An Analysis of CFG Password Against Brute Force Attack for Web Applications

In this paper, we report on a study of brute force attack on CFG passwords. Alphanumeric Passwords are the common and usual mode of authentication for a range of online login. Human proclivities in creating Password draw hackers and enthusiastic Password Crackers to crack down password easily using various techniques, with accessible computing power and available large number of tools. Common attacks on passwords are Brute force attack, Dictionary attack and Hybrid attack. A new method of Alphanumeric Password Authentication for user login is “CFG Password”. Context free Grammar Passwords are a class of Alphanumeric Password which differs uniquely from random passwords with certain specifications. CFG passwords are created using the model of the Context Free Grammar. This technique can be used as authentication for web applications. Analysis on CFG Password against Brute force attack is carried out using two open source tools. Comparative analysis has been carried out, based on that suggestions are given to create strong CFG Password for Secured System and where, how it can be used.

[1]  Cormac Herley,et al.  Do Strong Web Passwords Accomplish Anything? , 2007, HotSec.

[2]  Muhammad Sharif,et al.  A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication , 2012 .

[3]  S. Vaithyasubramanian,et al.  A Study on Markov Chain Password using Bayesian Inference , 2014 .

[4]  Neeraj Kumar,et al.  Investigations in Brute Force Attack on Cellular Security Based on Des and Aes , 2011 .

[5]  Robert Giegerich,et al.  Analyzing ambiguity of context-free grammars , 2010 .

[6]  S. Vaithyasubramanian,et al.  Generation of Array Passwords Using Petri Net for Effective Network and Information Security , 2015 .

[7]  Aidan Wilson,et al.  Introduction to Regular Expressions , 2016 .

[8]  Edward F. Gehringer Choosing passwords: security and human factors , 2002, IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).

[9]  Carlisle M. Adams,et al.  Lightweight protection against brute force login attacks on Web applications , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[10]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[11]  S. Vaithyasubramanian,et al.  An Analysis of Markov Password Against Brute Force Attack for Effective Web Applications , 2014 .

[12]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[13]  S. Vaithyasubramanian,et al.  A Scheme to Create Secured Random Password Using Markov Chain , 2015 .

[14]  Paul C. van Oorschot,et al.  Revisiting Defenses against Large-Scale Online Password Guessing Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.

[15]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[16]  Robert Giegerich,et al.  Analyzing Ambiguity of Context-Free Grammars , 2007, CIAA.

[17]  S. Vaithyasubramanian,et al.  Two Factor Authentication for Secured Login Using Array Password Engender by Petri net , 2015 .

[18]  Jeanna Neefe Matthews,et al.  A Study of Passwords and Methods Used in Brute-Force SSH Attacks , 2008 .