Targeted Online Password Guessing

Wang, Ding; Zhang, Zijian; Wang, Ping; Yan, Jeff; Huang, Xinyi

doi:10.1145/2976749.2978339

Cited by 262 publications

(230 citation statements)

References 22 publications

Supporting

Mentioning

221

Contrasting

Order By: Relevance

“…As a demonstrator, the targeted dictionary attack currently gets the user's first and last names by asking them to log into his/her Facebook account via the Facebook API. This can be extended to cover more personal information such as what was used in [13,31].…”

Section: -D Canvas and Overall Look A 2-d Canvas Is Used As The Conmentioning

confidence: 99%

“…Because the pervasive use of passwords, they are frequently targeted in cyber attacks and many large-scale password leakage incidents have been reported especially in recent years [9,22]. Password strengthening technologies such as password hashing and salting have been developed to provide more protection on passwords stored on the server side, but human users remain a weak link because they often choose weak passwords to compromise security for usability, thus making password cracking much more effective [11,17,31,32].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

PSV (Password Security Visualizer): From Password Checking to User Education

Aljaffan

Yuan

2017

Human Aspects of Information Security, Privacy and Trust

View full text Add to dashboard Cite

Abstract. This paper presents the Password Security Visualizer (PSV), an interactive visualization system specifically designed for password security education. PSV can be seen as a reconfigurable "box" containing different proactive password checkers (PPCs) and visualizers of password security information, allowing it to be used like a "many in one" or "hybrid" PPC. PSV can provide many new features that do not exist in traditional PPCs, thus having a greater potential to achieve its goals of educating users. Using purely client-side Web-based technologies, we implemented a prototype of PSV as an open-source software tool on a 2-D animated canvas. To evaluate the actual performance of our implemented PSV prototype against traditional PPCs, we conducted a semistructured interview involving 20 human participants. Our qualitative analysis of the results showed that PSV was considered the most informative and recommended by most participants as a good educational tool. To the best of our knowledge, PSV is the first system combining different PPCs together for user education, and the user study is the first of this kind on comparing educational effectiveness of different PPCs (and PPC-like password security tools such as PSV).

show abstract

Section: -D Canvas and Overall Look A 2-d Canvas Is Used As The Conmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

PSV (Password Security Visualizer): From Password Checking to User Education

Aljaffan

Yuan

2017

Human Aspects of Information Security, Privacy and Trust

View full text Add to dashboard Cite

show abstract

“…In the cryptanalysis of the two-factor authentication schemes, the adversary A is also supposed to have the following capacities [29,[47][48][49] …”

Section: The Capacities Of Adversarymentioning

confidence: 99%

“…is the running time for exclusive-or operation. |D pw | denotes the number of passwords in D pw , and |D pw | is very limited in practice [49,50]; usually |D pw | ≤ 10 6 ; so the above attack is quite efficient.…”

Section: Offline Dictionary Attack Via Verification Value Inmentioning

confidence: 99%

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

Wang¹,

Xu²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Remote user authentication is the first step to guarantee the security of online services. Online services grow rapidly and numerous remote user authentication schemes were proposed with high capability and efficiency. Recently, there are three new improved remote user authentication schemes which claim to be resistant to various attacks. Unfortunately, according to our analysis, these schemes all fail to achieve some critical security goals. This paper demonstrates that they all suffer from offline dictionary attack or fail to achieve forward secrecy and user anonymity. It is worth mentioning that we divide offline dictionary attacks into two categories: (1) the ones using the verification from smart cards and (2) the ones using the verification from the open channel. The second is more complicated and intractable than the first type. Such distinction benefits the exploration of better design principles. We also discuss some practical solutions to the two kinds of attacks, respectively. Furthermore, we proposed a reference model to deal with the first kind of attack and proved its effectiveness by taking one of our cryptanalysis schemes as an example.

show abstract

“…In addition, intrusion detection systems can also be classified as signature based or anomaly based depending upon the attack detection method. The signature-based systems are trained by extracting specific patterns (or signatures) from previously known attacks while the anomaly-based systems learn from the normal data collected when there is no anomalous activity [1,30,31,32,43]. The main purpose of an IDS is to detect as many attacks as possible with minimum number of false alarms, i.e., the system must be accurate in detecting attacks.…”

Section: Introductionmentioning

confidence: 99%

A novel statistical technique for intrusion detection systems

Kabir

Wang

et al. 2018

Future Generation Computer Systems

181

View full text Add to dashboard Cite

This paper proposes a novel approach for intrusion detection system based on sampling with Least Square Support Vector Machine (LS-SVM). Decision making is performed in two stages. In the first stage, the whole dataset is divided into some predetermined arbitrary subgroups. The proposed algorithm selects representative samples from these subgroups such that the samples reflect the entire dataset. An optimum allocation scheme is developed based on the variability of the observations within the subgroups. In the second stage, least square support vector machine (LS-SVM) is applied to the extracted samples to detect intrusions. We call the proposed algorithm as optimum allocation-based least square support vector machine (OA-LS-SVM) for IDS. To demonstrate the effectiveness of the proposed method, the experiments are carried out on KDD 99 database which is considered a de facto benchmark for evaluating the performance of intrusions detection algorithm. All binary-classes and multiclass are tested and our proposed approach obtains a realistic performance in terms of accuracy and efficiency. Finally a way out is also shown the usability of the proposed algorithm for incremental datasets.

show abstract

Targeted Online Password Guessing

Cited by 262 publications

References 22 publications

PSV (Password Security Visualizer): From Password Checking to User Education

PSV (Password Security Visualizer): From Password Checking to User Education

Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card

A novel statistical technique for intrusion detection systems

Contact Info

Product

Resources

About