论文信息 - ProcurePass: A User Authentication Protocol to Resist Password Stealing and Password Reuse Attack

ProcurePass: A User Authentication Protocol to Resist Password Stealing and Password Reuse Attack

The most popular form of user authentication is the text password, which is the most convenient and the simplest. Users mostly choose weak passwords and reuse the same password across different websites and thus, a domino effect. i.e., when an adversary compromises one password, she exploits, gaining access to more websites. Also typing passwords into public computers (kiosks) suffers password thief threat, thereby the adversary can launch several password stealing attacks, such as phishing, key loggers and malware. Therefore user's passwords tend to be stolen and compromised under different threats and vulnerabilities. A user authentication protocol named Procure Pass, which benefits a user's cell phone and short message service to prevent password stealing and password reuse attacks. Procure Pass adopts the one-time password strategy, which free users from having to remember or type any passwords into conventional public computers for authentication. In case of users lose their cell phones, this still works by reissuing the SIM cards and long-term passwords.

Mariam M. Kassim | A. Sujitha

[1] Felix C. Freiling,et al. Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[2] Hung-Min Sun,et al. oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks , 2012, IEEE Transactions on Information Forensics and Security.

[3] Robert Biddle,et al. Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[4] Tadayoshi Kohno,et al. A comprehensive study of frequency, interference, and training of multiple graphical passwords , 2009, CHI.

[5] Sudhir Aggarwal,et al. Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[6] Julie Thorpe,et al. Purely Automated Attacks on PassPoints-Style Graphical Passwords , 2010, IEEE Transactions on Information Forensics and Security.

[7] Stefan Berger,et al. Trustworthy and personalized computing on public kiosks , 2008, MobiSys '08.

[8] Haining Wang,et al. SessionMagnifier: a simple approach to secure and convenient kiosk browsing , 2009, UbiComp.

[9] Alain Forget,et al. User interface design affects security: patterns in click-based graphical passwords , 2009, International Journal of Information Security.