Skip to main content

Introduction to the case study


1.1           Research problem 

Passwords authentication may be seen as one of the weakiest points in the modern security chain (Febrache, 2016). However, usually the problem is not in the passwords themselves, but in the way, people use them. According to statistics people tend to use personal information and words that can be found in dictionaries while creating their password. According to Huan at el. (2017), 23.75% of the whole password space consist of personal information. Such way of creating passwords make them extremely vulnerable against brute-force attacks.

(Author's work)

 Researchers all over the world are trying to develop a new authentication system which will be able to eliminate all problems connected with using passwords. However, passwords are still one of the most efficient and popular ways of authentication. Moreover, there are a lot of evidence that passwords are still here to stay with us in near future  (Bošnjak and Brumen, 2019).

One of the possible solutions is to continue using passwords, but to improve the way they are stored and processed. Nowadays, raw passwords are not stored in a system. Usually, passwords are stored as a hash – result of a complex mathematical formula, which cannot be reversed (Evans, 2018).

(Author's work)

 Such hash may be salted – which means that the hash is some how modified in order to increase security level. However, modern targeted password guessers are able to crack passwords in seconds (Huan et al., 2017). Therefore, one possible solution is to make a hashing function more complicated. However, in this work another possible solution is proposed.

1.2           Thesis

The topic of the work is honeywords – decoy passwords which are stored along with the real one. When an adversary cracks passwords and tries to enter them, it is always possible to enter a decoy password which will trigger an alarm and necessary measures will be taken. The aim of this work is to assess advantages and disadvantages of such idea, research the results of its implementation and to propose the areas for further research.




Reference:

Bošnjak, L. and Brumen, B. (2019) ‘Rejecting the death of passwords: Advice for the future’, Computer Science and Information Systems, 16(1), pp. 313–332. Available at: https://doi.org/10.2298/CSIS180328016B (Accessed: 27 October 2021).

Evans, L. (2018) Cybersecurity: What do you need to know about computer and Cyber Security, Social Engineering, The Internet of things + An Essential guide to ethical hacking for beginners.

Febrache, D. (2016) ‘Passwords are broken – the future shape of biometrics’, Biometric Technology Today, 2016(3), pp. 5–7. Available at: https://www.sciencedirect.com/science/article/pii/S0969476516300492 (Accessed: 27 October 2021).

Huan, Z., Qizu, L. and Zhang, F. (2017) ‘An Analysis of Targeted Password Guessing Using Neural Networks’, in. IEEE-security.com. Available at: http://www.ieee-security.org/TC/SP2017/poster-abstracts/IEEE-SP17_Posters_paper_24.pdf (Accessed: 27 October 2021).

Comments

  1. Carrie MansfieldDecember 1, 2021 at 5:43 AM

    Good start - on the final reference should there be an accessed on date? It's an interesting subject area, try to use cross referencing to see what different people think and have said about this in different articles/papers/books. As opinions may differ.

    ReplyDelete

Post a Comment

Popular posts from this blog

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Major project theme

Every person has heard about how important it is to have a well-built strong password. An essential number of people would agree that password hygiene is as important as the personal hygiene is, since violation of first may lead to much more serious consequences. However, the statistics show that 59% of users use their names and dates of birth as their passwords, 43% shared their passwords with other people and only 45% would change a password after a breach (O’Driscoll, 2020). The aim of this post is to show how to create strong passwords. It is necessary to know how passwords are cracked in order to properly understand what password can be referred as strong one. There are to ways to execute an attack: online and offline.  Online attack is done by trying different passwords one by one through a normal log in process. Usually, such attacks are unsuccessful since they are easy to detect and block if necessary (Burnett and Kleiman, 2006).  I think everybody encountered situatio...
2 comments
Read more