密码
计算机科学
计算机安全
S/键
认知密码
密码强度
密码破解
密码策略
零知识密码证明
登录
一次性密码
字典攻击
方案(数学)
认证(法律)
熵(时间箭头)
数学
数学分析
物理
量子力学
作者
Albert Guan,Chia-Mei Chen
出处
期刊:IEEE Transactions on Dependable and Secure Computing
[Institute of Electrical and Electronics Engineers]
日期:2022-11-01
卷期号:19 (6): 4285-4293
被引量:7
标识
DOI:10.1109/tdsc.2022.3174576
摘要
User name and password are the most commonly used user authentication scheme in information systems. Strong passwords are secure but difficult to remember, so many users prefer easy-to-remember passwords. These weak passwords are also easily guessed by attackers, leading to online password guessing attacks, posing a serious security threat to information systems. Providing a reliable user authentication scheme to allow legitimate users to login while preventing online password guessing attacks is a challenge. We define a formal statistical model for the behavior of users and attackers, and differentiate users and attackers according to this model. The proposed solution computes the entropy of the passwords entered by the user and considers the user legitimate only if the entropy does not exceed a threshold. We show that entropy is an effective feature to distinguish legitimate users from attackers. We also show that the proposed user authentication scheme is effective in identifying password guessing attacks, even if the user chooses a common password. The new scheme adds an extra layer of protection to passwords, which is especially important for weak passwords. The scheme is a slight modification of the existing scheme, so it can be easily integrated into existing systems.
科研通智能强力驱动
Strongly Powered by AbleSci AI