nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Multi-item Passphrases: A Self-adaptive Approach Against Offline Guessing Attacks

verfasst von : Jaryn Shen, Kim-Kwang Raymond Choo, Qingkai Zeng

Erschienen in: Digital Forensics and Cyber Crime

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

While authentication has been widely studied, designing secure and efficient authentication schemes for various applications remains challenging. In this paper, we propose a self-adaptive authentication mechanism, Multi-item Passphrases, which is designed to mitigate offline password-guessing attacks. For example, “11th July 2018, Nanjing, China, San Antonio, Texas, research” is a multi-item passphrase. It dynamically monitors items and identifies frequently used items. Users will then be alerted when there is need to change their passphrases based on the observed trend (e.g., when a term used in the passphrase consists of a popular item). We demonstrate the security and effectiveness of the proposed scheme in resisting offline guessing attacks, and in particular using simulations to show that schemes based on multi-item passphrases achieve higher security and better usability than those using passwords and diceware passphrases.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Digital Forensics Event Graph Reconstruction

Nächstes Kapitel Hybrid Intrusion Detection System for Worm Attacks Based on Their Network Behavior

Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. (CSUR) 44(4), 19 (2012)CrossRef

Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015)CrossRef

Bonneau, J., Shutova, E.: Linguistic properties of multi-word passphrases. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 1–12. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_1CrossRef

Burnett, M.: Today I am releasing ten million passwords, February 2015. https://xato.net/passwords/tenmillion-passwords/

Chatterjee, R., Athayle, A., Akhawe, D., Juels, A., Ristenpart, T.: pASSWORD tYPOS and how to correct them securely. In: IEEE Symposium on Security and Privacy, pp. 799–818 (2016)

Oxford Living Dictionaries: How many words are there in the English language? (2018). https://en.oxforddictionaries.com/explore/how-many-words-are-there-in-the-english-language/

Wang, D., Cheng, H., Wang, P., Yan, J., Huang, X.: A security analysis of honeywords. In: Proceedings of the 25th Annual Network and Distributed System Security Symposium (2018)

D’Orazio, C., Choo, K.K.R., Yang, L.T.: Data exfiltration from Internet of Things devices: iOS devices as case studies. IEEE Internet Things J. 4(2), 524–535 (2017)CrossRef

Habib, H., et al.: Password creation in the presence of blacklists. In: Proceedings of USEC (2017)

10.

Komanduri, S., Shay, R., Cranor, L.F., Herley, C., Schechter, S.E.: Telepathwords: preventing weak passwords by reading users’ minds. In: USENIX Security Symposium, pp. 591–606 (2014)

11.

Krol, K., Philippou, E., De Cristofaro, E., Sasse, M.A.: “they brought in the horrible key ring thing!” analysing the usability of two-factor authentication in UK online banking. In: Symposium on NDSS Workshop on Usable Security (2015)

12.

Leininger, H.: Libpathwell 0.6.1 released, 2015 (2015). https://blog.korelogic.com/blog/2015/07/31/libpathwell-0_6_1

13.

Li, Z., Han, W., Xu, W.: A large-scale empirical analysis of Chinese web passwords. In: Proceedings of 23rd USENIX Security Symposium, USENIX Security, August 2014

14.

Mazurek, M.L., et al.: Measuring password guessability for an entire university. In: Proceedings of the 20th ACM SIGSAC Conference on Computer and Communications Security, pp. 173–186. ACM (2013)

15.

Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)CrossRef

16.

OED: Dictionary milestones: a chronology of events relevant to the history of the OED (2017). http://public.oed.com/history-of-the-oed/dictionary-milestones/

17.

Paul: New 25 GPU monster devours passwords in seconds, December 2012. https://securityledger.com/2012/12/new-25-gpu-monster-devours-passwords-in-seconds/

18.

Provos, N., Mazieres, D.: A future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX Track, pp. 81–91 (1999)

19.

Reinhold, A.G.: The diceware passphrase home page, October 2017. http://world.std.com/~reinhold/diceware.html

20.

Schechter, S., Herley, C., Mitzenmacher, M.: Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks. In: USENIX Conference on Hot Topics in Security, pp. 1–8 (2010)

21.

Segreti, S.M., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: Symposium on Usable Privacy and Security (SOUPS) (2017)

22.

Tazawa, H., Katoh, T., Bista, B.B., Takata, T.: A user authenticaion scheme using multiple passphrases and its arrangement. In: International Symposium on Information Theory and Its Applications (ISITA), pp. 554–559. IEEE (2010)

23.

Walpole, R.E.: One- and two-sample tests of hypotheses. In: Probability and Statistics for Engineers and Scientists, 7 edn. Pearson (2001). Chapter 10

24.

Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017)CrossRef

Titel: Multi-item Passphrases: A Self-adaptive Approach Against Offline Guessing Attacks
verfasst von: Jaryn Shen
Kim-Kwang Raymond Choo
Qingkai Zeng
Verlag: Springer International Publishing
Buch: Digital Forensics and Cyber Crime
Print ISBN: 978-3-030-05486-1

Electronic ISBN: 978-3-030-05487-8

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-05487-8_11

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"