| 口令安全研究进展; Advances in Password Security | |
| 王平 ; 汪定 ; 黄欣沂 | |
| 刊名 | 计算机研究与发展
 |
| 2016 | |
| 关键词 | 身份认证 口令安全 脆弱行为 猜测攻击 强度评价 identity authentication password security vulnerable behavior guessing attack strength evaluation |
| 英文摘要 | 身份认证是确保信息系统安全的第一道防线,口令是应用最为广泛的身份认证方法。尽管口令存在众多的安全性和可用性缺陷,大量的新型认证技术陆续被提出,但由于口令具有简单易用、成本低廉、容易更改等特性,在可预见的未来仍将是最主要的认证方法。因此,口令近年来引起了国内外学者的广泛关注,涌现出了一大批关于口令安全性的研究成果。从用户生成口令时的脆弱行为入手,介绍了中英文用户口令的特征、分布和重用程度;总结了近30年来提出的几个主流口令猜测算法,并根据它们所依赖的攻击对象的信息不同进行了分类;然后,回顾了当前广泛使用的基于统计学的口令策略强度评价标准;此外,对比了当前主流的几个口令强度评价器。最后,对当前研究现状进行了总结,并对未来研究方向进行了展望。; Identity authentication is the first line of defense for information systems ,and passwords are the most widely used authentication method .Though there are a number of issues in passwords regarding security and usability , and various alternative authentication methods have also been successively proposed , password‐based authentication will remain the dominant method in the foreseeable future due to its simplicity ,low cost and easiness to change .T hus ,this topic has attracted extensive interests from worldwide researchers ,and many important results have been revealed .This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics ,distribution and reuse rate .Next we summarize the primary cracking algorithms that have appeared in the past 30 years , and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker .Then ,we revisit the various statistical‐based evaluation metrics for measuring the strength of password distributions .Further ,we compare the state‐of‐the‐art password strength meters .Finally ,we summarize our results and outline some future research trends .; 国家重点研发计划项目(2016YFB0800603);国家自然科学基金项目(61472016,61472083) This work was supported by the National Key Research Program of China; the National Natural Science Foundation of China (61472016,61472083).; 中文核心期刊要目总览(PKU); 中国科技核心期刊(ISTIC); 中国科学引文数据库(CSCD); 10; 2172-2187; 53 |
| 语种 | 英语 |
| 内容类型 | 期刊论文 |
| 源URL | [http://ir.pku.edu.cn/handle/20.500.11897/453526]  |
| 专题 | 信息科学技术学院 软件与微电子学院 |
| 推荐引用方式 GB/T 7714 | 王平,汪定,黄欣沂. 口令安全研究进展, Advances in Password Security[J]. 计算机研究与发展,2016. |
| APA | 王平,汪定,&黄欣沂.(2016).口令安全研究进展.计算机研究与发展. |
| MLA | 王平,et al."口令安全研究进展".计算机研究与发展 (2016). |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论