论文信息 - Few notes towards making honeyword system more secure and usable

Few notes towards making honeyword system more secure and usable

Traditionally the passwords are stored in hashed format. However, if the password file is compromised then by using the brute force attack there is a high chance that the original passwords can be leaked. False passwords -- also known as honeywords, are used to protect the original passwords from such leak. A good honeyword system is dependent on effective honeyword generation techniques. In this paper, the risk and limitations of some of the existing honeyword generation techniques have been identified as different notes. Three concepts -- modified tails, close number formation and caps key are introduced to address the existing issues. The experimental analysis shows that the proposed techniques with some preprocessing can protect high percentage of passwords. Finally a comparative analysis is presented to show how the proposed approaches stand with respect to the existing honeyword generation approaches.

Samrat Mondal | Nilesh Chakraborty

[1] Alan F. Blackwell,et al. The memorability and security of passwords – some empirical results , 2000 .

[2] Dan Boneh,et al. Kamouflage: Loss-Resistant Password Management , 2010, ESORICS.

[3] Sudhir Aggarwal,et al. Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[4] F. Cohen. The Use of Deception Techniques : Honeypots and Decoys , 2004 .

[5] Samrat Mondal,et al. Tag Digit Based Honeypot to Detect Shoulder Surfing Attack , 2014, SSCC.

[6] David P. Jablon. Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[7] Lujo Bauer,et al. Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms , 2012, 2012 IEEE Symposium on Security and Privacy.

[8] Ronald L. Rivest,et al. Honeywords: making password-cracking detectable , 2013, CCS.