Achieving Flatness: Honeywords Generation Method for Passwords based on user behaviours
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 3
Abstract
Honeywords (decoy passwords) have been proposed to detect attacks against hashed password databases. For each user account, the original password is stored with many honeywords in order to thwart any adversary. The honeywords are selected deliberately such that a cyber-attacker who steals a file of hashed passwords cannot be sure, if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 24 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinise the honeyword system and highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters. Four sets of honeywords are added to the system that resembles the real passwords, thereby achieving an extremely flat honeywords generation method. To measure the human behaviours in relation to trying to crack the password, a testbed engaged with by 820 people was created to determine the appropriate words for the traditional and proposed methods. The results show that under the new method it is harder to obtain any indication of the real password (high flatness) when compared with traditional approaches and the probability of choosing the real password is 1/k, where k = number of honeywords plus the real password.
Authors and Affiliations
Omar Z. Akif, Ann F. Sabeeh, G. J. Rodgers, H. S. Al-Raweshidy
Keywords
Related Articles
- EP ID EP498366
- DOI 10.14569/IJACSA.2019.0100305
- Views 75
- Downloads 0
The Effect of Social Feature Quality on the Social Commerce System
The emergence of social networks has triggered the evolution of e-commerce to what is now known as social-commerce (s-commerce). However, s-commerce users experience problems related to its social features that affect s-...
Brainstorming 2.0: Toward collaborative tool based on social networks
Social networks are part of Web 2.0 collaborative tools that have a major impact in enriching the sharing and communication enabling a maximum of collaboration and innovation globally between web users. It is in this con...
Data-driven based Fault Diagnosis using Principal Component Analysis
Modern industrial systems are growing day by day and unlikely their complexity is also increasing. On the other hand, the design and operations have become a key focus of the researchers in order to improve the productio...
Performance Analysis of Route Redistribution among Diverse Dynamic Routing Protocols based on OPNET Simulation
Routing protocols are the fundamental block of selecting the optimal path from a source node to a destination node in internetwork. Due to emerge the large networks in business aspect thus; they operate diverse routing p...
Hybrid Forecasting Scheme for Financial Time-Series Data using Neural Network and Statistical Methods
Currently, predicting time series utilizes as interesting research area for temporal mining aspects. Financial Time Series (FTS) delineated as one of the most challenging tasks, due to data characteristics is devoid of l...