Study of Interactive QR-code for One-Time Password System

Autor: Dong-Lin Wu, 吳東霖
Rok vydání: 2013
Druh dokumentu: 學位論文 ; thesis
Popis: 101
In recent years, the illegal technology that computer viruses, Trojans, Phishing, spyware, brute and son on made great progress, the password authentication isn’t secure no longer in spite of employing Secure Sockets Layer (SSL) encryption protocol. Once the usercode/password is stolen by the personage intentionally, user''s identity may be falsely used, the lighter causes personal property losses, company''s secret materials of the heavy one are let out etc., and that damage can''t be remedied. In order to prevent the usercode/password from being stolen, have already developed One-Time Password at present; Utilize password generator according to qualified algorithm operation, have unpredictable, unrepeatable, using one-time, and invalid of time expire. However, it is still risky that the mechanism of OTP faces various tricks of networking attacks, and it has asynchronization problem. Using social engineering methods to send fake e-mail and tricking user link to high similarity fake web interface to steal user login account, password and OTP code. Due to the OTP code of stolen doesn’t login legitimate interface and some OTP code of system is still valid at an interval time, the intentional personage use the password of stolen to login legitimate interface and spoof user''s identity. Therefore traditional OTP mechanism is completely ineffective. Quick Response Code (QR-Code) combines smart devices can read the contents quickly. This research paper proposes an interactive QR-code OTP system, combine OTP technology with QR-Code to be applies to identity authentication mechanism, to improve the shortcomings of traditional OTP mechanism. Via the experiments analysis, the interactive QR-code OTP system can defense various techniques of network attack certainly and promote systematic security.
Databáze: Networked Digital Library of Theses & Dissertations
Externí odkaz: