4,713 research outputs found
ZETA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Reliable authentication requires the devices and
channels involved in the process to be trustworthy; otherwise
authentication secrets can easily be compromised. Given the
unceasing efforts of attackers worldwide such trustworthiness
is increasingly not a given. A variety of technical solutions,
such as utilising multiple devices/channels and verification
protocols, has the potential to mitigate the threat of untrusted
communications to a certain extent. Yet such technical solutions
make two assumptions: (1) users have access to multiple
devices and (2) attackers will not resort to hacking the human,
using social engineering techniques. In this paper, we propose
and explore the potential of using human-based computation
instead of solely technical solutions to mitigate the threat of
untrusted devices and channels. ZeTA (Zero Trust Authentication
on untrusted channels) has the potential to allow people to
authenticate despite compromised channels or communications
and easily observed usage. Our contributions are threefold:
(1) We propose the ZeTA protocol with a formal definition
and security analysis that utilises semantics and human-based
computation to ameliorate the problem of untrusted devices
and channels. (2) We outline a security analysis to assess
the envisaged performance of the proposed authentication
protocol. (3) We report on a usability study that explores the
viability of relying on human computation in this context
Interpretable Probabilistic Password Strength Meters via Deep Learning
Probabilistic password strength meters have been proved to be the most
accurate tools to measure password strength. Unfortunately, by construction,
they are limited to solely produce an opaque security estimation that fails to
fully support the user during the password composition. In the present work, we
move the first steps towards cracking the intelligibility barrier of this
compelling class of meters. We show that probabilistic password meters
inherently own the capability of describing the latent relation occurring
between password strength and password structure. In our approach, the security
contribution of each character composing a password is disentangled and used to
provide explicit fine-grained feedback for the user. Furthermore, unlike
existing heuristic constructions, our method is free from any human bias, and,
more importantly, its feedback has a clear probabilistic interpretation. In our
contribution: (1) we formulate the theoretical foundations of interpretable
probabilistic password strength meters; (2) we describe how they can be
implemented via an efficient and lightweight deep learning framework suitable
for client-side operability.Comment: An abridged version of this paper appears in the proceedings of the
25th European Symposium on Research in Computer Security (ESORICS) 202
A Survey on Password Guessing
Text password has served as the most popular method for user authentication
so far, and is not likely to be totally replaced in foreseeable future.
Password authentication offers several desirable properties (e.g., low-cost,
highly available, easy-to-implement, reusable). However, it suffers from a
critical security issue mainly caused by the inability to memorize complicated
strings of humans. Users tend to choose easy-to-remember passwords which are
not uniformly distributed in the key space. Thus, user-selected passwords are
susceptible to guessing attacks. In order to encourage and support users to use
strong passwords, it is necessary to simulate automated password guessing
methods to determine the passwords' strength and identify weak passwords. A
large number of password guessing models have been proposed in the literature.
However, little attention was paid to the task of providing a systematic survey
which is necessary to review the state-of-the-art approaches, identify gaps,
and avoid duplicate studies. Motivated by that, we conduct a comprehensive
survey on all password guessing studies presented in the literature from 1979
to 2022. We propose a generic methodology map to present an overview of
existing methods. Then, we explain each representative approach in detail. The
experimental procedures and available datasets used to evaluate password
guessing models are summarized, and the reported performances of representative
studies are compared. Finally, the current limitations and the open problems as
future research directions are discussed. We believe that this survey is
helpful to both experts and newcomers who are interested in password securityComment: 35 pages, 5 figures, 5 table
On Improving the Memorability of System-Assigned Recognition-Based Passwords
User-chosen passwords reflecting common strategies and patterns ease memorization but offer uncertain and often weak security, while system-assigned passwords provide higher security guarantee but suffer from poor memorability. We thus examine the technique to enhance password memorability that incorporates a scientific understanding of long-term memory. In particular, we examine the efficacy of providing users with verbal cues—real-life facts corresponding to system-assigned keywords. We also explore the usability gain of including images related to the keywords along with verbal cues. In our multi-session lab study with 52 participants, textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94.23%) compared to the control condition, i.e., textual recognition without verbal cues (61.54%). We found that when users were provided with verbal cues, adding images contributed to faster recognition of the assigned keywords, and thus had an overall improvement in usability. So, we conducted a field study with 54 participants to further examine the usability of graphical recognition-based scheme offering verbal cues, which showed an average login success rate of 98% in a real-life setting and an overall improvement in login performance with more login sessions. These findings show a promising research direction to gain high memorability for system-assigned passwords
Kreiranje lozinki: između prototipne perpektive i konceptualnog prostora LJUBAVI
Aided by the instruments of prototype theory, the current study sets out to determine whether in password creation there is a common underlying cognitive pattern in the categorization of the elusive natural language concept of LOVE. Our framework combines free listing, a method providing critical information about the words that are more generally associated with a concept, and analysis of prototype rating surveys. The results obtained are compared to a dataset of randomly selected passwords to determine the semantic associations of the concept of LOVE and clarify the semantic processes involved in the structure of passwords. Results suggest that, in categorizing LOVE, password users have compatible representations that afford a meeting of minds. We conclude that LOVE acts as a fixpoint in the mental processing of this CONCEPTUAL SPACE and that it takes, with password users, idealized forms of representations rather than individual experience-based representations, as might be expected. Our investigation method has facilitated the collection of data on how LOVE prototypes specify more exhaustively the mode of synthesis and the cognitive mapping under which these may occur.Primjenjujući instrumente teorije prototipova, u ovoj se studiji nastoji utvrditi postoji li pri kreiranju lozinki zajednički kognitivni uzorak na temelju kojega se kategorizira pojam LJUBAVI. Analitičku okosnicu rada čini kombinacija metode slobodnog nabrajanja, kojom se izlučilo ključne informacije o riječima koje se općenito vezuju uz pojam i analize rezultata
rangiranja prototipnosti. Dobiveni su rezultati uspoređeni s bazom nasumično odabranih lozinki kako bi se utvrdile semantičke asocijacije pojma LJUBAVI i razjasnili semantički procesi u strukturi lozinki. Rezultati ukazuju na to da u kategorizaciji LJUBAVI korisnici lozinki imaju sukladne konceptualne prikaze koji omogućuju susret umova. Zaključak je studije da LJUBAV djeluje kao svojevrsno sidršte u mentalnoj obradi dotičnog KONCEPTUALNOG PROSTORA te da ga u korisnika lozinki obilježava idealiziran oblik prikaza, a ne, protivno očekivanjima, prikazi temeljeni na pojedinačnim iskustvima. Naš je analitički pristup omogućio prikupljanje podataka o tome na koji način prototipovi LJUBAVI elaboriraju način sintetiziranja i kognitivnih preslikavanja unutar kojih se oni mogu pojaviti
International Conference on Computer Science and Communication Engineering
UBT Annual International Conference is the 8th international interdisciplinary peer reviewed conference which publishes works of the scientists as well as practitioners in the area where UBT is active in Education, Research and Development. The UBT aims to implement an integrated strategy to establish itself as an internationally competitive, research-intensive university, committed to the transfer of knowledge and the provision of a world-class education to the most talented students from all background. The main perspective of the conference is to connect the scientists and practitioners from different disciplines in the same place and make them be aware of the recent advancements in different research fields, and provide them with a unique forum to share their experiences. It is also the place to support the new academic staff for doing research and publish their work in international standard level.
This conference consists of sub conferences in different fields like:
– Computer Science and Communication Engineering– Management, Business and Economics– Mechatronics, System Engineering and Robotics– Energy Efficiency Engineering– Information Systems and Security– Architecture – Spatial Planning– Civil Engineering , Infrastructure and Environment– Law– Political Science– Journalism , Media and Communication– Food Science and Technology– Pharmaceutical and Natural Sciences– Design– Psychology– Education and Development– Fashion– Music– Art and Digital Media– Dentistry– Applied Medicine– Nursing
This conference is the major scientific event of the UBT. It is organizing annually and always in cooperation with the partner universities from the region and Europe. We have to thank all Authors, partners, sponsors and also the conference organizing team making this event a real international scientific event.
Edmond Hajrizi, President of UBTUBT – Higher Education Institutio
PassViz: A Visualisation System for Analysing Leaked Passwords
Passwords remain the most widely used form of user authentication, despite
advancements in other methods. However, their limitations, such as
susceptibility to attacks, especially weak passwords defined by human users,
are well-documented. The existence of weak human-defined passwords has led to
repeated password leaks from websites, many of which are of large scale. While
such password leaks are unfortunate security incidents, they provide security
researchers and practitioners with good opportunities to learn valuable
insights from such leaked passwords, in order to identify ways to improve
password policies and other security controls on passwords. Researchers have
proposed different data visualisation techniques to help analyse leaked
passwords. However, many approaches rely solely on frequency analysis, with
limited exploration of distance-based graphs. This paper reports PassViz, a
novel method that combines the edit distance with the t-SNE (t-distributed
stochastic neighbour embedding) dimensionality reduction algorithm for
visualising and analysing leaked passwords in a 2-D space. We implemented
PassViz as an easy-to-use command-line tool for visualising large-scale
password databases, and also as a graphical user interface (GUI) to support
interactive visual analytics of small password databases. Using the
"000webhost" leaked database as an example, we show how PassViz can be used to
visually analyse different aspects of leaked passwords and to facilitate the
discovery of previously unknown password patterns. Overall, our approach
empowers researchers and practitioners to gain valuable insights and improve
password security through effective data visualisation and analysis
- …