existing authentication methods. Longer and random passwords used to authenticate users increase security but diminish usability and vice versa for shorter and common passwords. The problem with existing authentication methods lie in the password itself. Passwords need to be long and random, changed on a regular basis but also easy to remember. We proposed an innovative authentication scheme which combined the concept of space and image. Passwords were selected from a picture through mouse clicks. In terms of usability, more memorable points arose from using pictures compared to random text due to the amount of context pictures had in association with users. In terms of security, our proposed method had a larger pool of passwords to choose from which yielded in more password combinations. We constructed a prototype of the authentication system and produced theoretical results through analytical models. Results showed that our proposed method had at one point 796 times more password combinations compared to existing alphanumeric passwords. Our authentication method displayed improvements in both usability and security. This research developed a platform for further improvements to current authentication methods to help strengthen the overall security and performance of network security systems.
URI: http://hdl.handle.net/11455/6059
其他識別: U0005-0201201222232000
Appears in Collections:電機工程學系所

Show full item record
 

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.