Title :
Differentiated Virtual Passwords, Secret Little Functions, and Codebooks for Protecting Users From Password Theft
Author :
Yang Xiao ; Chung-Chih Li ; Ming Lei ; Vrbsky, Susan V.
Author_Institution :
Dept. of Comput. Sci., Univ. of Alabama, Tuscaloosa, AL, USA
Abstract :
In this paper, we discuss how to prevent users´ passwords from being stolen by adversaries in online environments and automated teller machines. We propose differentiated virtual password mechanisms in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security, where a virtual password requires a small amount of human computing to secure users´ passwords. The tradeoff is that the stronger the scheme, the more complex the scheme may be. Among the schemes, we have a default method (i.e., traditional password scheme), system recommended functions, user-specified functions, user-specified programs, and so on. A function/program is used to implement the virtual password concept with a tradeoff of security for complexity requiring a small amount of human computing. We further propose several functions to serve as system recommended functions and provide a security analysis. For user-specified functions, we adopt secret little functions in which security is enhanced by hiding secret functions/algorithms.
Keywords :
security of data; automated teller machines; codebooks; differentiated virtual password mechanism; online environments; password theft protection; secret algorithms; secret little functions; security analysis; strong security; user passwords; user-specified functions; virtual password scheme; weak security; Authentication; Electronic mail; Encryption; Humans; Optimized production technology; Servers; Codebooks; differentiated virtual passwords; key logger; phishing; secret little functions; shoulder-surfing;
Journal_Title :
Systems Journal, IEEE
DOI :
10.1109/JSYST.2012.2183755
