Achieving Flatness: Honeywords Generation Method for Passwords based on user behaviours
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 3
Abstract
Honeywords (decoy passwords) have been proposed to detect attacks against hashed password databases. For each user account, the original password is stored with many honeywords in order to thwart any adversary. The honeywords are selected deliberately such that a cyber-attacker who steals a file of hashed passwords cannot be sure, if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 24 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinise the honeyword system and highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters. Four sets of honeywords are added to the system that resembles the real passwords, thereby achieving an extremely flat honeywords generation method. To measure the human behaviours in relation to trying to crack the password, a testbed engaged with by 820 people was created to determine the appropriate words for the traditional and proposed methods. The results show that under the new method it is harder to obtain any indication of the real password (high flatness) when compared with traditional approaches and the probability of choosing the real password is 1/k, where k = number of honeywords plus the real password.
Authors and Affiliations
Omar Z. Akif, Ann F. Sabeeh, G. J. Rodgers, H. S. Al-Raweshidy
Keywords
Related Articles
- EP ID EP498366
- DOI 10.14569/IJACSA.2019.0100305
- Views 91
- Downloads 0
Exploratory Analysis of the Total Variation of Electrons in the Ionosphere before Telluric Events Greater than M7.0 in the World During 2015-2016
This exploratory observational study analyzes the variation of the total amount of vertical electrons (vTEC) in the ionosphere, 17 days before telluric events with grades greater than M7.0 between 2015 and 2016. Thirty t...
Adoption of the Internet of Things (IoT) in Agriculture and Smart Farming towards Urban Greening: A Review
It is essential to increase the productivity of agricultural and farming processes to improve yields and cost-effectiveness with new technology such as the Internet of Things (IoT). In particular, IoT can make agricultur...
Transform Domain Fingerprint Identification Based on DTCWT
The physiological biometric characteristics are better compared to behavioral biometric identification of human beings to identify a person. In this paper, we propose Transform Domain Fingerprint Identification Bas...
Continuous Bangla Speech Segmentation using Short-term Speech Features Extraction Approaches
This paper presents simple and novel feature extraction approaches for segmenting continuous Bangla speech sentences into words/sub-words. These methods are based on two simple speech features, namely the time-domain fea...
Customer Value Proposition for E-Commerce: A Case Study Approach
E-Commerce tools have become a human needs everywhere and important not only to customers but to industry players. The intention to use E-Commerce tools among practitioners, especially in the Malaysian retail sector is n...