查詢結果分析
來源資料
頁籤選單縮合
題 名 | 使用整合型OTP系統改進認證系統安全性--以學生資訊系統為例=Using an Integrated One-Time Password System to Improve Security of Authentication--Example of Student Information System |
---|---|
作 者 | 陳信北; 潘萬豐; | 書刊名 | 清雲學報 |
卷 期 | 31:2 2011.04[民100.04] |
頁 次 | 頁1-17 |
分類號 | 312.76 |
關鍵詞 | 釣魚網站; 鍵盤側錄; 身分認證; 一次性密碼; Phishing; Keyloggers; Identity authentication; One-time password; |
語 文 | 中文(Chinese) |
中文摘要 | 傳統身分認證方式使用固定的帳號與密碼來做登入驗證,儘管使用SSL 加密協定,但隨著木馬程式、鍵盤側錄(keylogger)、螢幕側錄程式技術的進步,單純使用帳號與密碼來做登入驗證已經不再安全,駭客可以利用各種工具輕易竊取使用者帳號與密碼,就可以冒用並進行各種交易行為。一次性密碼機制(One-TimePassword)的認證方式是一個方便、安全又快速的解決方案。一次性密碼機制所產生的密碼,具有不可預測、不可重複、使用一次等特性,採用特定演算法,以變動的時間、次數或輸入內容等參數為「基本元素」,經演算得到的結果轉換成密碼。由於「基本元素」具有變動性,每次產生的密碼皆不同,可以確保帳號存取安全,避免駭客或有心人士盜竊重要資料,可大幅提升身分認證的安全性。本研究論文提出整合性OTP 系統演算法,去改善目前使用中計次演算法及計時演算法之缺點,並以學生資訊系統為例,經實驗測試結果,整合型OTP 系統演算法確實可以避免釣魚網站攻擊,提昇系統之安全性。 |
英文摘要 | Most of the traditional authentication methods use a fixed username and password to do identification and verification, in spite of employing SSL protocol. However, the technique of Trojans, keyloggers, screen-recording program made great progress, simply using the username and password to do authentication isn’t secure no longer. Hackers can use various attack tools to steal username and password easily; they can masquerade and execute various transactions. The one-time password system authentication method is a convenient, safe and fast solution. The generated-code of one-time password system provides with features of unpredictable, non-duplication and used-once. It uses a specific algorithm with the “basic elements”, variation time, number of times or other input parameters, to obtain the OTP-password by calculation. Due to the “basic elements” is volatility, each generated-code are different, we can ensure that the user’s access is security to prevent hackers or people with evil intent from stealing important information, can significantly enhance the security of identity authentication. This research paper proposes an integrated one-time password system (IOTPS) algorithm to improve their shortcomings of event-based and time-based algorithms which are using at present. We take student information system as an example, via the experiments obtain the result, evidence really integrated OTP system algorithm can prevent Phishing websites from attacking, promote systematic security. |
本系統中英文摘要資訊取自各篇刊載內容。