Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement
碩士 === 國立臺中教育大學 === 資訊工程學系 === 101 === Conventional textual password schemes and graphical password schemes are vulnerable to login-recording attacks, including the shoulder-surfing attack, the hidden camera attack, the spyware attack, and the wiretapping attack. Thus, graphical password schemes wit...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2013
|
Online Access: | http://ndltd.ncl.edu.tw/handle/18053791702569585695 |
id |
ndltd-TW-101NTCT0394015 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-101NTCT03940152016-07-29T04:13:13Z http://ndltd.ncl.edu.tw/handle/18053791702569585695 Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement 防登入記錄攻擊之圖形化通行碼的 分析與實驗及改進設計 Yu-Chang Yeh 葉育彰 碩士 國立臺中教育大學 資訊工程學系 101 Conventional textual password schemes and graphical password schemes are vulnerable to login-recording attacks, including the shoulder-surfing attack, the hidden camera attack, the spyware attack, and the wiretapping attack. Thus, graphical password schemes with resistance to login-recording attacks based on various techniques have been proposed. Furthermore, as most users are familiar with textual passwords, some researchers have proposed graphical text-based password schemes with resistance to login-recording attacks, in which the user memorizes texts as his password while the system employs a graphical interface to protect the textual password against login-recording attacks. In 2011, we have proposed a graphical password scheme with resistance to login-recording attacks, RiS, and a graphical text-based password scheme with resistance to login-recording attacks, T-RiS. However, we found that our previous security analysis for RiS and T-RiS are not accurate, and our previous prototype implementations of RiS and T-RiS are not considerate enough, which may affect the security and usability in practice. In this thesis, we continue to improve the prototype implementations of RiS and T-RiS, refine the security analysis for RiS and T-RiS, and perform security simulation and usability experiments for validating our theoretical analysis results. In addition, as handheld devices are booming in recent years, we also propose a graphical text-based password scheme resistant to login-recording attacks suitable for handheld devices, ColorPalette, in which a qwerty-like keyboard is used to facilitate the user to efficient and easily find the password characters and color buttons are used to resist login-recording attacks. We not only theoretically analyze the security and usability of ColorPalette, but also perform security simulations and usability experiments to validate our theoretical analysis results for ColorPalette. Wei-Chi Ku 顧維祺 2013 學位論文 ; thesis 74 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立臺中教育大學 === 資訊工程學系 === 101 === Conventional textual password schemes and graphical password schemes are vulnerable to login-recording attacks, including the shoulder-surfing attack, the hidden camera attack, the spyware attack, and the wiretapping attack. Thus, graphical password schemes with resistance to login-recording attacks based on various techniques have been proposed. Furthermore, as most users are familiar with textual passwords, some researchers have proposed graphical text-based password schemes with resistance to login-recording attacks, in which the user memorizes texts as his password while the system employs a graphical interface to protect the textual password against login-recording attacks. In 2011, we have proposed a graphical password scheme with resistance to login-recording attacks, RiS, and a graphical text-based password scheme with resistance to login-recording attacks, T-RiS. However, we found that our previous security analysis for RiS and T-RiS are not accurate, and our previous prototype implementations of RiS and T-RiS are not considerate enough, which may affect the security and usability in practice. In this thesis, we continue to improve the prototype implementations of RiS and T-RiS, refine the security analysis for RiS and T-RiS, and perform security simulation and usability experiments for validating our theoretical analysis results. In addition, as handheld devices are booming in recent years, we also propose a graphical text-based password scheme resistant to login-recording attacks suitable for handheld devices, ColorPalette, in which a qwerty-like keyboard is used to facilitate the user to efficient and easily find the password characters and color buttons are used to resist login-recording attacks. We not only theoretically analyze the security and usability of ColorPalette, but also perform security simulations and usability experiments to validate our theoretical analysis results for ColorPalette.
|
author2 |
Wei-Chi Ku |
author_facet |
Wei-Chi Ku Yu-Chang Yeh 葉育彰 |
author |
Yu-Chang Yeh 葉育彰 |
spellingShingle |
Yu-Chang Yeh 葉育彰 Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement |
author_sort |
Yu-Chang Yeh |
title |
Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement |
title_short |
Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement |
title_full |
Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement |
title_fullStr |
Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement |
title_full_unstemmed |
Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement |
title_sort |
analysis and experiment of graphical password schemes resistant to login-recording attacks and improvement |
publishDate |
2013 |
url |
http://ndltd.ncl.edu.tw/handle/18053791702569585695 |
work_keys_str_mv |
AT yuchangyeh analysisandexperimentofgraphicalpasswordschemesresistanttologinrecordingattacksandimprovement AT yèyùzhāng analysisandexperimentofgraphicalpasswordschemesresistanttologinrecordingattacksandimprovement AT yuchangyeh fángdēngrùjìlùgōngjīzhītúxínghuàtōngxíngmǎdefēnxīyǔshíyànjígǎijìnshèjì AT yèyùzhāng fángdēngrùjìlùgōngjīzhītúxínghuàtōngxíngmǎdefēnxīyǔshíyànjígǎijìnshèjì |
_version_ |
1718366365983703040 |