作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2014, Vol. 40 ›› Issue (12): 114-120,125. doi: 10.3969/j.issn.1000-3428.2014.12.021

• 安全技术 • 上一篇    下一篇

口令重用行为与多维口令体系研究

杨城1,2,赵奇2,康立1,2   

  1. 1.中国支付体系研究中心,成都 611130; 2.西南财经大学经济信息工程学院,成都 611130
  • 收稿日期:2013-12-13 修回日期:2014-02-13 出版日期:2014-12-15 发布日期:2015-01-16
  • 作者简介:杨 城(1977-),男,副教授、博士,主研方向:复杂系统仿真,数据挖掘;赵 奇,本科生;康 立,副教授、博士。
  • 基金资助:
    国家自然科学基金资助重大项目(91218301);国家社会科学基金资助项目(11AZD077);中央高校基本科研业务费专项基金资助项目(JBK130503,JBK120505)。

Research on Password Reuse Behavior and Multidimensional Password System

YANG Cheng1,2,ZHAO Qi2,KANG Li1,2   

  1. 1.China’s Research Center for Payment System,Chengdu 611130,China;
    2.School of Economic Information Engineering, Southwestern University of Finance and Economics,Chengdu 611130,China
  • Received:2013-12-13 Revised:2014-02-13 Online:2014-12-15 Published:2015-01-16

摘要: 互联网的迅速发展与网络服务的高度分散,促使广大网民不断注册更多的账户,并导致口令重用行为普遍化,使得用户信息面临泄露的风险。为此,基于2011年底互联网泄密门数据和大学生在线调查数据,分析了网民口令的结构特征和重用行为,并由此设计融入信息维度和分级管理思想的多维口令体系。该体系以根口令-重用码结构为基础,内容维包含多个独立的信息因子,构成口令的可记忆性主体;形式维负责形式变换,以提升口令的复杂性和安全性;时空维用于保障口令的时效性和重用性。对比量化分析结果表明,该口令体系具备良好的记忆性和便捷性,能有效抵御暴力攻击和熟人攻击。

关键词: 口令安全, 口令重用, 根口令, 重用码, 多维口令体系

Abstract: The rapid development of the Internet and highly decentralized network services prompts the majority of Internet users to register more accounts,and causes a high incidence of password reuse,which makes the user information leakage risks facing the domino-style.Based on the data of Internet password leak door at the end of 2011 as well as the college students online survey,this paper analyzes the structural characteristics and reuse behavior of netizen passwords in detail,and thus designs a multidimensional password system which infuses into the information dimensions and classified management.This system,based on the structure of "seed - reuse code",includes three dimensions:the content dimension contains multi-independent "information factor",which constitutes the main part of the password,the formal dimension is responsible for conversion formatting,in order to enhance the complexity and security of the password,and space-time dimension is targeted designed to protect the password timeliness and reusability.Through comparative analysis and quantitative analysis,the password system not only has good memorability and convenience,but also can effectively resist the violent attacks and acquaintances attacks.

Key words: password security, password reuse, seed password, reuse code, multidimensional password system

中图分类号: