雷欽隆Lei, Chin-Laung臺灣大學:資訊網路與多媒體研究所范姜俊勛FanChiang, Chun-HsunChun-HsunFanChiang2010-05-052018-07-052010-05-052018-07-052008U0001-2407200809461200http://ntur.lib.ntu.edu.tw//handle/246246/180610近年來，許多圖形密碼機制被提出用來克服文字密碼的缺點。然而，先前的一些研究對於圖形密碼的分類並不一致。因此我們根據使用者輸入的動作來對這些圖形密碼作分類，其中包括點選與繪畫。這篇論文提出了一個新概念，藉由把原本空白的背景設置為地圖的方式，來結合以上兩種圖形密碼機制。所以，為了驗証使用地圖的優勢，我們將蒐集來的幾份圖片分成兩組，一組只含有地圖，另一組則為非地圖類別。實驗結果顯示，使用地圖類別所產生的大多數密碼都能有效抵抗現存的圖形字典攻擊。另外，地圖類別使用者比非地圖類別使用者在登入時耗費更少的時間並且擁有更高的成功率。由此可知，我們所提出的機制的確比先前的機制更有效地提升安全性以及可用性。In recent years, several graphical password schemes are proposed to overcome the drawbacks of text-based passwords. However, the classification of these schemes is not consistent in prior studies. Thus, we classify the existing schemes according to the events of input passwords, clicking and drawing. This thesis also provides a concept of combining the two types of graphical password schemes. We adopt maps as background pictures and conduct a user study to verify the superiority of using maps. We collected several images that are divided into two groups which contain maps and non-maps respectively. The results show that most passwords produced by maps are able to resist the present graphical dictionary attacks. Furthermore, the participants spent less time and had higher success rate to login when using maps. Based on the facts mentioned above, our scheme offers stronger security and better usability than those of the prior scheme indeed.Chapter 1 Introduction 1.1 Research Background 1.2 Thesis Contribution 2.3 Thesis Organization 4hapter 2 Related Work 5.1 History 5.2 Classification of Graphical Password Schemes 6.2.1 Draw-Based Schemes 6.2.2 Click-Based Schemes 10hapter 3 Design and Analysis of Pass-Maps 15.1 Motivation 15.2 Review of DAS 17.2.1 DAS Encoding 17.2.2 Password Space of DAS 18.2.3 Prior Studies of DAS 21.3 Design of Pass-Maps 27.3.1 Adding a Background 27.3.2 Adjustable Size of Grids 28.3.3 System Description 28.3.4 Encoding 30.4 Shoulder-Surfing Prevention 31hapter 4 Methodology 32.1 Objective 32.2 Experiment Design 32.3 Participants 33.4 Procedure 33hapter 5 User Study Analysis 34.1 Security Analysis 34.1.1 Results of Password Length 34.1.2 Probability of Symmetry 36.1.3 Trend of Selecting Grid Dimension 38.1.4 Similarity of User Input 38.2 Usability Analysis 40.2.1 Time to Login 40.2.2 Ultra Success Rate 41hapter 6 Conclusions 42hapter 7 Future Work 43application/pdf1949484 bytesapplication/pdfen-US圖形密碼字典攻擊安全性可用性graphical passworddictionary attacksecurityusabilitythesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/180610/1/ntu-97-R95944031-1.pdf