Achieving Flatness: Honeywords Generation Method for Passwords based on user behaviours
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 3
Abstract
Honeywords (decoy passwords) have been proposed to detect attacks against hashed password databases. For each user account, the original password is stored with many honeywords in order to thwart any adversary. The honeywords are selected deliberately such that a cyber-attacker who steals a file of hashed passwords cannot be sure, if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 24 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinise the honeyword system and highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters. Four sets of honeywords are added to the system that resembles the real passwords, thereby achieving an extremely flat honeywords generation method. To measure the human behaviours in relation to trying to crack the password, a testbed engaged with by 820 people was created to determine the appropriate words for the traditional and proposed methods. The results show that under the new method it is harder to obtain any indication of the real password (high flatness) when compared with traditional approaches and the probability of choosing the real password is 1/k, where k = number of honeywords plus the real password.
Authors and Affiliations
Omar Z. Akif, Ann F. Sabeeh, G. J. Rodgers, H. S. Al-Raweshidy
Keywords
Related Articles
- EP ID EP498366
- DOI 10.14569/IJACSA.2019.0100305
- Views 76
- Downloads 0
Embedded Object Detection with Radar Echo Data by Means of Wavelet Analysis of MRA: Multi-Resolution Analysis
A method for embedded object detection with radar echo data by means of wavelet analysis of MRA: Multi-Resolution Analysis, in particular, three dimensional wavelet transformations is proposed. In order to improve embedd...
Securing Informative Fuzzy Association Rules using Bayesian Network
In business association rules being considered as important assets, play a vital role in its productivity and growth. Different business partnership share association rules in order to explore the capabilities to make ef...
scaleBF: A High Scalable Membership Filter using 3D Bloom Filter
Bloom Filter is extensively deployed data structure in various applications and research domain since its inception. Bloom Filter is able to reduce the space consumption in an order of magnitude. Thus, Bloom Filter is us...
Estimation of the Visual Quality of Video Streaming Under Desynchronization Conditions
This paper presents a method for assessing desynchronized video with the aid of a software package specially developed for this purpose. A unique methodology of substituting values for lost frames was developed. It...
Model Study and Fault Detection for the Railway System
The wheel-rail-sleepers system is simulated as a series of moving point loads on an Euler–Bernoulli beam resting on a visco-elastic half space. This paper concentrates on the rail-sleepers interaction system (railway sys...