Background technology
Along with the widespread use of computing machine and communication network, when bringing great convenience, also brought many problem demanding prompt solutions for people's live and work, wherein the security of numerical information is exactly distinct issues.For the numerical information that guarantees oneself is not seen by others, people often are provided with password for these information with to the operation that these information are carried out, in general, has only the people who knows password by normal legitimate channels, even just can check and revise these numerical information.
Yet along with the development of technology, always some people removes to learn this not password of one's own numerical information by every means for some purpose, thereby obtains the unwarranted visit to numerical information.Wherein, most typical attack method is exactly a dictionary attack, promptly obtains the password of numerical information by means such as exhaustive.
In order to tackle this attack, information security company and expert give users' suggestion be to use one can not too short password, and avoid using word in the user name, avoid using a significant word to do the password that password or the like is easily guessed by the dictionary mode.A lot of systems itself require very strict to password, the long enough that must get of password at first, and as at least 8 bytes, the user registers and the program of change password word must adopt force users the password length of requirement.Secondly, the password checking instrument of off-line, with the weak passwurd mark, the force users time limit is made amendment, and these all are the anti-attack strengths that is used for strengthening user password.
The characteristics of dictionary attack are to carry out the trial of thousands of different password combination in the short period of time, therefore, can push up for the moment though password intensity increases, and keep out not living long dictionary attack.
At the characteristics of dictionary attack, a typical countermeasure considering dictionary attack in the prior art is locking computing machine or single-chip microcomputer, a chip etc., and this just requires to carry out a trial state that keeps previous failure, just locks computing machine after reaching certain number of times.Some is the computing machine that locks a little while under fire, then, continues normally operation.Yet the assailant often can determine latency time period at an easy rate, and carries out with the attack rate of maximum in the past in latency time period again, up to next timeslice.Some locking can only be by restarting releasing.
But in any case, current be implemented in successfully authenticate or restart after the policing parameters such as the frequency of failure that just resetted, like this, the assailant mistake repeatedly after (do not reach locking number of times before) only carry out an effective Authorized operation, perhaps failure repeatedly locked after, only need restart computing machine, just can proceed the dictionary attack of more number of times, thereby can attack, until final success attack always.
Summary of the invention
The object of the present invention is to provide a kind of method of avoiding dictionary attack, defective at dictionary attack countermeasure in the prior art, by adopting, make the owner of computing machine or numerical information suffer dictionary attack than recognizing of morning, in time take measures, make the assailant be difficult to determine the stand-by period.
For reaching above purpose, the technical solution used in the present invention is:
A kind of method of avoiding dictionary attack, it may further comprise the steps:
A), in computer installation one nonvolatile storage, be used to preserve failure and authorize the count value of attempting, locking time value and lock flag;
B), described computing machine provides a timer to be used for timing locking time;
C), the threshold value that number of times is authorized in failure is set, if authorization failure is arranged, failure authorizes the count value of attempting just to add 1, is added to when surpassing described threshold value or the owner when carrying out dictionary attack strategy reset operation, the count value zero clearing of described failure mandate number of times always;
D), when the count value of authorize attempting in failure surpasses threshold value, described computing machine is locked, only responds startup, self check, dictionary attack strategy reset request in lock-up cycle;
E), after the lock-up cycle of described computing machine finishes, described locking time, value doubled;
F), the owner can carry out dictionary attack strategy reset operation reset count value that failure authorize to attempt and locking time value, remove current locking; And when in lock-up cycle, carrying out this operation,, do not allow any trial that unlocks if, then restart lock-up cycle for the authorization failure of this operation.
Described method wherein, also comprises:
G) if computing machine is restarted, after starting, restart this lock-up cycle so in lock-up cycle, and count value, the locking time value of trial is authorized in the reboot operation failure that do not reset.
Described method, wherein, the dictionary attack strategy reset operation of described step c) also comprises:
C1), watch the state that allows the reset operation sign, if, then withdraw from for not allowing; Otherwise, continue;
C2), verify whether the owner has authorized this operation, comprises the correctness of verifying password;
C3) if the owner has authorized this operation, then: the zero clearing fail count lock-up cycle time value is reset to initial value, and lock flag is set to FALSE; If the owner does not authorize this operation, then allow the reset operation sign to be set to not allow, forbid any behavior of attempting to carry out this operation in this start-up period, and restart lock-up cycle.
Described method wherein, also is provided with a plurality of non-volatile area, after a regional reading-writing life-span reaches, authorizes count value, the locking information attempted to deposit another available nonvolatile storage in failure.
Described method, wherein, described step d) also comprises:
For other requests, whether the inquiry lock-up cycle finishes, then response after the end.
Described method wherein, also comprises: provide prompting when described computer locking is begun, remind that the owner is current may to suffer dictionary attack.
Described method, wherein, described nonvolatile storage is flash or EEPROM.
Described method, wherein, described timer is realized by hardware or software.
Described method, wherein, described timer is a monotone counter.
A kind of method of avoiding dictionary attack provided by the present invention is by being recorded in fail count, locking information etc. in the nonvolatile storage, in order to prevent that the assailant is by restarting the attempt that the own failure in the past of computing machine concealment is attempted; Fail count adds up always, proceeds the attempt of more attacks after the password that has stoped the assailant to utilize oneself to know is carried out and effectively authorized; And after each locking finishes, lock-up cycle is doubled, the assailant can't be determined when to continue again to begin to attack.
Embodiment
For making purpose of the present invention, technical scheme and effect clearer, the present invention is done further detailed explanation again below in conjunction with drawings and Examples.
The method of avoiding dictionary attack of the present invention, it may further comprise the steps:
One nonvolatile storage is set a), on computers,, is used to preserve failure and authorizes the count value of attempting, locking time value and lock flag etc. as flash or EEPROM.
B), provide a timer in the described computer system, can be hardware or software, be used for timing locking time.
C), the owner of described COMPUTER CALCULATION machine or numerical information can be provided with the frequency threshold value that failure is authorized;
D) if authorization failure is arranged, the count value that described failure mandate is attempted just adds 1.Add up always, when the count value of authorize attempting in failure surpasses threshold value or the owner when carrying out dictionary attack strategy reset operation, just zero clearing of the count value that described failure mandate is attempted.
E), when the failure count value of authorize attempting surpasses threshold value, computing machine is locked, can only respond requests such as startup, self check, dictionary attack strategy reset in lock-up cycle.For other requests, whether the inquiry lock-up cycle finishes, and could respond after the end.When beginning locking can provide prompting, reminds that the owner is current may to suffer dictionary attack, thereby the owner can take change password, and modes such as envelope assailant IP are to prevent trouble before it happens.
F), after lock-up cycle finishes, value locking time next time doubles.
G) if computing machine is restarted, after starting, restart this lock-up cycle so in lock-up cycle.Reboot operation count value that failure authorize to attempt, the locking time value that do not reset.
H), the owner of computing machine can carry out dictionary attack strategy reset operation reset failure authorize the count value of attempting and locking time value, remove current locking.If in lock-up cycle, carry out this operation, and, then restart lock-up cycle, and do not allow any trial that unlocks for the authorization failure of this operation.
The step of described dictionary attack strategy reset operation is:
1. watch the state that allows the reset operation sign, if, then withdraw from for not allowing; Otherwise, continue.
2. the checking owner has authorized this operation.The correctness that comprises checking password etc.
3. if the owner has authorized this operation, then:
A) zero clearing fail count
B) the lock-up cycle time value is reset to basic initial value
C) lock flag is set to FALSE
4. if the owner does not authorize this operation, then:
A) allow the reset operation sign to be set to not allow, forbid any behavior of attempting to carry out this operation in this start-up period.
B) restart lock-up cycle.
For making the present invention have better effect, can be based on the trial of each object tracing failure, and preserve locking information.If an inefficacy threshold values reaches, computing machine will make request lose efficacy, and timer is set.When the timer timing finishes, the computing machine threshold values that will reset, and continue normal act of authentication to that object.Nonvolatile storage all has reading-writing life-span, in order to guarantee normally long-play of this strategy, a plurality of non-volatile area can be provided, after a regional reading-writing life-span reaches, authorize count value, the locking information attempted to deposit another available nonvolatile storage in failure.
In the specific embodiment below, in order to narrate conveniently, to represent to fail with Cf and authorize the count value (16), the T1 that attempt to represent that lock-up cycle time (8), F1 represent that lock flag (8), Ct represent to fail and authorize the count threshold (16), the T that attempt to represent timer value.Be a specific embodiment of the present invention below.
A), on computers being provided with 32 sizes are provided is 32 flash zone, and each zone is preserved failure and authorized and are worth count value Cf, the locking time of attempting T1 and lock flag F1.
B), with a monotone counter as timer, timing locking time.When lock-up cycle begins, read described monotone counter value M1 as the timing start time, when new request is arranged, read the value M2 of current monotone counter, T=(M2-M1) * Rm, wherein Rm refers to the time between counting twice, if T is greater than T1, then respond this request, otherwise do not respond.Below we are example with the monotone counter that increased once in per 5 seconds.
C), the initial value of dictionary attack policing parameter is set.The threshold value Ct=16 that failure is authorized; Cf=0xFF; T1=6 is exactly to be 30 seconds in the initial lock cycle in fact; F1=0xOO, i.e. FALSE.
D) if authorization failure is arranged, Cf sends out and moves to left 1, i.e. failure authorizes the count value of attempting to add 1.
E), when the failure count value of authorize attempting surpasses threshold value (Cf==0xOO), if should arrive reading-writing life-span in the zone, interchangeable another Free Region, otherwise, still use this zone.F1=TRUE is set with computer locking, reads monotone counter value M1 as the timing start time.In lock-up cycle, can only respond startup, self check, dictionary attack strategy request such as reset.When having other requests to arrive, read the value M2 of current monotone counter, T=(M2-M1) * 5 is if T greater than T1, then responds this request, otherwise do not respond.
F), at every turn after lock-up cycle finishes, be worth T1 locking time and double, T1=2 * T1.F1=FALSE。
G) if this computing machine is restarted, after starting, read current monotone counter value so in lock-up cycle, restart this lock-up cycle as the timing starting value.
H), the owner of described computing machine can carry out the failure that resets of dictionary attack strategy reset operation and authorize the count value Cf that attempts and be worth T1 locking time, removes current locking.If in lock-up cycle, carry out this operation, and authority checking failure for this operation, the value that then reads current monotone counter is as lock-up cycle timing starting value, restart lock-up cycle, and the FALSE that is masked as that allows to carry out this operation is set, does not allow any trial that unlocks.
For the above embodiment of the present invention, after first 16 times failures, computer locking 30 seconds; Lock-up cycle is 60 seconds afterwards, and the fail count zero clearing will lock 60 seconds 16 times if fail again; With this recursion.Restarting computing machine does not influence fail count, can restart the lock-up cycle timing.The owner can carve in due course and carry out dictionary attack strategy reset operation zero clearing fail count, reset locking periodic quantity, failure threshold value, lock flag etc.
, be the time shaft synoptic diagram that provides on the parameter basis of embodiment setting in front specifically, provided six kinds of situations respectively as Fig. 1~shown in Figure 6.In every kind of situation, transverse axis is represented the time; Cross star is represented once authorization failure and is counted fail counter below the transverse axis, and following numeral has provided and has been which time failure; Perpendicular arrow above the transverse axis is an incident, and the literal above the arrow has provided the time explanation, and the horizontal arrow of folder is represented lock-up cycle between two vertical lines, and middle literal has provided locking time.
These six kinds of situations have all illustrated except owner's mandate of reset operation, any correct mandate can the zero clearing fail count, as the proper authorization after 5,9 in six kinds of situations, reboot operation can the zero clearing fail count yet, as restarting after 5 in six kinds of situations.
As shown in Figure 1, illustrate to count down to 16 failures, lock 30 seconds, do not run in the lock-up cycle and operation such as restart, reset, after lock-up cycle finished, counting if count 16 failures again, then locked 60 seconds again since 1, and the rest may be inferred.
As shown in Figure 2, illustrate to count down to 16 failures, lock 30 seconds, but run into reboot operation in the lock-up cycle, after restarting, lock 30 seconds again.After lock-up cycle finished, counting if count 16 failures again, then locked 60 seconds again since 1, and the rest may be inferred.
As shown in Figure 3, illustrate to count down to 16 failures, lock 30 seconds, but run into owner's reset operation in the lock-up cycle, and this operating experience card is that the owner authorizes really, then unlock.Counting if count 16 failures again, still locks 30 seconds again since 1, and the rest may be inferred.
As shown in Figure 4, illustrate to count down to 16 failures, lock 30 seconds, but run into owner's reset operation in the lock-up cycle, and this operating experience card then locks 30 seconds again without owner's mandate.If, can not carry out reset operation again without restarting.After lock-up cycle finished, counting if count 16 failures again, then locked 60 seconds again since 1, and the rest may be inferred.
As shown in Figure 5, when fail count is described not to 16 times, run into owner's reset operation, and this operating experience card is that the owner authorizes really, then counting if count 16 failures again, still locks 30 seconds again since 1.After lock-up cycle finished, counting if count 16 failures again, then locked 60 seconds again since 1, and the rest may be inferred.
As shown in Figure 6, when fail count is described not to 16 times, run into owner's reset operation, and this operating experience card authorizes without the owner, then fail count adds 1, if count 16 failures, then locks 30 seconds.After lock-up cycle finished, counting if count 16 failures again, then locked 60 seconds again since 1, and the rest may be inferred.
The method of avoiding dictionary attack of the present invention, can be used for each secure operating environment, by fail count, locking information etc. is recorded in the nonvolatile storage, in order to prevent that the assailant is by restarting the attempt that the own failure in the past of computing machine concealment is attempted; Fail count, add up always, can only reset by two kinds of approach, the owner carries out dictionary attack strategy reset operation, Deng surpassing threshold value, automatically reset after lock-up cycle finishes, the attempt of proceeding more attacks after the effectively mandate carried out in the password that has so just stoped the assailant to utilize oneself to know; After each locking finishes, lock-up cycle is doubled, allow the assailant be difficult to determine when and to continue again to begin to attack.
Should be understood that the above-mentioned description at specific embodiment of the present invention is comparatively concrete, can not therefore be interpreted as the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.