计算机科学 ›› 2015, Vol. 42 ›› Issue (11): 222-227.doi: 10.11896/j.issn.1002-137X.2015.11.046
沈瑛,廖刘承,董天阳
SHEN Ying, LIAO Liu-cheng and DONG Tian-yang
摘要: 拒绝用户设置弱口令是系统信息安全防护的一种重要手段。 针对完整口令集设计并实现了一个不同于基于规则的先验口令检验器的口令分级先验组合模型。利用马尔可夫模型,结合影响口令强度的长度、频次、首字母等相关因素,设计了有效的口令强度评估函数,并根据强度值分布设置阈值对全口令集进行合理分级,并将结果导入布鲁姆过滤器中,以在保证分级口令自身安全的同时,减少口令先验检索的时耗。多口令库实验结果表明:口令强度评价结果合理,分级结果在先验口令检测方面具有较好的适用性。
| [1] The Evolution of the Password — And Why It’s Still Far From Safe.http://mashable.com/2013/12/30/history-of-the-password/ [2] Jakobsson M,Dhiman M.The benefits of understanding passwords[M]∥Mobile Authentication.Springer New York,2013:5-24 [3] Ma J,Yang W,Luo M,et al.A study of probabilistic password models[C]∥Proceedings of the 2014 IEEE Symposium on Security and Privacy.IEEE Computer Society,2014:689-704 [4] Weir M,Aggarwal S,De Medeiros B,et al.Password crackingusing probabilistic context-free grammars[C]∥ 2009 30th IEEE Symposium on Security and Privacy.IEEE,2009:391-405 [5] Veras R,Collins C,Thorpe J.On the semantic patterns of passwords and their security impact[C]∥Network and Distributed System Security Symposium (NDSS’14).2014 [6] Cheng Ying,Gao Qing-de.Study of the hole of strong password authentication protocol[J].Computer Science,2009,6(10):106-116 [7] Wang Ding,Ma Chun-guang,Zhang Qi-ming,et al.Attacks and improvements on a strong-password authentication scheme [J].Computer Science,2012,9(6):72-76 [8] Juels A,Rivest R L.Honeywords:Making password cracking detectable[C]∥Proceedings of the 2013 ACM SIGSAC Confe-rence on Computer & Communications Security.ACM,2013:145-160 [9] Genc Z A,Kardas S,Kiraz M S.Examination of a New Defense Mechanism:Honeywords[R].IACR Cryptology ePrint Archive,2013 [10] Bojinov H,Sanchez D,Reber P J,et al.Neuroscience MeetsCryptography:Designing Crypto Primitives Secure Against Rubber Hose Attacks[C]∥USENIX Security Symposium.2012:129-141 [11] Castelluccia C,Dürmuth M,Perito D.Adaptive Password-Strength Meters from Markov Models[C]∥NDSS.2012 [12] Burr W E,Dodson D F,Polk W T.Electronic authenticationguideline[R].NIST special publication 800-63,2006 [13] de Carnavalet X C,Mannan M.From very weak to very strong:Analyzing password-strength meters[C]∥Proceedings of the Network and Distributed System Security Symposium.2014 [14] Spafford E H.Opus:Preventing weak password choices[J].Computers & Security,1992,11(3):273-278 [15] Davies C,Ganesan R.Bapasswd:A new proactive passwordchecker[C]∥16th National Computer Security Conference.1993:1-15 [16] Vijaya M S,Jamuna K S,Karpagavalli S.Password strength prediction using supervised machine learning techniques[C]∥International Conference on Advances in Computing,Control,& Telecommunication Technologies,2009(ACT’09).IEEE,2009:401-405 [17] Blundo C,D’Arco P,Santis A D,et al.A Novel Approach to Proactive Password Checking[J].Computer Science,2002,2437:30-39 |
| No related articles found! |
|
||
首页