19,972 research outputs found
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
A proactive password checker
Password selection has long been a difficult issue; traditionally, passwords are either assigned by the computer or chosen by the user. When the computer does the assignment, the passwords are often hard to remember; when the user makes the selection, the passwords are often easy to guess. This paper describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. The technique is site, user, and group compatible, and allows rapid changing of constraints imposed upon the password. Although experience with this technique is limited, it appears to have much promise
EnFilter: a Password Enforcement and Filter
EnFilter is a Proactive Password Checking System, designed to avoid password guessing attacks. It is made of a set of configurable filters, each one based on a specific pattern recognition measure that can be tuned by the system administrator depending on the adopted password policy. Filters use decision trees, lexical analysers, as well as Levenshtein distance based techniques. EnFilter is implemented for Windows 2000/2003/XP
Usable Security: Why Do We Need It? How Do We Get It?
Security experts frequently refer to people as âthe weakest link in the chainâ of system
security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password,
because it âwas easier to dupe people into revealing itâ by employing a range of social
engineering techniques. Often, such failures are attributed to usersâ carelessness and
ignorance. However, more enlightened researchers have pointed out that current security
tools are simply too complex for many users, and they have made efforts to improve
user interfaces to security tools. In this chapter, we aim to broaden the current perspective,
focusing on the usability of security tools (or products) and the process of designing
secure systems for the real-world context (the panorama) in which they have to operate.
Here we demonstrate how current human factors knowledge and user-centered design
principles can help security designers produce security solutions that are effective in practice
One Time Password Scheme Via Secret Sharing Techniques
Many organizations today are seeking to improve security by implementing multi-factor authentication, i.e. authentication requiring more than one independent mechanism to prove one\u27s identity. One-time passwords in the form of hardware tokens in combination with conventional passwords have emerged as the predominant means in high security environments to satisfy the independent identification criteria for strong authentication. However, current popular public one-time passwords solutions such as HOTP, mOTP, TOTP, and S/Key depend on the computational complexity of breaking encryption or hash functions for security. This thesis will present an efficient and information-theoretically secure one-time password system called Shamir-OTP that is based upon secret sharing techniques
Malware detection and analysis via layered annotative execution
Malicious software (i.e., malware) has become a severe threat to interconnected computer systems for decades and has caused billions of dollars damages each year. A large volume of new malware samples are discovered daily. Even worse, malware is rapidly evolving to be more sophisticated and evasive to strike against current malware analysis and defense systems. This dissertation takes a root-cause oriented approach to the problem of automatic malware detection and analysis. In this approach, we aim to capture the intrinsic natures of malicious behaviors, rather than the external symptoms of existing attacks. We propose a new architecture for binary code analysis, which is called whole-system out-of-the-box fine-grained dynamic binary analysis, to address the common challenges in malware detection and analysis. to realize this architecture, we build a unified and extensible analysis platform, codenamed TEMU. We propose a core technique for fine-grained dynamic binary analysis, called layered annotative execution, and implement this technique in TEMU. Then on the basis of TEMU, we have proposed and built a series of novel techniques for automatic malware detection and analysis. For postmortem malware analysis, we have developed Renovo, Panorama, HookFinder, and MineSweeper, for detecting and analyzing various aspects of malware. For proactive malware detection, we have built HookScout as a proactive hook detection system. These techniques capture intrinsic characteristics of malware and thus are well suited for dealing with new malware samples and attack mechanisms
One Time Password Scheme Via Secret Sharing Techniques
Many organizations today are seeking to improve security by implementing multi-factor authentication, i.e. authentication requiring more than one independent mechanism to prove one\u27s identity. One-time passwords in the form of hardware tokens in combination with conventional passwords have emerged as the predominant means in high security environments to satisfy the independent identification criteria for strong authentication. However, current popular public one-time passwords solutions such as HOTP, mOTP, TOTP, and S/Key depend on the computational complexity of breaking encryption or hash functions for security. This thesis will present an efficient and information-theoretically secure one-time password system called Shamir-OTP that is based upon secret sharing techniques
- âŠ