skip to main content
10.1145/2799979.2799992acmotherconferencesArticle/Chapter ViewAbstractPublication PagessinConference Proceedingsconference-collections
research-article

Few notes towards making honeyword system more secure and usable

Published:08 September 2015Publication History

ABSTRACT

Traditionally the passwords are stored in hashed format. However, if the password file is compromised then by using the brute force attack there is a high chance that the original passwords can be leaked. False passwords -- also known as honeywords, are used to protect the original passwords from such leak. A good honeyword system is dependent on effective honeyword generation techniques. In this paper, the risk and limitations of some of the existing honeyword generation techniques have been identified as different notes. Three concepts -- modified tails, close number formation and caps key are introduced to address the existing issues. The experimental analysis shows that the proposed techniques with some preprocessing can protect high percentage of passwords. Finally a comparative analysis is presented to show how the proposed approaches stand with respect to the existing honeyword generation approaches.

References

  1. https://wiki.skullsecurity.org/Passwords. Last Accessed: 2015-06-26.Google ScholarGoogle Scholar
  2. H. Bojinov, E. Bursztein, X. Boyen, and D. Boneh. Kamouflage: Loss-resistant password management. In Computer Security--ESORICS 2010, pages 286--302. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Burnett. 10000 top passwords. https://xato.net/passwords/more-top-worst-passwords/#.VEzgQyKUc10. Last Accessed: 2015-04-20.Google ScholarGoogle Scholar
  4. M. Burnett. The pathetic reality of adobe password hints. http://xato.net/windows-security/adobe-password-hints. Last Accessed: 2015-04-20.Google ScholarGoogle Scholar
  5. N. Chakraborty and S. Mondal. Tag digit based honeypot to detect shoulder surfing attack. In Security in Computing and Communications, pages 101--110. Springer, 2014.Google ScholarGoogle ScholarCross RefCross Ref
  6. F. Cohen. The use of deception techniques: Honeypots and decoys. Handbook of Information Security, 3: 646--655, 2006.Google ScholarGoogle Scholar
  7. S. Ewalt. 60 percent of user passwords are less than 5 characters long. http://insight.equifax.com/60-percent-of-user-passwords-are-less-than-5-characters-long/. Last Accessed: 2015-06-26.Google ScholarGoogle Scholar
  8. C. Gaylord. Linkedin, last. fm, now yahoo? don't ignore news of a password breach. Christian Science Monitor, 13, 2012.Google ScholarGoogle Scholar
  9. D. Gross. 50 million compromised in evernote hack. CNN, March 2013.Google ScholarGoogle Scholar
  10. D. P. Jablon. Extended password key exchange protocols immune to dictionary attack. In Enabling Technologies: Infrastructure for Collaborative Enterprises, 1997. Proceedings., Sixth IEEE Workshops on, pages 248--255. IEEE, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. A. Juels and R. L. Rivest. Honeywords: Making password-cracking detectable. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 145--160. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, and J. Lopez. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 523--537. IEEE, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Weir, S. Aggarwal, B. De Medeiros, and B. Glodek. Password cracking using probabilistic context-free grammars. In Security and Privacy, 2009 30th IEEE Symposium on, pages 391--405. IEEE, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J. Yan, A. Blackwell, R. Anderson, and A. Grant. The memorability and security of passwords: some empirical results. Technical Report-University Of Cambridge Computer Laboratory, page 1, 2000.Google ScholarGoogle Scholar

Index Terms

  1. Few notes towards making honeyword system more secure and usable

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in
        • Published in

          cover image ACM Other conferences
          SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks
          September 2015
          350 pages
          ISBN:9781450334532
          DOI:10.1145/2799979

          Copyright © 2015 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 8 September 2015

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article

          Acceptance Rates

          SIN '15 Paper Acceptance Rate34of92submissions,37%Overall Acceptance Rate102of289submissions,35%

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader