Dynamic User-Dependent Technique for Robust Multi-Password Generation Against Offline Cracking Attacks
Keywords:
Cybercrime, Cracking attacks, Time-to-crack, Cyber-Protection, SecurityAbstract
This research presented a user-dependent robust multi-password generation technique for authentication. Dynamic chaffing-with-tough-nuts technique was used to dynamically generate real-user triplicate passwords and multiple honey passwords. These combinations stored in a single password relation leaves authentication to a correct combination of the real user triplicate password. A character transformation function used for the implementation leaves a 47% increase in the character length of the already supplied user-password with mandatory inclusion of an array of symbols in the given password, thereby creating a high entropy password. The strength of the generated password analysed against the Hive Systems` report shows that passwords generated through the techniques even with weak hashing algorithm like MD5 would take approximately 7trillion years to crack, thus becomes near impossible to crack using rainbow table attack. Upon successful password cracking, it would take a correct combination of the triplicate model for access to be granted.
References
Department for Digital Culture Media and Sport, “Cyber Security Breaches Survey 2021 Statistical Release,” London, 2021.
H. Alquran and B. Ferdousi, “Effect of Cybersecurity , Privacy and Academic Integrity Concerns on Assessment in E-Learning Environment,” Int. J. Sci. Res. Multidiscip. Stud., Vol.8, Issue.11, pp. 11–18, 2022.
M. Koteshwar and B. B. J. Singh, “Survey Report on Cyber Crimes and Cyber Criminals Get Protected from Cyber Crimes Review Paper,” Int. J. Comput. Sci. Eng., Vol.7, Issue.12, pp.99–109, 2019, doi: 10.26438/ijcse/v7i12.99109.
A. Al Hasib, “Threats of Online Social Networks,” Int. J. Comput. Sci. Netw. Secur., Vol.9, Issue.11, pp.288, 2009.
Thomas F. Stafford and Robin Poston, “Online Security Threats and Computer User Intentions.” IEEE Computer Society, 2010.
L. Cheng, F. Liu, and D. D. Yao, “Enterprise data breach: causes, challenges, prevention, and future directions,” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, Wiley-Blackwell, Vol.7, Issue.5. 01-Sep-2017, doi: 10.1002/widm.1211.
S. Wheatley, A. Hofmann, and D. Sornette, “Data breaches in the catastrophe framework & beyond,” 2019.
IBM Security, “Cost of a Data Breach Report 2020 2 Contents,” 2020.
D. V Klein, “‘“ Foiling the Cracker ”’: A Survey of , and Improvements to , Password Securit y †.”
D. Florêncio, C. Herley, and P. C. Van Oorschot, “An Administrator ’ s Guide to Internet Password Research,” in 28th Large Installation System Administration Conference (LISA14), 2014.
E. Stobert and R. Biddle, “A Password Manager that Doesn ’ t Remember Passwords,” ACM, pp.39–52, 2014, doi: http://dx.doi.org/10.1145/2683467.2683471.
R. Blake, J. Collin, M. Nick, B. Dan, and C. M. John, “Stronger Password Authentication Using Browser Extensions 1,” 4th USENIX Security Symposium, 2005. [Online]. Available: https://www.usenix.org/legacy/event/sec05/tech/full_papers/ross/ross_html/. [Accessed: 29-Mar-2023].
C. Somboonpattanakit and N. Wisitpongphan, “Secure Password Storing Using Prime Decomposition,” IAENG Int. J. Comput. Sci., Vol.48, Issue.1, 2021.
N. Katrandzhiev, D. Hristozov, and B. Milenkov, “A Comparison of Password Protection Methods for Web-Based Platforms Implemented with PHP and MySQL,” 2019.
R. Hranický, L. Zobal, V. Ve?e?a, and P. Matoušek, “Distributed Password Cracking in a Hybrid Environment,” 2017.
G. Soumya, P. Soumya, and M. Student, “Authentication by Encrypted Negative Password,” J. Resour. Manag. Technol., Vol.12, Issue.1, pp.437–442, 2021.
J. Blocki and A. Datta, “CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection,” in 29th IEEE Computer Security Foundations Symposium, 2015, doi: DOI: 10.1109/CSF.2016.33.
S. Anand, N. Susila, and S. Balakrishnan, “Challenges and issues in ensuring safe cloud based password management to enhance security,” Int. J. Pure Appl. Math., Vol.119, Issue.12, pp.1207–1215, 2018.
Shubham Sawant, Pratik Saptal, Kritish Lokhande, Karan Gadhave, and Randeep Kaur, “Honeywords - Making Password Cracking Detectable,” Int. J. Eng. Res. Adv. Technol., Vol.4, Issue.4, Apr. 2018, doi: http://dx.doi.org/10.7324/IJERAT.2018.3218.
Changhee Lee and Heejo Lee, “A Password Stretching Method using User Specific Salts,” in WWW ’07: Proceedings of the 16th international conference on World Wide Web, pp.1215–1216, 2007. doi: https://doi.org/10.1145/1242572.1242772.
A. Reinhold and A. G. Reinhold, “HEKS: A Family of Key Stretching Algorithms Breastfeeding economics View project Dummies books View project HEKS: A Family of Key Stretching Algorithms,” 1999.
I. Erguler, “Achieving Flatness: Selecting the Honeywords from Existing User Passwords,” IEEE Trans. Dependable Secur. Comput., Vol.13, Issue.2, pp.284–295, 2016, doi: 10.1109/TDSC.2015.2406707.
G. S. V. Bhanu and V. S. Naresh, “An Efficient Privacy Preserving Technique Using Decoy Passwords,” Int. J. Sci. Res. Manag., no. June 2017, 2017, doi: 10.18535/ijsrm/v5i6.36.
C. V Sailaja and B. T. Reddy, “Creating secure and dependable honey words to increase password security.,” Ann. Rom. Soc. Cell Biol., Vol.25, Issue.4, pp.19588–19594, 2021.
A. Mogaddam and M. Khan, Developing a password generating software Regarding password memorability and security. KTH Skolan för kemi, bioteknologi och hälsa 141 52 Huddinge, Sverige, 2022.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
