Centralized vs Decentralized Targeted Brute-Force Attacks: Guessing With Side-Information

Salamatian, Salman; Huleihel, Wasim; Beirami, Ahmad; Cohen, Asaf; Médard, Muriel

doi:10.1109/tifs.2020.2998949

Cited by 13 publications

(6 citation statements)

References 31 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacks' operators of social engineering attacks against KBA can be classified into two approaches. Social engineering attacks include social-based attacks (using psychological skills to collect KBA information) (Granger, 2001) (Salahdine & Kaabouch, 2019), and computer-based attacks (the use of sophisticated technical tools to obtain KBA information) (Krombholz, Hobel, Huber, & Weippl, 2015). In turn, depending on how the attack is conducted, social engineering attacks can be classified into three categories, physical, technical and socio-technical (or social) based attacks.…”

Section: Social Engineering Attacks On Knowledge Based Authentication...mentioning

confidence: 99%

“…A brute force attack on KBA is the act of trial and error to gain access via trying multiple combinations of password. There are different forms of brute force attack to KBA including offline cracking attack (taking a password from a password storage file that has been recovered from the system) (Blocki, Harsha, & Zhou, 2018), letter frequency analysis attack (replace popular letters in ciphertext with common letters in the used language) (CRYPTO-IT, 2020), or targeted brute force attacks which primarily uses input dictionary creation programs and password guess generators (to target other accounts with previously compromised account details) (Tools, n.d.) (Salamatian, Huleihel, Beirami, Cohen, & M édard, 2020). Another form of brute force attack on KBA is rainbow table attack which enables the recovery feasibility of long, human chosen passwords, which computes hashes of the large set of available strings, rather than specifically calculating a hash function for every string present and comparing them to the target (ParthDutt, n.d.) (Marforio, Masti, Soriente, Kostiainen, & Capkun, 2016) (L. Zhang, Tan, & Yu, 2017).…”

Section: Brute Force Attacks On Knowledge Based Authentication Factorsmentioning

confidence: 99%

See 1 more Smart Citation

Information Security and Privacy in Smart Devices

2023

Advances in Information Security, Privacy, and Ethics

View full text Add to dashboard Cite

The version presented here may differ from the published version or version of record. If you intend to cite from the work you are advised to consult the publisher's version: https://www.igi-global.com/book/information-security-privacy-smart-devices/298978 Research at York St John (RaY) is an institutional repository. It supports the principles of open access by making the research outputs of the University available in digital form.

show abstract

Section: Social Engineering Attacks On Knowledge Based Authentication...mentioning

confidence: 99%

Section: Brute Force Attacks On Knowledge Based Authentication Factorsmentioning

confidence: 99%

Information Security and Privacy in Smart Devices

2023

Advances in Information Security, Privacy, and Ethics

View full text Add to dashboard Cite

show abstract

“…Thus, if the channel introduces erasures, the goal is to fill the missing gaps. In a sense, this model was extended by Salamatian et al in [43], where multiple guessers tried to fill the missing gaps, or correct errors introduced by the channel, using either a centralized or a decentralized approach. On the other hand, submitting guesses through a noisy channel was considered by Merhav in [51].…”

Section: Related Workmentioning

confidence: 99%

“…In [55], Sason derived bounds on the Rényi entropy of a function of a random variable, and applied them to derive non-asymptotic bounds on the difference between the exponent in guessing the original random variable, and that of guessing the (possibly non one-to-one) function. Several works considered guessing with side information [2,56,50,43,57]. Yona and Diggavi [58] considered the problem of guessing a word which has a similar hash function as the source word -a highly practical scenario as passwords are rarely stored as is, and only a hash is used.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Universal Randomized Guessing Subjected to Distortion

Cohen¹,

Merhav²

2021

Preprint

Self Cite

View full text Add to dashboard Cite

In this paper, we consider the problem of guessing a sequence subject to a distortion constraint. Specifically, we assume the following game between Alice and Bob: Alice has a sequence x of length n. Bob wishes to guess x, yet he is satisfied with finding any sequence x which is within a given distortion D from x. Thus, he successively submits queries to Alice, until receiving an affirmative answer, stating that his guess was within the required distortion.Finding guessing strategies which minimize the number of guesses (the guesswork), and analyzing its properties (e.g., its ρ-th moment) has several applications in information security, source and channel coding. Guessing subject to a distortion constraint is especially useful when considering contemporary biometrically-secured systems, where the "password" which protects the data is not a single, fixed vector but rather a ball of feature vectors centered at some x, and any feature vector within the ball results in acceptance.We formally define the guessing problem under distortion in four different setups: memoryless sources, guessing through a noisy channel, sources with memory and individual sequences. We suggest a randomized guessing strategy which is asymptotically optimal for all setups and is five-fold universal, as it is independent of the source statistics, the channel, the moment to be optimized, the distortion measure and the distortion level.

show abstract