学術情報処理研究 No.19 2015 pp.40-49 How to reinforce password authentications Mitsuru Tada Institute of Media and Information Technologies, Chiba University 263-8522 1-33 Yayoicho 1-33, Inage, Chiba 263-8522, Japan Web ( ) ( ) ( ) ID& 2 2014 [11] ID 3 2 ( ) : 3 2 E-mail: m.tada@faculty.chiba-u.jp - 40 -
1 Web ( ) ( ) *1 ( ) ID ( ) 123456 password ( ) ID ID ( ) ID ID ( 123456 ) ID 1 ( ) *1 ( ) *2 ( ) (OTP) [9] OTP [3] PassLogic [8] [5] [7] ( ) OTP [4] OTP [10] (ipad, iphone, Android phone) [11] ID& ( 1) ( 2) [11] URL [2] 3 ( ) ( ) *2 VPN - 41 -
2 (OTP) [6] OTP 1 2 ( *3 ) *4 ( *5 ) ( )2 2 1 3 4 5 6 1 [3, 4, 5, 7, 9] OTP 2.1 ( 3 ) 3 *3 *4 2 / *5 2.2 ( 4 ) 1-42 -
( ) Web Web (S) ( ) (A) (M) 5 C M VPN 4 2.3 / OTP OTP OTP 1 OTP 3 3 3.1 3.2 ( ) 3.1 (U) (C) 3 (PC ) (U P ) ( ) *6 (U M ) *6 5 M C S 1 1 1 * 7 S (1) C U M U M ( ) C S (2) U P 4 3.2 A U P U M *7 [1] [1] 1 5.4-43 -
ID *8 ( ) ( )U M (M) (C) (U M ) U M sysid ID Pass C * 10 4 U S( A) S 6 4.1 Pass ID(mID) (M) M uid S ID mid ID sst period / sst open closed 2 period sst = open (C) C sn mid ID sysid ID ust hcpw ( ) key (Pass) / ust (halfway) (active) *9 key *8 ID ID *9 halfway, active 6 ( 4.1 4.2 ) ( 4.3 ) ( 4.4 ) 4.1 ( 1) U S S (R1) U S (R2) S ID(sysID) C (R3) C mid ID(sysID) * 11 σ (Pass = (mid, sysid, σ)) key Pass E(Pass) * 12 ust halfway *10 MAC(Message Authentication Code) *11 C - 44 -
C sn mid, key, ust (R4) C sn, mid E(Pass) S (R5) S M uid, mid sst closed period S sn, E(Pass) U 7 8 ( 2) 4.3 / U M (C1) U M Pass 4.2 ( 2) 7 ( 1) sn, E(Pass) U(U P ) U M S QR U sn, E(Pass) U M ( ) (R6) U (cpw) U M (R7) U M sn, cpw, E(Pass) C (R8) C sn ust halfway key E(Pass) Pass Pass h hcpw h(cpw) ust active * 13 (R9) C Pass U M (R10) U M Pass * 14 8 *12 C Pass 4.2 C Pass key Vernam *13 ust = active Pass *14 MAC UUID, IMEI, (C2) U ID(sysID) op {open, close} cpw U M Pass C (C3) C Pass mid Pass cpw (C4) M mid op (C5) M op = open t period = t * 15 period = sst, period period C (C6) C period U M 9 9 4.4 6 ( ) *15-45 -
(A1) U U P S ID(uID) (pw) S (A2) S uid M (A3) M uid sst period period sst(= open closed) closed S uid * 16 period = closed S (A4) S M open (uid, pw) A (A5) A (uid, pw) yes no S (A6) S yes U P Web Cookie Cookie (A6) S M (closeshutter) 10 10 5.1 ID 2 ( 2.1 ) ( 2.2 ) OTP ( 2.3 ) (OTP) OTP PC ID& U M Pass Pass U M U M (open/close) 11 5 3 4 *16 uid M 2 1 A 1 A 4.1 11 U M - 46 -
( ) (i) a b & (ii) c 2 1 2 2 a 2 1 3 2 (iii) (iv) (iii) (v) (iii) d (vi) (iii) e (vii) (iii) f 1 cpw 8 12 E(Pass) QR 5.2 ( ) (OTP) OTP ( ) ( ID ( ) 3 ) ( 2.1 ) ( 2.2 ) ( 2.3 ) (i) (ii) (iii) ( ) (iv) (iii) (v) (iii) (vi) (iii) * 17*18 *17 (iii) (vii) (iii) 1 1 a. ( ) ( ) b. ( ) ID ( ) OTP ( ) (iv) c. 2 3 U M ( ) d. OTP OTP *18 (iii) - 47 -
e. (iii) 18 (iii) (cpw) (iii) f. ( ) 5.3 S A 6 10 Web S uid M sst A auth (auth = yes) (sst = open) M A 5.4 1 12 ( / ) 12 6 3-2 1 10 (cpw) / U M / M, C - 48 -
1 JSPS 15K00181 [10] Shibboleth( ) http://i.sios.com/news/press /20141022-otp.html [11] Authentication shutter: (CSS)2014, 3C1-3, 2014. [1] 1-day 2015 (SCIS2015), 2C1-1, 2015. [2] 2012 (SCIS2012), 1E2-5, 2012. [3] IT ID http://www.itc.kansai-u.ac.jp/start /idpw.html [4] ITC keio.jp http://www.itc.keio.ac.jp/ja /keiojp otp.html [5] ( ) http://www.kobegakuin.ac.jp/facility /ipc/system-lst.html [6] L. Lamport: Password authentication with insecure communication, Communications of the ACM, vol.24, no.11, pp.770-772, 1981. [7] (Can@home) http://office.nanzan-u.ac.jp/can /can usage.html [8] http://www.passlogy.com/introduction /02-2 [9] http://www.cc.saga-u.ac.jp/plan /webnews.php?num=365-49 -