Skip to main content

Literature review

 

2. Literature review

The current study is based on the work of Juels and Rivest published in 2013. In their work, Juels and Rivest (2013) for the first time propose honeywords as the way to make password cracking detectable. The idea itself is controversial and has a lot of weak points. To represent critical point of view, the work of Wang et al. (2017) is also used in the research.

Juels and Rivest introduced an idea and described the way it can be implemented in the current industry. They had described the way honeywords could be stored and the way they could be generated and analysed. However, generating of honeywords presented in their work is widely criticised. As an example of such critique is the work of Wang et al. where the detailed analysis of honeyword generation techniques is given. Moreover, it is concluded that current generation techniques are raw and inefficient.

Secondly, experimenting with modern machine learning based password crackers in order to assess the efficiency of honeywords is presented by Wang et al. (2017). The results of the experiments show that in 29.29 – 32.62% of cases basic trawling-guessing attacker was able to identify the honeyword. With advanced attacker that number increased to 34.21 – 49.02% of cases. However, the number is increased towards 56.81 – 67.98% if the attacker possesses personal information about the victim. One of conclusions is that user behaviour connected with using personal information in passwords is completely vulnerable since personal information can be easily found on social networks.

To conclude, sources that are used in the current study provide critical analysis of honeywords, show a number of weak points and give the field for further research, especially in the field of honeywords generation. However, both sources suggest that honeywords are not yet ready to be implemented in the modern industry and services.



Reference:

Wang, D. et al. (2017) ‘A Security Analysis of Honeywords’, in. NDSS 2018, San Diego, USA: ReaserchGate. Available from: https://www.researchgate.net/publication/320626726_A_Security_Analysis_of_Honeywords.

Juels, A. and Rivest, R.L. (2013) ‘Honeywords: making password-cracking detectable’, in. CCS, Berlin, Germany: ACM, pp. 145–160. Available from: https://dl.acm.org/doi/abs/10.1145/2508859.2516671?casa_token=z0BT8j2R23UAAAAA:rWbGmGVWkVHKWKFF4USMBi0I8uIyQqJtHioVEPnIGUqiPR4nPE-jmn665OBxEUVr3UrzZfDo7isQ#sec-ref.


Comments

  1. Carrie MansfieldDecember 3, 2021 at 1:57 AM

    The Literature Review should be a collection of research (as you have here) but think about the structure and try to make it flow more as a cohesive piece of writing.

    ReplyDelete

Post a Comment

Popular posts from this blog

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Major project theme

Every person has heard about how important it is to have a well-built strong password. An essential number of people would agree that password hygiene is as important as the personal hygiene is, since violation of first may lead to much more serious consequences. However, the statistics show that 59% of users use their names and dates of birth as their passwords, 43% shared their passwords with other people and only 45% would change a password after a breach (O’Driscoll, 2020). The aim of this post is to show how to create strong passwords. It is necessary to know how passwords are cracked in order to properly understand what password can be referred as strong one. There are to ways to execute an attack: online and offline.  Online attack is done by trying different passwords one by one through a normal log in process. Usually, such attacks are unsuccessful since they are easy to detect and block if necessary (Burnett and Kleiman, 2006).  I think everybody encountered situatio...
2 comments
Read more