{"updated":"2025-01-19T18:49:31.641793+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00208529","sets":["6164:6165:6462:10428"]},"path":["10428"],"owner":"44499","recid":"208529","title":["推測攻撃対策を目的としたペア情報による個人認証の安全性評価：単語ペアと絵文字ペアの比較"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-10-19"},"_buckets":{"deposit":"e3d9c66a-77dc-4fdb-89ba-ad1f82b29903"},"_deposit":{"id":"208529","pid":{"type":"depid","value":"208529","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"推測攻撃対策を目的としたペア情報による個人認証の安全性評価：単語ペアと絵文字ペアの比較","author_link":["523423","523422","523420","523421"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"推測攻撃対策を目的としたペア情報による個人認証の安全性評価：単語ペアと絵文字ペアの比較"},{"subitem_title":"Security Evaluation of User Authentication with Pair-Based Credential against Guess Attack Using Words and Emojis","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"個人認証，推測攻撃，ペア情報，絵文字，利便性","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2020-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"電気通信大学"},{"subitem_text_value":"電気通信大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"The University of Electro-Communications","subitem_text_language":"en"},{"subitem_text_value":"The University of Electro-Communications","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/208529/files/IPSJCSS2020101.pdf","label":"IPSJCSS2020101.pdf"},"date":[{"dateType":"Available","dateValue":"2022-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2020101.pdf","filesize":[{"value":"2.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"5a61a012-55cb-41c2-abad-bdf01caf33ba","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"横山, 佳紀"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"高田, 哲司"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yoshiki, Yokoyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsuji, Takada","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"知識照合型個人認証には推測攻撃という脅威が存在する．推測攻撃は攻撃者が攻撃対象者の秘密情報を推測・類推することにより，考えうる秘密情報に順序をつけ，その順に試行することでなりすましを試みる攻撃方法である．推測攻撃は，ユーザが秘密情報作成時に記憶保持を優先した情報の選択により生まれる脆弱な秘密情報により可能になる．この問題を改善しうる個人認証として単語ペアを秘密情報とするAssociPassが提案されたが，容易に推測可能なペアや推測攻撃に利用可能な偏りの発生が課題とされていた．そこで本研究では，AssociPassにおける利便性を維持しつつ推測攻撃に対する安全性を向上させることを目的とし，秘密情報に絵文字を用いることを提案する．この提案による安全性の改善効果を検証するためプロトタイプシステムを実装し，実験参加者による評価実験を実施した．その結果，秘密情報の記憶保持については2週間の間隔をあけても記憶保持が可能であることが明らかになった．また推測攻撃に対する安全性について人間による推測攻撃実験を行った結果，単語による手法よりも絵文字による秘密の方が推測攻撃に対して安全である傾向が見られた．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"\"Guess attack\" is one of the threats to knowledge-based user authentication. An attacker attempts to spoof a victim by using guessed credentials, and the vulnerable situation actually exists because users tend to select a guessable credential for a better memory retention. \"AssociPass'' was proposed to prevent users from selecting vulnerable credential. However, AssociPass still has some issues that may become vulnerable to the attack. We, therefore, propose two improvements to address the remained issues. One is to use an Emoji-pair instead of word-pair, and the other is to put a limitation on the number of characters for making a credential. We implemented an updated AssociPass and conducted evaluation experiments with participants. As a result, we found that a memory retention of credential is possible even in two weeks interval, and we also showed a potential that the security of Emoji-pair credential is more secure than that of word-pair credential.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"733","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2020論文集"}],"bibliographicPageStart":"726","bibliographicIssueDates":{"bibliographicIssueDate":"2020-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:09:55.016378+00:00","id":208529,"links":{}}