政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/100290
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113313/144292 (79%)
造访人次 : 50947427      在线人数 : 954
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/100290


    题名: Secure Password Based Authentication Protocol to Thwart Online Dictionary Attacks
    作者: Sood, Sandeep K.
    关键词: Hyper Text Transfer Protocol;Cookies;Password;Secure Socket Layer;Online Dictionary Attacks
    日期: 2011-03
    上传时间: 2016-08-16 15:45:34 (UTC+8)
    摘要: Password is the most universally used authentication technique to authenticate the users on the web. Password based authentication protocols are vulnerable to dictionary attacks by means of automated programs because most of the user chosen passwords are limited to the user’s personal domain. In this paper, we propose a secure password based authentication protocol in which the computation efforts required from the attacker during login on to the web server increases with each login failure. The web server stores the cookie on the client`s computer if the legitimate client authenticates itself to the web server. There after, the legitimate client can easily authenticate itself to the web server from a computer that contains cookie. However, the legitimate client or the attacker has to put up some additional computational efforts during login from a computer that does not contain cookie. The client generated dynamic authentication information is different for the same user in different sessions of Secure Socket Layer (SSL) protocol. The concept used in this paper is to combine traditional password authentication with a challenge that is easy to answer by the legitimate client and the computational cost of authentication increases for an attacker with each login failure. Therefore, even the automated programs can not launch online dictionary attacks on the proposed protocol. This protocol provides better protection against different types of attacks launched by the attacker. The proposed protocol is easy to implement and it removes the some of the deficiencies of previously suggested password based authentication protocols.
    關聯: 資管評論, 16(2), 93-110
    MIS review
    数据类型: article
    显示于类别:[MIS review(資管評論)] 期刊論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    16(2)-93-110.pdf1068KbAdobe PDF2451检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈