212 research outputs found
A Novel WLAN Client Puzzle against DoS Attack Based on Pattern Matching
Despite the popularity of 802.11 based networks, they suffer several types of DoS attack, launched by an attacker whose aim is to make an access point (AP) unavailable to legitimate users. One of the most common DoS attacks on 802.11 based networks is to deplete the resources of the AP. A serious situation like this can occur when the AP receives a burst of connection requests. This paper addresses this common DoS attack and proposes a lightweight puzzle, based on pattern-matching. Using a pattern-matching technique, this model adequately resists resource-depletion attacks in terms of both puzzle generation and solution verification. Using a sensible series of contextual comparisons, the outcomes were modelled by a simulator, and the security definition and proofs are verified, among other results
Guesswork is not a substitute for Entropy
Shannon entropy is often considered as a measure of uncertainty. It
is commonly believed that entropy is a good measure of how many guesses it
will take to correctly guess a single value generated by a source. This belief is
not well founded. We summarise some work in this area, explore how this
belief may have arisen via the asymptotic equipartition property and outline a
hands-on calculation for guesswork asymptotics
Exact Probability Distribution versus Entropy
The problem addressed concerns the determination of the average number of
successive attempts of guessing a word of a certain length consisting of
letters with given probabilities of occurrence. Both first- and second-order
approximations to a natural language are considered. The guessing strategy used
is guessing words in decreasing order of probability. When word and alphabet
sizes are large, approximations are necessary in order to estimate the number
of guesses. Several kinds of approximations are discussed demonstrating
moderate requirements concerning both memory and CPU time. When considering
realistic sizes of alphabets and words (100) the number of guesses can be
estimated within minutes with reasonable accuracy (a few percent). For many
probability distributions the density of the logarithm of probability products
is close to a normal distribution. For those cases it is possible to derive an
analytical expression for the average number of guesses. The proportion of
guesses needed on average compared to the total number decreases almost
exponentially with the word length. The leading term in an asymptotic expansion
can be used to estimate the number of guesses for large word lengths.
Comparisons with analytical lower bounds and entropy expressions are also
provided
Investigating the Distribution of Password Choices
In this paper we will look at the distribution with which passwords are
chosen. Zipf's Law is commonly observed in lists of chosen words. Using
password lists from four different on-line sources, we will investigate if
Zipf's law is a good candidate for describing the frequency with which
passwords are chosen. We look at a number of standard statistics, used to
measure the security of password distributions, and see if modelling the data
using Zipf's Law produces good estimates of these statistics. We then look at
the the similarity of the password distributions from each of our sources,
using guessing as a metric. This shows that these distributions provide
effective tools for cracking passwords. Finally, we will show how to shape the
distribution of passwords in use, by occasionally asking users to choose a
different password
Quantum guesswork
The guesswork quantifies the minimum cost incurred in guessing the state of a
quantum ensemble, when only one state can be queried at a time. Here, we derive
the guesswork for a broad class of ensembles and cost functions.Comment: 6 page
- …