Learning Framework for Guessing Alphanumeric Passwords on Mobile Phones Based on User Context and Fragment Semantics

Nassif, Lilian Noronha; de Oliveira, Jonny Silva

doi:10.1007/978-3-031-56583-0_2

Lilian Noronha Nassif^17,18 &
Jonny Silva de Oliveira¹⁷

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 571))

Included in the following conference series:

International Conference on Digital Forensics and Cyber Crime

102 Accesses

Abstract

When conducting a criminal investigation, accessing mobile phone data is crucial for law enforcement. However, encryption mechanisms and user locks are becoming increasingly complex and more challenging for forensic examiners. Although there are tools that can perform brute-force attacks to crack passwords on mobile phones, it becomes difficult when faced with alphanumeric passwords. The challenge is not only the algorithm but also the use of a customized dictionary. It is impractical to use a complete dictionary with all possible combinations as the attack conditions are very restrictive, and the time it takes to crack the password becomes too long depending on its length. In this article, we present a learning framework based on a set of dictionaries, variation rules, and fragment permutations. Dictionaries are organized from different perspectives of personal data, open sources, and groups of contexts. The naming and ordering of the dictionary help digital forensics examiners strategize and improve their chances of success in cracking alphanumeric passwords.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 64.99; Price excludes VAT (USA)

Softcover Book: USD 84.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Sathe, S.C., Dongre, N.M.: Data acquisition techniques in mobile forensics. In: 2018 2nd International Conference on Inventive Systems and Control (ICISC), Coimbatore, India, pp. 280–286 (2018). https://doi.org/10.1109/ICISC.2018.8399079
Kanta, A., Coray, S., Coisel, I., Scanlon, M.: How viable is password cracking in digital forensic investigation? Analyzing the guessability of over 3.9 billion real-world accounts. Forensic Sci. Int.: Digit. Invest. 37 (2021)
Google Scholar
Brown, A.S., Bracken, E., Zoccoli, S., Douglas, K.: Generating and remembering passwords. Appl. Cognit. Psychol.: Off. J. Soc. Appl. Res. Mem. Cogn. 18(6), 641–651 (2004)
Google Scholar
Hunt, T.: The science of password selections. TroyHunt.com blog (2011). https://www.troyhunt.com/science-of-password-selection/
Fukami, A., Stoykova, R., Geradts, Z.: A new model for forensic data extraction from encrypted mobile devices. Forensic Sci. Int.: Digit. Invest. 38, 301169 (2021). https://doi.org/10.1016/j.fsidi.2021.301169. ISSN 2666-2817
Bielska, A., Kurs, N., Baumgartner, Y., Benetis, V.: OpenSource intelligence tools and resources handbook. I-Intelligence (2020). https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf
Kanta, A., Coisel, I., Scanlon, M.: A survey exploring open source intelligence for smarter password cracking. Forensic Sci. Int.: Digit. Invest. 35, 301075 (2020). https://doi.org/10.1016/j.fsidi.2020.301075
Quick, D., Choo, K.: Digital forensic intelligence: data subsets and open source intelligence (DFINT+OSINT): a timely and cohesive mix. Future Gener. Comput. Syst. 78(Part 2), 558–567 (2018). https://doi.org/10.1016/j.future.2016.12.032. ISSN 0167-739X
Bang, Y., Lee, D., Bae, Y., Ahn, J.: Improving information security management: an analysis of ID–password usage and a new login vulnerability measure. Int. J. Inf. Manage. 32(5), 409–418 (2012). https://doi.org/10.1016/j.ijinfomgt.2012.01.001. ISSN 0268-4012
Vo, N.: How long does it take to crack a password? A brief explanation. Locker (2022). https://locker.io/blog/time-to-crack-a-password
Jiang, X., Sun, X., Liu, Q.: Password guessing attack based on probabilistic context free algorithm. In: 2022 IEEE 8th International Conference on Computer and Communications (ICCC), Chengdu, China, pp. 1234–1238 (2022). https://doi.org/10.1109/ICCC56324.2022.10065766

Download references

Author information

Authors and Affiliations

Public Ministry of Minas Gerais State, Av. Álvares Cabral, 1690, Belo Horizonte, Brazil
Lilian Noronha Nassif & Jonny Silva de Oliveira
Pontifical Catholic University of Minas Gerais, Av. Dom José Gaspar, 500, Belo Horizonte, Brazil
Lilian Noronha Nassif

Authors

Lilian Noronha Nassif
View author publications
You can also search for this author in PubMed Google Scholar
Jonny Silva de Oliveira
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lilian Noronha Nassif .

Editor information

Editors and Affiliations

University of Albany, Albany, GA, USA
Sanjay Goel
Universidade Federal do Espírito Santo, Alegre, Brazil
Paulo Roberto Nunes de Souza

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Nassif, L.N., de Oliveira, J.S. (2024). Learning Framework for Guessing Alphanumeric Passwords on Mobile Phones Based on User Context and Fragment Semantics. In: Goel, S., Nunes de Souza, P.R. (eds) Digital Forensics and Cyber Crime. ICDF2C 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-031-56583-0_2

Download citation

DOI: https://doi.org/10.1007/978-3-031-56583-0_2
Published: 03 April 2024
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56582-3
Online ISBN: 978-3-031-56583-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics