Achieving Flatness: Honeywords Generation Method for Passwords based on user behaviours
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 3
Abstract
Honeywords (decoy passwords) have been proposed to detect attacks against hashed password databases. For each user account, the original password is stored with many honeywords in order to thwart any adversary. The honeywords are selected deliberately such that a cyber-attacker who steals a file of hashed passwords cannot be sure, if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 24 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinise the honeyword system and highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters. Four sets of honeywords are added to the system that resembles the real passwords, thereby achieving an extremely flat honeywords generation method. To measure the human behaviours in relation to trying to crack the password, a testbed engaged with by 820 people was created to determine the appropriate words for the traditional and proposed methods. The results show that under the new method it is harder to obtain any indication of the real password (high flatness) when compared with traditional approaches and the probability of choosing the real password is 1/k, where k = number of honeywords plus the real password.
Authors and Affiliations
Omar Z. Akif, Ann F. Sabeeh, G. J. Rodgers, H. S. Al-Raweshidy
Keywords
Related Articles
- EP ID EP498366
- DOI 10.14569/IJACSA.2019.0100305
- Views 103
- Downloads 0
Status of Wireless Technologies Used For Designing Home Automation System - A Review
The concept of “Automation” have just started flourishing, companies have developed automated systems of their own to control alarms, sensors, actuators and video cameras and moving further the concept of automated build...
An Amplitude Modulation of Cerebral Rhythms based Method in a Motor Task BCI Paradigm
Quantitative evaluation based on amplitude modulation analysis of electroencephalographic signals is proposed for a brain computer interface paradigm. The method allows characterization of the interaction effects of diff...
Secret Key Agreement Over Multipath Channels Exploiting a Variable-Directional Antenna
We develop an approach of key distribution protocol(KDP) proposed recently by T.Aono et al., where the security of KDP is only partly estimated in terms of eavesdropper's key bit errors. Instead we calculate the S...
Confinement for Active Objects
In this paper, we provide a formal framework for the security of distributed active objects. Active objects com-municate asynchronously implementing method calls via futures. We base the formal framework on a security mo...
The Problem of Universal Grammar with Multiple Languages: Arabic, English, Russian as Case Study
Every language has its characteristics and rules, though all languages share the same components like words, sentences, subject, verb, object and so on. Nevertheless, Chomsky suggested the theory of language acquisition...