首页|期刊简介|投稿指南|分类索引|刊文选读|订阅指南|资料|样刊邮寄查询|常见问题解答|联系我们
张艺,咸鹤群. 基于中文句法的口令助记策略[J]. 科学技术与工程, 2019, 19(35): 253-258.
张艺.Chinese Sentence-based Password Mnemonic Strategy[J].Science Technology and Engineering,2019,19(35):253-258.
基于中文句法的口令助记策略
Chinese Sentence-based Password Mnemonic Strategy
投稿时间:2019-05-28  修订日期:2019-07-29
DOI:
中文关键词:  助记策略 口令安全 口令生成 口令强度评估
英文关键词:mnemonic strategy password security password generation password strength assessment
基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目),山东省自然科学基金
     
作者单位
张艺 青岛大学计算机科学技术学院
咸鹤群 青岛大学计算机科学技术学院
摘要点击次数: 102
全文下载次数: 28
中文摘要:
      助记策略用于帮助用户生成安全性较高且易于记忆的口令,近年来受到国内外学者的广泛关注。现有助记策略多存在低安全性、不便记忆等问题。提出一种基于中文句法的口令助记策略,用户选择一个易于记忆的句子作助记句,利用预定义规则或基于用户的选择,将其转换为口令,通过对照实验评估了其性能。采用马尔可夫链模型等性能评估工具,将实验中收集的口令与大量真实口令进行对比、分析,评估该助记策略的安全性和易用性。在易用性方面,NASA-TLX量表结果显示,虽然使用助记策略在生成口令阶段的负荷量偏高,但在短期可记忆性和长期可记忆性方面,是否使用助记策略没有明显的差别。此外,在安全性方面,所有口令强度评估结果均表明,该助记策略生成的口令强度远高于真实口令。在将助记句转化为口令的同时,本策略隐藏了个人敏感信息,降低了因个人信息泄露而导致口令泄露的风险,提高了方案的安全性。
英文摘要:
      Mnemonic strategy is used to help users to generate secure and memorable passwords; this topic has attracted extensive interests from worldwide researchers in recent years. Most of the existing mnemonic strategies have some problems such as low security and inconvenient memory. This paper presents a Chinese sentence-based password mnemonic strategy, the user selects a memorable sentence as a mnemonic sentence, and then converts it into a password based on predefined rules or the user's choice, and we evaluate its performance by a control experiment. To evaluate the security and usability of the mnemonic strategy, we use performance assessment tools such as the Markov chain model, to compare the generated passwords with a large number of real-world passwords. In terms of usability, NASA-TLX shows that although the workloads required in our mnemonic strategy are higher than those from non-strategy in password generation phase, whether to use mnemonic strategies has no significant difference in short-term memory and long-term memory. In addition, in terms of security, all password strength assessment tools show that the passwords generated by our mnemonic strategy are stronger than the real-world passwords. While converting the mnemonic sentence into a password, this strategy hides personal sensitive information, so it reduces the risk of password leakage due to personal information leakage, and improves the security of the strategy.
查看全文  查看/发表评论  下载PDF阅读器
关闭
你是第27543705位访问者
版权所有:科学技术与工程编辑部
主管:中国科学技术协会    主办:中国技术经济学会
Tel:(010)62118920 E-mail:stae@vip.163.com
京ICP备05035734号-4
技术支持:本系统由北京勤云科技发展有限公司设计

京公网安备 11010802029091号