28 Research of password manager using pattern lock and user certificate 1170369 2017 2 28
Web Web Web Web i
Abstract Research of password manager using pattern lock and user certificate Takuya Mimoto In recent years, with the spread of web services, web service accounts managed by users are increasing. Password authentification is often used for web service authentification. Users are reusing a password on a lot of web services, because it is difficult to remember mutiple web service passwords. Therefore, users use a software called password manager for managing their multiple passwords. the password manager manages multiple password of the web service with a master password. However, if the master password is leaked, third parties can get user s passwords from the password manager. Therefore, the security of the master password is important. This research clarifies a problems of existing password manager and solves it. key words Password manager, Password, Web service, Pattern lock, User certificate, Key logger ii
1 1 2 3 2.1....................... 3 2.2...................... 4 2.2.1....................... 4 2.2.2............................ 4 2.2.3.......................... 5 2.3.............................. 6 3 8 3.1.................................. 9 3.2............................ 10 3.2.1............................. 10 3.2.2............................. 12 3.3.................................. 13 3.3.1....................... 13 3.3.2 Web............... 15 3.3.3............................. 16 4 17 4.1...................................... 17 4.2................................... 19 4.3................................... 19 4.4.................................. 20 iii
5 21 22 23 iv
1.1 Web (SNS)..................... 1 2.1......................... 3 2.2............................ 4 2.3................................ 5 2.4.............................. 6 2.5........................ 6 3.1................................. 9 3.2................................. 10 3.3............................... 11 3.4............................ 11 3.5....................... 11 3.6.......................... 12 3.7...................... 13 3.8............................ 14 3.9............................ 15 3.10................................. 16 4.1................................. 18 4.2................................. 18 4.3 Web.......................... 18 4.4 Web........................ 18 v
4.1................................... 19 4.2.............................. 19 4.3.................................... 20 vi
1 SNS(Social Networking Service) Web ( 1.1)[1] SNS Web 1.1 Web (SNS) Web ID [2] Web 1
Web Web [3] 2
2 2.1 Web 2.1 PC LastPass LastPass [4] Web URL Web URL 2.1 3
2.2 2.2 2.2.1 ID Web ( 2.2)[5] 2.2 2.2.2 ( 2.3)[6] 4
2.2 2.3 2.2.3 [7] 2.4 5
2.3 2.4 2.3 ( 2.5) Web 2.5 6
2.3 7
3 - - 3.1 8
3.1 3.1 3.1 Server User C ID V M Pass User S Name User Server Web S Pass User Server Web Salt ID H(x) x Salt (SHA256) 9
3.2 3.2 3.2.1 Android User ( 3.2)[8] User 12 4 4 [8] 3.2 ( 3.4) C V I). User C Server II). Server C ID V III). Server ID S V H(V) IV). H(V) 4 4 16 ( 3.3) V). User ( 3.4) 10
3.2 3.3 3.4 User Salt User C Salt ( 3.5) 3.5 11
3.2 3.2.2 User Server User ( 3.6) 3.6 User ID User User ( 3.7) User 12
3.3 3.7 3.3 Web User Web 3.3.1 User 3.8 I). User Server Server User ID V II). ID V C User III). User C Server Server C V H(V) H(V) 16 13
3.3 IV). Server III User V). User M Pass Server VI). Server M Pass User 3.8 14
3.3 3.3.2 Web User Web Web 3.10 I). User C Server Server C V H(V) H(V) 16 II). Server I User III). User M Pass Server IV). Server M Pass C ID User V). User S Name S Pass Server S Pass Web S Pass 3.9 15
3.3 3.3.3 User Web?? I). User C Server Server C V H(V) H(V) 16 II). Server I User III). Server M Pass C ID User IV). User S Name S Pass 3.10 16
4 4.1 JavaScript HTML Java Eclipse Mars.2 Release (4.5.2) Web 4.1 4.2 Web 4.3 Web 4.3 Web 4.4 Web URL 17
4.1 4.2 4.1 4.4 Web 4.3 Web 18
4.2 4.2 4.1 4.1 OS CPU OSX Yosemite 10.10.5 2.6 GHz Intel Core i5 Windows 8.1 2.6 GHz Intel Core i5 4.2 1 4.2 Web FireFox 51.0.1 Web Tomcat 7.0 KeyCastr 0.8.0 Click 2.8 1 4.3 4.3 19
4.4 4.3 4.4 ID 20
5 21
22
[1] ICT 2015 SNS http://ictr.co.jp/report/ 20150729000088-2.html 2017 2 11 [2] vol.113 pp49-52 2014 [3] http:// internet.watch.impress.co.jp/cda/event/2008/12/09/21794.html, 2017 2 20 [4] LastPass LastPass - Password Manager https://www.lastpass.com/ 2017 2 1 [5] https://www.ipa.go. jp/files/000040778.pdf 2017 2 2 [6] 21 1 2002 [7] vol.19 pp40-49 2015 [8] Vol.112 pp.273-278 2012 23