A New Storage Optimized Honeyword Generation Approach for Enhancing Security and Usability

Inverting the hash values by performing brute force computation is one of the latest security threats on password based authentication technique. New technologies are being developed for brute force computation and these increase the success rate of inversion attack. Honeyword base authentication protocol can successfully mitigate this threat by making password cracking detectable. However, the existing schemes have several limitations like Multiple System Vulnerability, Weak DoS Resistivity, Storage Overhead, etc. In this paper we have proposed a new honeyword generation approach, identified as Paired Distance Protocol (PDP) which overcomes almost all the drawbacks of previously proposed honeyword generation approaches. The comprehensive analysis shows that PDP not only attains a high detection rate of 97.23% but also reduces the storage cost to a great extent.

[1]  Eugene H. Spafford,et al.  Improving Security using Deception , 2013 .

[2]  Wanli Ma,et al.  Password Entropy and Password Quality , 2010, 2010 Fourth International Conference on Network and System Security.

[3]  Angelos D. Keromytis,et al.  SAuth: protecting user accounts from password database leaks , 2013, CCS.

[4]  Cormac Herley,et al.  Protecting Financial Institutions from Brute-Force Attacks , 2008, SEC.

[5]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[6]  Marcus Bakker,et al.  GPU-based password cracking , 2011 .

[7]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[8]  F. Cohen The Use of Deception Techniques : Honeypots and Decoys , 2004 .

[9]  Samrat Mondal,et al.  Tag Digit Based Honeypot to Detect Shoulder Surfing Attack , 2014, SSCC.

[10]  Taekyoung Kwon,et al.  Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[11]  Imran Erguler,et al.  Achieving Flatness: Selecting the Honeywords from Existing User Passwords , 2016, IEEE Transactions on Dependable and Secure Computing.

[12]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[13]  Lujo Bauer,et al.  Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[15]  R. Marois,et al.  Capacity limits of information processing in the brain , 2005, Trends in Cognitive Sciences.

[16]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[17]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[18]  Dan Boneh,et al.  Kamouflage: Loss-Resistant Password Management , 2010, ESORICS.