Infinite alphabet passwords-a unified model for a class of authentication systems

Marc Conrad; Marcia Gibson; Carsten Maple

doi:10.5220/0002986200940099

Infinite alphabet passwords-a unified model for a class of authentication systems

Marc Conrad
, Marcia Gibson
, Carsten Maple

Institute for Research in Applicable Computing (IRAC)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Downloads (Pure)

Abstract

In the paper we propose a formal model for class of authentication systems termed, “Infinite Alphabet Password Systems” (IAPs). We define such systems as those that use a character set for the construction of the authentication token that is theoretically infinite, only bound by practical implementation restrictions. We find that the IAP architecture can feasibly be adapted for use in many real world situations, and may be implemented using a number of system architectures and cryptographic protocols. A security analysis is conducted on an implementation of the model that utilizes images for its underlying alphabet. As a result of the analysis we find that IAPs can offer security benefits over traditional alphanumeric password schemes. In particular some of the significant problems concerning phishing, pharming, replay, dictionary and offline brute force attacks are mitigated.

Original language	English
Title of host publication	Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
Publisher	SciTePress
Pages	94-99
ISBN (Electronic)	978-989-8425-18-8
DOIs	https://doi.org/10.5220/0002986200940099
Publication status	Published - 5 Apr 2011
Event	2010 International Conference on Security and Cryptography (SECRYPT) - Athens Duration: 26 Jul 2010 → 28 Jul 2010 http://ieeexplore.ieee.org/xpl/conhome/5738446/proceeding

Conference

Conference	2010 International Conference on Security and Cryptography (SECRYPT)
City	Athens
Period	26/07/10 → 28/07/10
Other	2010 International Conference on Security and Cryptography (SECRYPT) (26/07/2010-28/07/2010, Athens)
Internet address	http://ieeexplore.ieee.org/xpl/conhome/5738446/proceeding

Keywords

Mathematics
Passwords
authentication
modelling

Access to Document

10.5220/0002986200940099

29862Accepted author manuscript, 1.11 MBLicence: CC BY-NC-ND

https://www.scitepress.org/Papers/2010/29862/index.html

Handle.net

Persistent link

Cite this

@inproceedings{b0be870f59de465b9f39108cf99c61c8,

title = "Infinite alphabet passwords-a unified model for a class of authentication systems",

abstract = "In the paper we propose a formal model for class of authentication systems termed, “Infinite Alphabet Password Systems” (IAPs). We define such systems as those that use a character set for the construction of the authentication token that is theoretically infinite, only bound by practical implementation restrictions. We find that the IAP architecture can feasibly be adapted for use in many real world situations, and may be implemented using a number of system architectures and cryptographic protocols. A security analysis is conducted on an implementation of the model that utilizes images for its underlying alphabet. As a result of the analysis we find that IAPs can offer security benefits over traditional alphanumeric password schemes. In particular some of the significant problems concerning phishing, pharming, replay, dictionary and offline brute force attacks are mitigated.",

keywords = "Mathematics, Passwords, authentication, modelling",

author = "Marc Conrad and Marcia Gibson and Carsten Maple",

year = "2011",

month = apr,

day = "5",

doi = "10.5220/0002986200940099",

language = "English",

pages = "94--99",

booktitle = "Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)",

publisher = "SciTePress",

note = "2010 International Conference on Security and Cryptography (SECRYPT) ; Conference date: 26-07-2010 Through 28-07-2010",

url = "http://ieeexplore.ieee.org/xpl/conhome/5738446/proceeding",

}

Conrad, M , Gibson, M & Maple, C 2011, Infinite alphabet passwords-a unified model for a class of authentication systems. in Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010). SciTePress, pp. 94-99, 2010 International Conference on Security and Cryptography (SECRYPT), Athens, 26/07/10. https://doi.org/10.5220/0002986200940099

Infinite alphabet passwords-a unified model for a class of authentication systems. / Conrad, Marc ; Gibson, Marcia; Maple, Carsten.
Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010). SciTePress, 2011. p. 94-99.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Infinite alphabet passwords-a unified model for a class of authentication systems

AU - Conrad, Marc

AU - Gibson, Marcia

AU - Maple, Carsten

PY - 2011/4/5

Y1 - 2011/4/5

N2 - In the paper we propose a formal model for class of authentication systems termed, “Infinite Alphabet Password Systems” (IAPs). We define such systems as those that use a character set for the construction of the authentication token that is theoretically infinite, only bound by practical implementation restrictions. We find that the IAP architecture can feasibly be adapted for use in many real world situations, and may be implemented using a number of system architectures and cryptographic protocols. A security analysis is conducted on an implementation of the model that utilizes images for its underlying alphabet. As a result of the analysis we find that IAPs can offer security benefits over traditional alphanumeric password schemes. In particular some of the significant problems concerning phishing, pharming, replay, dictionary and offline brute force attacks are mitigated.

AB - In the paper we propose a formal model for class of authentication systems termed, “Infinite Alphabet Password Systems” (IAPs). We define such systems as those that use a character set for the construction of the authentication token that is theoretically infinite, only bound by practical implementation restrictions. We find that the IAP architecture can feasibly be adapted for use in many real world situations, and may be implemented using a number of system architectures and cryptographic protocols. A security analysis is conducted on an implementation of the model that utilizes images for its underlying alphabet. As a result of the analysis we find that IAPs can offer security benefits over traditional alphanumeric password schemes. In particular some of the significant problems concerning phishing, pharming, replay, dictionary and offline brute force attacks are mitigated.

KW - Mathematics

KW - Passwords

KW - authentication

KW - modelling

U2 - 10.5220/0002986200940099

DO - 10.5220/0002986200940099

M3 - Conference contribution

SP - 94

EP - 99

BT - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)

PB - SciTePress

T2 - 2010 International Conference on Security and Cryptography (SECRYPT)

Y2 - 26 July 2010 through 28 July 2010

ER -

Infinite alphabet passwords-a unified model for a class of authentication systems

Abstract

Conference

Keywords

Access to Document

Handle.net

Fingerprint

Cite this