New Identity Management Scheme and its Formal Analysis

As the Internet technology has developed rapidly, the number of identities (IDs) managed by each individual person has increased and various ID management technologies have been developed to assist users. However, most of these technologies are vulnerable to the existing hacking methods such as phishing attacks and key-logging. If the administrator-s password is exposed, an attacker can access the entire contents of the stolen user-s data files in other devices. To solve these problems, we propose here a new ID management scheme based on a Single Password Protocol. The paper presents the details of the new scheme as well as a formal analysis of the method using BAN Logic.

Authors:

• Jeonghoon Han
• Hanjae Jeong
• Dongho Won
• Seungjoo Kim

Keywords:

• Anti-phishing
• BAN Logic
• ID management.

References:

[1] Simon Willison, "OpenID phishing demo", http://feeds.feedburner.com/
~r/PlanetIdentity/~3/299657206/
[2] J. Han, B. Lee, S. Hong, S. Kim, D. Won, and S. Kim, "Analysis on
Vulnerability of ID/PW Management Solution and Proposal of the
Evaluation Criteria", The Transactions of the KIPS (Korea Information
Processing Society), Vol.15-C/No.2, 2008, pp.125-132.
[3] Mohamed G. Gouda, Alex X. Liu, Lok M. Leung and Mohamed A. Alam,
"SPP: An anti-phishing single password protocol", Computer Networks,
2007, pp. 3715-3726.
[4] J. S. Lee, S. J. Kim and S. R. Choi, "System and Method for Breaking
Illegal Use for Movable Storage Device", WaterwallSystems Co., Ltd.,
Korea Patent 10-0688258-0000, 2007.
[5] P. B. Lim and J. S. Seong, "Method for Authentication of Subscriber
using the MAC Address", Samsung Electronics Co., Ltd., Korea Patent
10-0418398-0000, 2004.
[6] SKIn2000, "http://www.keylogger.biz"
[7] NetBus, "http://www.netbus.org/"
[8] Michael Burrows, Martín Abadi and Roger Needham, "A Logic of
Authentication", ACM Transactions on Computer Systems, 8(1), 1990,
pp.18-36.
[9] Changing volume-s serial number, "http://www.codeproject.com/KB/
system/change_drive_sn.aspx"