Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30174
New Identity Management Scheme and its Formal Analysis

Authors: Jeonghoon Han, Hanjae Jeong, Dongho Won, Seungjoo Kim

Abstract:

As the Internet technology has developed rapidly, the number of identities (IDs) managed by each individual person has increased and various ID management technologies have been developed to assist users. However, most of these technologies are vulnerable to the existing hacking methods such as phishing attacks and key-logging. If the administrator-s password is exposed, an attacker can access the entire contents of the stolen user-s data files in other devices. To solve these problems, we propose here a new ID management scheme based on a Single Password Protocol. The paper presents the details of the new scheme as well as a formal analysis of the method using BAN Logic.

Keywords: Anti-phishing, BAN Logic, ID management.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1082929

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1172

References:


[1] Simon Willison, "OpenID phishing demo", http://feeds.feedburner.com/ ~r/PlanetIdentity/~3/299657206/
[2] J. Han, B. Lee, S. Hong, S. Kim, D. Won, and S. Kim, "Analysis on Vulnerability of ID/PW Management Solution and Proposal of the Evaluation Criteria", The Transactions of the KIPS (Korea Information Processing Society), Vol.15-C/No.2, 2008, pp.125-132.
[3] Mohamed G. Gouda, Alex X. Liu, Lok M. Leung and Mohamed A. Alam, "SPP: An anti-phishing single password protocol", Computer Networks, 2007, pp. 3715-3726.
[4] J. S. Lee, S. J. Kim and S. R. Choi, "System and Method for Breaking Illegal Use for Movable Storage Device", WaterwallSystems Co., Ltd., Korea Patent 10-0688258-0000, 2007.
[5] P. B. Lim and J. S. Seong, "Method for Authentication of Subscriber using the MAC Address", Samsung Electronics Co., Ltd., Korea Patent 10-0418398-0000, 2004.
[6] SKIn2000, "http://www.keylogger.biz"
[7] NetBus, "http://www.netbus.org/"
[8] Michael Burrows, Martín Abadi and Roger Needham, "A Logic of Authentication", ACM Transactions on Computer Systems, 8(1), 1990, pp.18-36.
[9] Changing volume-s serial number, "http://www.codeproject.com/KB/ system/change_drive_sn.aspx"