动态口令身份认证和报警系统

针对目前普遍使用的固定口令身份认证系统,给出了一种基于白噪声器件的动态口令身份认证系统。该系统中,动态口令是通过自噪声器件产生的随机序列经过特定的不可逆映射函数变换后得到的,这使得攻击者很难从已知的任何数量的口令中推断出下一个口令。此外,系统还提供了无线报警提示功能,可将用户的登录信息及时地发送给对应的合法用户,从而能够有效地防止非法用户的假冒攻击行为。     

具有主动报警功能的动态身份认证系统

针对目前普遍存在的身份认证密码易被破解的问题，本文提出一种基于物理噪声源的动态身份认证系统，该系统将编码后的随机密码通过无线通讯的方式传送给合法用户，这既使得攻击者不可能推断出下一口令，又解决了已有的一次一密认证系统给用户带来的麻烦和负担。此外，系统还提供了无线报警提示功能，可将用户的登录信息及时地发送送给对应的合法用户，从而能够有效地主动防止非法用户的假冒攻击行为。     

The effects of password length and reference profile size on the performance of a multivariate text-dependent typist verification system

The performance of Napier et al.'s typist verification algorithm (Keyboard user verification: toward an accurate, efficient, and ecologically valid algorithm, International Journal of Human-Computer Studies 43 (1995) 213-222) was assessed in a text-dependent setting. Twenty-nine subjects typed a 17 character password 50 times. False acceptance and false rejection rates were then calculated as the number of repetitions of the password included in the reference profile was increased from 6 to 20 and the number of digraphs from the password included in the verification process was increased from 2 to 16. The performance of the system (12% total error rate) was found to be comparable with the best results reported in other studies using text-dependent algorithms, and substantially better than that reported in studies using a text-independent paradigm with passwords of this length. The relationship between password length and reference profile size was found to conform to an exponential decay function, which accounted for 92% of the variability in verification error rates.     

On combining classifiers for speaker authentication

Speaker verification and utterance verification are examples of techniques that can be used for speaker authentication purposes.Speaker verification consists of accepting or rejecting the claimed identity of a speaker by processing samples of his/her voice. Usually, these systems are based on HMM models that try to represent the characteristics of the speakers’ vocal tracts.Utterance verification systems make use of a set of speaker-independent speech models to recognize a certain utterance. If the utterances consist of passwords, this can be used for identity verification purposes.Up to now, both techniques have been used separately. This paper is focused on the problem of how to combine these two sources of information. New architectures are presented to join an utterance verification system and a speaker verification system in order to improve the performance in a speaker verification task.     

A user authentication system using back-propagation network

Information security has been a critical issue in the field of information systems. One of the key factors in the security of a computer system is how to identify the authorization of users. Password-based user authentication is widely used to authenticate a legitimate user in the current system. In conventional password-based user authentication schemes, a system has to maintain a password table or verification table which stores the information of users IDs and passwords. Although the one-way hash functions and encryption algorithms are applied to prevent the passwords from being disclosed, the password table or verification table is still vulnerable. In order to solve this problem, in this paper, we apply the technique of back-propagation network instead of the functions of the password table and verification table. Our proposed scheme is useful in solving the security problems that occurred in systems using the password table and verification table. Furthermore, our scheme also allows each user to select a username and password of his/her choice.     

保护用户数量信息的安全虹膜识别方案

由于传统密码认证方式的不便,生物特征识别技术凭借其便捷、可靠、安全可溯源等特性脱颖而出。在不同的生物特征识别技术中,虹膜识别已被证明能提供较高的识别性能和稳定性,常被用于一些安全性要求较高的领域(如机密组织的认证管理等)。在这些领域中,合法用户数量信息往往也属于机密信息,是不能泄露的,近年来针对虹膜识别的攻击手段也越加先进,通过获得的数量信息可能推测出更多的其他信息,造成更大的安全隐患。但是现有的安全虹膜识别方案仅考虑满足可撤销性、不可逆性和不可连接性,未考虑保护用户数量信息。本文提出一种保护用户数量信息的安全虹膜识别方案,每个用户通过自身虹膜特征随机选择的结果及系统参数共同决定该用户的注册模板数量,攻击者难以根据服务器中存储的虹膜模板数量推测出合法用户数量。该方案能够有效地与现有的安全虹膜识别方案进行结合。理论分析结果表明,本文方案能够保护合法用户数量信息、保护新增用户数量信息、预防关联攻击、并且除了能够保持原始安全虹膜识别方案的可撤销性和不可连接性之外,还能进一步提升原始安全虹膜识别方案的不可逆性。实验结果表明,攻击者准确猜对合法用户数量信息的概率不足15%,且相对误差以及相对期望误差均超过10%,因此本文方案能有效保护用户数量信息,并且不会对原始安全虹膜识别方案的识别精度的影响造成较大影响,差异在0.55%之内。     

An iris biometric system for public and personal use

Much work in the emerging field of biometrics has focused on identification applications. Biometrics offers the means to identify individuals without requiring that they carry ID cards and badges or memorize passwords. A leading concern in the development of such applications, however, is how to avoid rejecting valid users or approving imposters. The iris of the eye may provide a solution by offering a much more discriminating biometric than fingerprint or face recognition. The authors have designed and implemented an iris biometric system for personal electronic identification. Further, their system solves problems associated with public use devices such as automated teller machines, where habituated use is not the norm. The system also addresses personal-use arenas, such as home banking, and other Internet and network applications, such as secure business logons. The article describes the public- and personal-use systems, as well as relating statistical analysis and field trials to gauge the effectiveness of their system     

Verification of computer users using keystroke dynamics

This paper presents techniques to verify the identity of computer users using the keystroke dynamics of computer user's login string as characteristic patterns using pattern recognition and neural network techniques. This work is a continuation of our previous work where only interkey times were used as features for identifying computer users. In this work we used the key hold times for classification and then compared the performance with the former interkey time-based technique. Then we use the combined interkey and hold times for the identification process. We applied several neural network and pattern recognition algorithms for verifying computer users as they type their password phrases. It was found that hold times are more effective than interkey times and the best identification performance was achieved by using both time measurements. An identification accuracy of 100% was achieved when the combined hold and intekey time-based approach were considered as features using the fuzzy ARTMAP, radial basis function networks (RBFN), and learning vector quantization (LVQ) neural network paradigms. Other neural network and classical pattern algorithms such as backpropagation with a sigmoid transfer function (BP, Sigm), hybrid sum-of-products (HSOP), sum-of-products (SOP), potential function and Bayes' rule algorithms gave moderate performance.     

Android手机安全登录系统

针对Android手机应用软件登录中存在的设计缺陷和漏洞,梳理并分析了目前手机登录系统技术和不足之处,采用多因子（账号、密码、验证码、登录位置、登录次数、人脸数据）方案,构建手机安全登录系统. 该登录系统由登录、注册、日志审计、微信提醒、找回密码等功能构成. 详细介绍了设计思想、技术路线、安全验证逻辑和日志审计功能,实现了用户身份识别和登录行为审计,为用户提供了一个安全性高、易用性强、成本低的解决方案.     

A remote password authentication scheme for multiserverarchitecture using neural networks

Conventional remote password authentication schemes allow a serviceable server to authenticate the legitimacy of a remote login user. However, these schemes are not used for multiserver architecture environments. We present a remote password authentication scheme for multiserver environments. The password authentication system is a pattern classification system based on an artificial neural network. In this scheme, the users only remember user identity and password numbers to log in to various servers. Users can freely choose their password. Furthermore, the system is not required to maintain a verification table and can withstand the replay attack.     

Impact of restrictive composition policy on user password choices

This study investigates the efficacy of using a restrictive password composition policy. The primary function of access controls is to restrict the use of information systems and other computer resources to authorised users only. Although more secure alternatives exist, password-based systems remain the predominant method of user authentication. Prior research shows that password security is often compromised by users who adopt inadequate password composition and management practices. One particularly under-researched area is whether restrictive password composition policies actually change user behaviours in significant ways. The results of this study show that a password composition policy reduces the similarity of passwords to dictionary words. However, in this case the regime did not reduce the use of meaningful information in passwords such as names and birth dates, nor did it reduce password recycling.     

动态字典破解用户口令与安全口令选择

口令认证一直是最主要的身份认证方式。考虑到口令要满足口令策略和易记忆的要求,用户常常会将个人信息组合起来作为口令。因此,为了调查此类口令的比例,以2011年泄露的四种真实口令集为实验素材,预先设定口令的组合结构和格式,使用程序统计使用个人信息组合作为口令的比例。实验结果表明,使用姓名、电话号码、特殊日期等信息组合而成的口令比例为12.41%~25.53%。根据这一规律,提出了动态字典攻击。攻击者可以在获得用户部分个人信息后,生成具有针对性的动态字词典,并以此来破解用户口令。最后,还讨论了如何选择口令以防止攻击者通过动态字典破解用户口令。     

An Enhanced Graphical Authentication Scheme Using Multiple-Image Steganography

Most remote systems require user authentication to access resources. Text-based passwords are still widely used as a standard method of user authentication. Although conventional text-based passwords are rather hard to remember, users often write their passwords down in order to compromise security. One of the most complex challenges users may face is posting sensitive data on external data centers that are accessible to others and do not be controlled directly by users. Graphical user authentication methods have recently been proposed to verify the user identity. However, the fundamental limitation of a graphical password is that it must have a colorful and rich image to provide an adequate password space to maintain security, and when the user clicks and inputs a password between two possible grids, the fault tolerance is adjusted to avoid this situation. This paper proposes an enhanced graphical authentication scheme, which comprises benefits over both recognition and recall-based graphical techniques besides image steganography. The combination of graphical authentication and steganography technologies reduces the amount of sensitive data shared between users and service providers and improves the security of user accounts. To evaluate the effectiveness of the proposed scheme, peak signal-to-noise ratio and mean squared error parameters have been used.     

一种基于智能卡的口令认证方案

给出了一个基于智能卡的远程访问口令认证方案，它能够对登录口令进行检验而不需要检索口令表。它利用了公钥密码系统的签名特性，其安全性依赖于离散对数问题和因数分解问题。特点是网络用户可以自由选择其口令，通过对口令增加时间戳还可抵抗重放攻击。     

一种基于超混沌系统的身份认证方案

混沌系统由于对初始条件的敏感依赖性而能产生数量众多、非相关、类随机而又确定可再生的混沌信号,而超混沌序列作为一种特殊的混沌序列,由于其更好的随机性和复杂性,更适合作为密钥序列。动态口令是较安全的网络身份认证机制,口令一次一变,无法预测和跟踪,难以窃取,能防止消息的重放攻击,从而保证了用户安全。基于超混沌系统的身份认证技术,采用＂一次一密＂的动态口令校验,把生成的混沌序列作为用户的身份标识序列,任何人伪造他人身份标识序列都是不可能的。     

基于支持向量机的计算机键盘用户身份验真

口令认证因为简便易实现而被大多数计算机系统所采用，但容易被盗用，存在着严重的安全隐患，而利用对用户的键入特性的识别，可以大大加强口令认证的可靠性，在对国内外众多学者所做工作研究的基础上，鉴于支持向量机在进行模式识别对所具有的优良性能，提出利用支持向量机进行键入特性验真，并通过实验将其与BP，RBF，PNN和LVQ四种神经网络模型进行比较，证实采用SVM进行键入特性验真的有效性，因而其具有广阔的应用前景。     

基于51单片机的智能语音密码锁设计

系统设计主要以AT89S52单片机为核心,利用单片机的串行通信原理,实现对其他硬件的精准控制,共同达到以语音密码解开电子锁。其中LD3320模块负责生物语音密码的识别验证,将生物特征(声音)作为一种输入信号,用程序将生物声音存于硬件内部,之后将获取的信号与存储的信号相比较,达到开关锁的功能。此外还有传统的矩阵键盘密码输入控制。两种方式错误都会有蜂鸣器报警。系统易操作,且稳定性高,可扩展性强,方便后期进一步开发。     

Construction of a secure two-factor user authentication system using fingerprint information and password

User authentication is highly necessary technology in a variety of services. Many researchers have proposed a two-factor authentication scheme using certificate and OTP, smartcard and password, and so on. Two-factor authentication requires an additional factor rather than one-factor authentication. Therefore, loss or exposure can occur, since users always must carry and manage the additional device or factor. For this reason, biometric authentication, used in many services, needs a verification method of the user without an additional factor. Fingerprinting is widely used in service due to excellent recognition, low cost device, and less user-hostile. However, fingerprint recognition always uses the same fingerprint template, due to the inalterability. This causes a problem of reusable fingerprint by a malicious attacker. Therefore, we proposed a secure two-factor user authentication system using fingerprint information and password to solve the existing two-factor problem. The proposed scheme is secure against reuse of a fingerprint. It does not need an extra device, so efficiency and accessibility are improved.     

Signature verification using global and grid features

In this work, algorithms for extracting global geometric and local grid features of signature images were developed. These features were combined to build a multi-scale verification function. This multi-scale verification function was evaluated using statistical procedures. Results indicated that the multi-scale verification function yielded a lower verification error rate and higher reliability than the single-scale verification function using either global geometric or local grid feature representation. The correct verification rate of the multi-scale system was more than 90% in rejecting skilled forgeries and was perfect in rejecting simple forgeries based on a limited database.     

区分性训练在声纹密码中的新应用

在声纹密码任务中由于数据稀疏的问题难以实现区分性训练,本文以一种表征距离度量的特征矢量为基础提出新的声纹密码区分性系统框架,对正反例样本的新特征矢量实现了基于最小分类错误准则的区分性训练,将声纹密码从确认问题转化为二类分类问题。在自由说话风格的60人数据集上,声纹密码区分性系统与混合高斯模型-通用背景模型(Gaussian mixture model-universal background model,GMM-UBM)系统融合后等错误率为4.48%,相对GMM-UBM,动态时间规划(Dynamic time warping,DTW)基线系统性能分别提升了17.95%和59.68%。