中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/79572
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41642475      Online Users : 1400
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/79572


    Title: 擴增攻擊者計算時間和儲存空間需求的通行碼管理改進架構;Improved Password Management Based on Enlarged Computational Time and Storage Requirement to the Adversary
    Authors: 陳季坊;Chen, Ji-Fang
    Contributors: 資訊工程學系
    Keywords: 通行碼管理;字典攻擊
    Date: 2019-01-19
    Issue Date: 2019-04-02 15:03:21 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著網際網路的發達,越來越多網站取代一般的實體服務,對於一個電腦
    使用者來說,擁有多個線上會員資格十分常見。使用者會被要求針對不同帳戶產生不同且長又複雜(熵強度高)的通行碼。然而,因為人們不擅長記住多個獨一無二且又安全的通行碼,容易轉而使用簡單的通行碼,或是在不同網站重複使用同一個通行碼。因此,藉由一個好記(熵強度低)的主通行碼來產生多個複雜(熵強度高)的通行碼是一個更好的選擇,一個主通行碼、網站名稱和使用者帳號可以產生一個獨一無二的網站通行碼,但是好記(熵強度低)的主通行碼容易遇到離線字典攻擊。

    Halderman等人在2005年提出了一個通行碼管理系統 Password Multiplier [1],Password Multiplier 重複使用雜湊函式並預先計算,以延長攻擊者計算時間的方式抵抗對於主通行碼的字典攻擊,並且儲存在使用者電腦的預先計算值可以減少使用者的計算時間。

    在本論文中,我們分別提出基於主通行碼的兩個方案:擴增攻擊者計算時間以及擴增儲存空間需求。方案一以 Password Multiplier 為基礎,除了拉大使用者和攻擊者的計算時間差之外,還減少使用者計算時間,並且避免主通行碼由儲存在使用者電腦的數值推導出來。擴增儲存空間需求的方案二以一個資料量龐大的資料庫為基礎。因為向資料庫索取資料耗時,迫使攻擊者轉而以備份資料庫資料的方式,減少向資料庫索取資料的時間。此外,使用者帳號資訊不會儲存在使用者電腦裡。

    拉大攻擊者和使用者之間的負擔差距可以在一段時間內有效的抵抗字典攻擊,除了擴增計算時間之外,擴增儲存空間需求也能增加攻擊者負擔。
    ;More and more websites are replacing general physical services due to the increasing popularity of the Internet. A computer user having plenty of on-line membership is common. Users are asked to generate different, long, and complex (high-entropy) passwords for each account. However, people are not good at remember unique and secure passwords for all accounts. They will tend to use simple passwords, or reuse a password for different accounts. Generating high-entropy passwords on the basis of a memorable (low-entropy) master password will be a good choice. The combination of a master password, a site name, and a user name can generate a unique site password. Unfortunately, a memorable (low-entropy) master password will encounter off-line dictionary attacks.

    Halderman et al proposed a password manager called Password Multiplier [1]. Password Multiplier using iterated hash function and pre-computation to defeat dictionary attacks enlarges an attacker′s computation time. The precomputed value
    stored in a user′s computer can reduce calculation.

    In this paper, we propose two techniques that enlarged computational time and storage requirement based on a master password. Scheme 1 enlarging computational time based on the Password Multiplier. Scheme 1 reduces the calculation time and prevents a master password being derived from the value stored in the user′s computer. Scheme 2 enlarging storage requirement is on the basis of a huge database. Requesting information from the database takes time. An attacker will try to copy the information of the database in order to reduce requesting time. In addition, user account information will not exist in a user′s computer.

    Enlarging the gap between users and attackers can defeat dictionary attacks in a period of time. Besides increasing computational time, increasing storage requirement can enlarge the cost of attackers.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML114View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明