Skip to main content

Posts

Project conclusion. Reflection

 During my first term at the DMUIC I have learnt a lot of new essential skills. The Computer Skills and Research module has helped me a lot, and in this post I am going to conclude what I have learnt during the work on the project and the blog. Firstly, I have learnt how to find, filter and reference academic sources. Moreover, I have implemented this knowledge in my studying. Also, I learnt how to use university facilities such as library. It is a new and essential skill which I am glad to have. Secondly, I have learnt how to manage the project. For example, there are a project plan and a Gannt Chart in my blog. These elements help to manage project well. Moreover, they provide me with the possibility to assess my work and to decide wether I am working efficiently or not. Thirdly, I have learnt how to write research essays and how to find correct sources for referencing. These new skills were implemented in the research essay post. Moreover, I have learnt how to use some essential...
Post a Comment
Read more
Recent posts

Take-a-tail honeyword generation demonstartion. Python program

Take-a-tale - honeyword generation technique, where a tail is added to the password. A number of passwords with same body, but with different tails are created (Juels and Rivest, 2013).    (Author's work) I have decided to research this technique further and to write a python program that demonstrates how it works and how honeywords are supposed to work in general. The file take_a_tail.py is available for everyone on my google drive: link I have also written a .bat file which starts a program and writes basic information about it: User can enter 4 commands: register - to register a new user in a system login - to try to log in into the system attack - prints a list of user with passwords stop - stops program First of all we need to register a new user: After entering a new username and a password, user is asked to add 3 numbers after password. This 3 numbers are a tail. After registration his username and password are contained in memory with additional 5 honeywords - decoy pa...
1 comment
Read more

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Glossary post

The glossary post with the most important terms included in my research. Correct understanding of the terms below is necessary for understanding most of the posts in the blog:   Hash – output of complex mathematical formula. Often used to store passwords and to check integrity of data  (Evans, 2018) Honeyword – decoy password used to trigger an alarm and to detect password cracking (Juels and Rivest, 2013) Salting – process of making hash more complex and secure (BoĆĄnjak and Brumen, 2019) Brute-force attack – manual attack or attack with the use of password guessing software in order to guess the password. May be offline and online. Offline attack is executed on a password hash in order to guess the password which has same hashing output as provided. Online attack is usually, but not always, manual and connected with trying most common passwords on some particular service in order to get access to an account  (Evans, 2018) Dictionary attack – an example...
1 comment
Read more

Case study discussion

  4.1 Meaning of the findings   The research of the honeywords demonstrates that such technology is not ready to be implemented today. Implementing honeywords today may lead to creating some additional DDos vulnerabilities. Moreover, the increase in security may not be essential in comparison with the losses of storage space. 4.2 Areas for further research   To conclude, some further research in honeyword technology is necessary to make it ready for implementation. The most important is to create a honeyword generating technique that would be capable of creating honeywords that are hard to distinguish from real passwords of a particular user. Without advanced generation technique, implementing of honeywords will make system vulnerable against DDos attacks. Such generation technique needs to be able to tweak itself for every user individually in order to eliminate the negative effect connected with using personal information in passwords. Although, current system...
1 comment
Read more

Case study method

  3.1 Proposed solution Honeywords are decoy passwords that trigger an alarm system when somebody is trying to log-in using them (Juels and Rivest, 2013) . Juels and Rivest (2013) propose the idea of storing a number of password hashes along with the hash of the correct password of each user. The file with logins and passwords without honeywords consists of a login and a hash of one password per user. After implementing honeyword system, the file will contain around 20 passwords per user with one correct password and several honeywords – decoy passwords. When an adversary somehow gets access to the file with logins and passwords, she needs to crack a much bigger number of passwords in order to get access to the system. However, even if adversary manages to crack all the passwords, there is always a chance that she will enter one of the honeywords that will trigger an alarm. Without honeywords the actual breach of passwords is considered to remain undetected and there would be...
1 comment
Read more

Literature review

  2. Literature review The current study is based on the work of Juels and Rivest published in 2013. In their work, Juels and Rivest (2013) for the first time propose honeywords as the way to make password cracking detectable. The idea itself is controversial and has a lot of weak points. To represent critical point of view, the work of Wang et al. (2017) is also used in the research. Juels and Rivest introduced an idea and described the way it can be implemented in the current industry. They had described the way honeywords could be stored and the way they could be generated and analysed. However, generating of honeywords presented in their work is widely criticised. As an example of such critique is the work of Wang et al. where the detailed analysis of honeyword generation techniques is given. Moreover, it is concluded that current generation techniques are raw and inefficient. Secondly, experimenting with modern machine learning based password crackers in order to assess...
1 comment
Read more