Password-based authentication: A system perspective

Proceedings of the Hawaii International Conference on System Sciences

Volumn 37, Issue , 2004, Pages 2645-2654

  Conklin, Art ^a   Dietrich, Glenn ^a   Walz, Diane ^a  

^a UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); COGNITIVE SYSTEMS; COST EFFECTIVENESS; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC COMMERCE; IDENTIFICATION (CONTROL SYSTEMS); INFORMATION ANALYSIS; INTERCONNECTION NETWORKS; INTERNET; SOFTWARE ENGINEERING; USER INTERFACES;

BIOMETRICS; PASSWORD MEMORY AIDS; PASSWORD-BASED AUTHENTICATION; USER AUTHENTICATION;

SECURITY OF DATA;

EID: 12344331343     PISSN: 10603425     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/hicss.2004.1265412     Document Type: Conference Paper

References (48)

1. M. Burrows, Abadi, M., Needham, R., "A Logic of Authentication, " Proceedings of the Royal Society of London, pp. 233-271, 1989.
2. B. Lampson, Abadi, M., Burrows, M., Wobber, E., "Authentication in Distributed Systems: Theory and Practice," ACM Transactions Computer Systems, vol. 10, pp. 265-310, 1992.
3. C. Cachin, "Modeling complexity in secure distributed computing," presented at International Workshop on Future Directions in Distributed Computing (FuDiCo), Bertinoro, Italy, 2002.
4. J. Anderson, Vaughn, Ray ford, "Guide to Understanding Identification and Authentication in Trusted Systems (Light Blue Book)," National Computer Security Center NCSC-TG-017, September 1991 1991.
5. U. Manber, "A Simple Scheme to Make Passwords Based on One-Way Functions Much Harder to Crack," Computers & Security, vol. 15, pp. 171-176, 1996.
6. B. Menkus, "Understanding the Use of Passwords," Computers & Security, vol. 7, pp. 132-136, 1988.
7. B. L. Riddle, Miron, M. S., Semo, J. A., "Passwords in Use in a University Timesharing Environment," Computers & Security, vol. 8, pp. 569-579, 1989.
8. W. Yang, Shieh, S., "Password Authentication Schemes with Smart Cards," Computers & Security, vol. 18, pp. 727-733, 1999.
9. M. Abadi, Burrows, M., Kaufman, C., Lampson, B., "Authentication and delegation with smart-cards," Science of Computer Programming, vol. 21, pp. 91-113, 1993.
10. J. Vaclav Matyas and Z. Riha, "Toward Reliable User Authentication Through Biometrics," IEEE Security & Privacy, vol. I, pp. 45-49, 2003.
11. K. Dehnad, "A Simple Way of Improving the Login Security," Computers & Security, vol. 8, pp. 607-611, 1989.
12. M. Bishop, and Klein, D.V., "Improving System Security via Proactive Password Checking," Computers and Security, vol. 14, 1992.
13. N. Ahituv, Lapid, Y., Neumann, S., "Verifying the Authentication of an Information System User," Computers & Security, vol. 6, pp. 152-157, 1987.
14. J. Evans, Arthur, Kantrowitz, William, Weiss, Edwin, "A User Authentication Scheme Not Requiring Secrecy in the Computer," Communications of the ACM, vol. 17, pp. 437-445, 1974.
15. D. L. Jobusch, Oldehoeft, A. E., "A Survey of Password Mechanisms:Weakness and Potential Improvements. Part 1," Computers & Security, vol. 8, pp. 587-604, 1989.
16. L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, vol. 24, pp. 770-772, 1981.
17. C. Lin, Hwang, T., "A password authentication scheme with secure password updating," Computers & Security, vol. 22, pp. 68-72, 2003.
18. G. Mcgraw, Viega, John, "Making your software behave: Cryptographic essentials Using hashing algorithms for data integrity and authentication," vol. 2003: IBM developerWorks, 2000.
19. R. Morris, Thompson, K., " Password Security: A Case history," Communications of the ACM, vol. 22, pp. 594-597, 1979.
20. M. Peyravian, Zunic, N., "Methods for Protecting Password Transmission," Computers & Security, vol. 19, pp. 466-469, 2000.
21. M. Zviran, Haga, William, "A Comparison of Password Techniques for Multilevel Authentication Mechanisms," The Computer Journal, vol. 36, pp. 227-237, 1993.
22. D. B. Baker, "Assessing Controlled Access Protection (Violet Book)," National Computer Security Center NCSC-TG-028, May 1992 1992.
23. G. A. Miller, "The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information," The Psychological Review, vol. 63, pp. 81-97, 1956.
24. A. Adams, Sasse, M. A., "Users Are Not The Enemy," Communications of the ACM, vol. 42, pp. 41-46, 1997.
25. R. Pond, Podd, J., Bunnell, J., Henderson, R., "Word Association Computer Passwords: The Effect of Formulation Techniques on Recall and Guessing Rates," Computers & Security, vol. 19, pp. 645-656, 2000.
26. S. N. Porter, "A Password Extension for Improved Human Factors," Computers & Security, vol. 1, pp. 54-56, 1982.
27. R. Shimonski, "Create effective passwords: strategies for computer systems," vol. 2003: IBM developerWorks, 2002.
28. S. L. Smith, "Authenticating Users by Word Association," Computers & Security, vol. 6, pp. 464-467, 1987.
29. D. Weirich and M. A. Sasse, "Pretty Good Persuasion: A first step towards effective password security in the real world," presented at New security paradigms, Cloudcroft, New Mexico, 2002.
30. J. Yan, Blackwell, A., Anderson, R., Grant, A., "The Memorability and Security of Passwords Some Empirical Results," Cambridge University Computer Laboratory.
31. M. Zviran, Haga, William, "Password Security: An Empirical Study," Journal of Management Information Systems, vol. 15, pp. 161-185, 1999.
32. Microsoft Canada, "Information Overload:Canadians Have Too Many Passwords," vol. 2003: Microsoft Canada, 2000.
33. Microsoft, "Microsoft .Net Passport Q & A," vol. 2003: Microsoft, 2003.
34. T. Jones, "Too many secrets? Password proliferation leads to user fatigue," in Columbia News Service - Columbia University Graduate School of Journalism. New York, 2002.
35. S. Swanson, "Way too many passwords, not enough protection," in Chicago Tribune, online edition ed. Chicago, 2003, pp. 1.
36. I. Sommerville, Software Engineering, 6th ed. Essex, England: Pearson Educational Limited, 2001.
37. J. J. Whitmore, "A method for designing secure solutions," IBM Systems Journal, vol. 40, pp. 747-768, 2001.
38. Liberty Alliance Project, "Business Benefits of Federated Identity," vol. 2003: Liberty Alliance Project, 2003.
39. E. Spafford, "Opus: Preventing weak password choices," Computers & Security, vol. 11, pp. 273-278, 1992.
40. E. Spafford, "Observing Reusable Password Choices," presented at Proceedings of the 3rd Security Symposium, Usenix, 1992.
41. D. V. Klein, "Foiling the Cracker; A Survey of, and Improvements to Unix Password Security," presented at Proceedings of the USENIX Security Workshop, 1990.
42. A. Adams, Sasse, M. A., Lunt, P., "Making Passwords Secure and Usable," presented at People & Computers XII (Proceedings of HCI '97), 1997.
43. R. Fagin, Moni, N., Winkler, P., "Comparing Information Without Leaking it," Communications of the ACM, vol. 39, pp. 77-85, 1996.
44. R. Hauser, Janson, Philippe, Tsudik, Gene, Van Herreweghen, Els, Molva, Refik, "Robust and Secure Password and Key Exchange Method," Journal of Computer Security, vol. 4, pp. 97-111, 1996.
45. D. P. Jablon, "Strong password-only authenticated key exchange," ACM SIGCOMM Computer Communication Review, vol. 26, pp. 5-26, 1996.
46. D. L. Jobusch, Oldehoeft, A. E., "A Survey of Password Mechanisms:Weakness and Potential Improvements. Part 2," Computers & Security, vol. 8, pp. 675-689, 1989.
47. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "The Spread of the Sapphire/Slammer Worm," vol. 2003, 2003.
48. CERT/CC, "CERT® Advisory CA-2003-04 MS-SQL Server Worm," vol. 2003, 25 January 2003 ed: CERT/CC, 2003.