New Identity Management Scheme and its Formal Analysis
As the Internet technology has developed rapidly, the
number of identities (IDs) managed by each individual person has
increased and various ID management technologies have been
developed to assist users. However, most of these technologies are
vulnerable to the existing hacking methods such as phishing attacks
and key-logging. If the administrator-s password is exposed, an
attacker can access the entire contents of the stolen user-s data files in
other devices. To solve these problems, we propose here a new ID
management scheme based on a Single Password Protocol. The paper
presents the details of the new scheme as well as a formal analysis of
the method using BAN Logic.
[1] Simon Willison, "OpenID phishing demo", http://feeds.feedburner.com/
~r/PlanetIdentity/~3/299657206/
[2] J. Han, B. Lee, S. Hong, S. Kim, D. Won, and S. Kim, "Analysis on
Vulnerability of ID/PW Management Solution and Proposal of the
Evaluation Criteria", The Transactions of the KIPS (Korea Information
Processing Society), Vol.15-C/No.2, 2008, pp.125-132.
[3] Mohamed G. Gouda, Alex X. Liu, Lok M. Leung and Mohamed A. Alam,
"SPP: An anti-phishing single password protocol", Computer Networks,
2007, pp. 3715-3726.
[4] J. S. Lee, S. J. Kim and S. R. Choi, "System and Method for Breaking
Illegal Use for Movable Storage Device", WaterwallSystems Co., Ltd.,
Korea Patent 10-0688258-0000, 2007.
[5] P. B. Lim and J. S. Seong, "Method for Authentication of Subscriber
using the MAC Address", Samsung Electronics Co., Ltd., Korea Patent
10-0418398-0000, 2004.
[6] SKIn2000, "http://www.keylogger.biz"
[7] NetBus, "http://www.netbus.org/"
[8] Michael Burrows, Martín Abadi and Roger Needham, "A Logic of
Authentication", ACM Transactions on Computer Systems, 8(1), 1990,
pp.18-36.
[9] Changing volume-s serial number, "http://www.codeproject.com/KB/
system/change_drive_sn.aspx"
[1] Simon Willison, "OpenID phishing demo", http://feeds.feedburner.com/
~r/PlanetIdentity/~3/299657206/
[2] J. Han, B. Lee, S. Hong, S. Kim, D. Won, and S. Kim, "Analysis on
Vulnerability of ID/PW Management Solution and Proposal of the
Evaluation Criteria", The Transactions of the KIPS (Korea Information
Processing Society), Vol.15-C/No.2, 2008, pp.125-132.
[3] Mohamed G. Gouda, Alex X. Liu, Lok M. Leung and Mohamed A. Alam,
"SPP: An anti-phishing single password protocol", Computer Networks,
2007, pp. 3715-3726.
[4] J. S. Lee, S. J. Kim and S. R. Choi, "System and Method for Breaking
Illegal Use for Movable Storage Device", WaterwallSystems Co., Ltd.,
Korea Patent 10-0688258-0000, 2007.
[5] P. B. Lim and J. S. Seong, "Method for Authentication of Subscriber
using the MAC Address", Samsung Electronics Co., Ltd., Korea Patent
10-0418398-0000, 2004.
[6] SKIn2000, "http://www.keylogger.biz"
[7] NetBus, "http://www.netbus.org/"
[8] Michael Burrows, Martín Abadi and Roger Needham, "A Logic of
Authentication", ACM Transactions on Computer Systems, 8(1), 1990,
pp.18-36.
[9] Changing volume-s serial number, "http://www.codeproject.com/KB/
system/change_drive_sn.aspx"
@article{"International Journal of Information, Control and Computer Sciences:63413", author = "Jeonghoon Han and Hanjae Jeong and Dongho Won and Seungjoo Kim", title = "New Identity Management Scheme and its Formal Analysis", abstract = "As the Internet technology has developed rapidly, the
number of identities (IDs) managed by each individual person has
increased and various ID management technologies have been
developed to assist users. However, most of these technologies are
vulnerable to the existing hacking methods such as phishing attacks
and key-logging. If the administrator-s password is exposed, an
attacker can access the entire contents of the stolen user-s data files in
other devices. To solve these problems, we propose here a new ID
management scheme based on a Single Password Protocol. The paper
presents the details of the new scheme as well as a formal analysis of
the method using BAN Logic.", keywords = "Anti-phishing, BAN Logic, ID management.", volume = "3", number = "1", pages = "206-7", }