计算机科学 ›› 2015, Vol. 42 ›› Issue (6): 145-150.doi: 10.11896/j.issn.1002-137X.2015.06.032
付永贵,朱建明
FU Yong-gui and ZHU Jian-ming
摘要: 认证是信息安全的基本服务之一,口令认证是最常用的认证方法,但是目前用户口令设置存在许多隐患和风险。在分析目前用户口令设置存在的问题的基础上,提出了大数据环境下用户口令防护的攻防博弈模型,分析指出攻击者借助大数据分析技术能提高对用户口令的破译能力,而用户要想确保其安全性或更进一步降低其风险性则需要设置更有效的口令,使用身份交叉认证技术或动态跟踪用户访问信息系统行为的技术,降低大数据分析成本。提出相应的对策并使用用户数据画像思想建立大数据环境下信息系统用户身份交叉认证模型,通过模拟实验对模型的有效性进行验证。
| [1] 李海健.CSDN:互联网服务端近80%密码库可破解[J].移动通信,2012(Z1):112 Li H J.CSDN:nearly 80 percent of password databases can be cracked in internet server[J].mobile communication,2012(Z1):112 [2] 杨汛,王珑锟.泄密用户七成未改密码[N].北京日报,2012-01-12(14) Yang X,Wang L K.seven tenths leaked users unchanged password[N].Beijing Daily,2012-01-12(14) [3] Hong J,Reed D.Passwords Getting Painful,Computing StillBlissful[J].Communications of the ACM,2013,6(3):10-11 [4] 魏为民,陈为召,李红娇.国内网络用户密码分析[J].上海电力学院学报,2013,9(6):584-587 Wei W M,Chen W Z,Li H J.domestic network users password analysis[J].electronic college journal of shanhai,2013,9(6):584-587 [5] Cheswick W.Rethinking Passwords[J].Communications of the ACM,2013,6(2):40-44 [6] Brown A S,Bracken E,Zoccoli S,et al.generating and remembering passwords[J].Applied Cognitive Psychology,2004,8(6):641-651 [7] Zviran M,Haga W J.password security:an empirical study[J].Journal of Management Information Systems,1999,5(4):161-185 [8] AI-Jarrah M M.a multi-factor authentication scheme using keystroke dynamics and two-part passwords[J].International Journal of Academic Research,2013,5(3):98-102 [9] Gyorffy J,Tappenden A,Miller J.Token-based graphical password authentication[J].International Journal of Information Security,2011,0(6):321-336 [10] Nguyen T A,Zeng Y.A vision based graphical password[J].Journal of Integrated Design and Process Science,2010,4(2):43-52 [11] Mannan M,van Oorschot P C.Leveraging personal devices for stronger password authentication from untrusted computers[J].Journal of Computer Security,2011,9(4):703-750 [12] 邹静,林东岱,郝春辉.一种基于结构划分概率的口令攻击方法[J].计算机学报,2014,7(5):1206-1214 Zou J,Lin D D,Hao C H.a password attack method based on structural division probability[J].Chinese journal of computers,2014,7(5):1206-1214 [13] 徐迪威.大数据与科技管理[J].科技管理研究,2013(24):216 Xu D W.Big Data and Technology Management[J].Technology Management Research,2013(24):216 [14] 董杨慧,谢友宁.大数据视野下的数据泄露与安全管理[J].情报杂志,2014,3(11):154-158 Dong Y H,Xie Y N.Data Disclose and Secure Management in Gig Data Vision[J].Information Magazine,2014,3(11):154-158 [15] 朱建明,宋彪,黄启发.基于系统动力学的网络安全攻防演化博弈模型[J].通信学报,2014,5(1):54-60 Zhu J M,Song B,Huang Q F.Evolution Game Model of Offense-defense for Network Security Based on System Dynamics[J].Journal on Communications,2014,5(1):54-60 [16] 黄启发,朱建明,宋彪,等.社交网络用户隐私保护的博弈模型[J].计算机科学,2014,1(10):184-189 Huang Q F,Zhu J M,Song B,et al.game model of user’s privacy-preserving in social networks[J].Computer Science,2014,1(10):184-189 |
| No related articles found! |
|
||
首页