Filters








479 Hits in 4.5 sec

Password Strength Signaling: A Counter-Intuitive Defense Against Password Cracking [article]

Wenjie Bai, Jeremiah Blocki, Ben Harsha
2021 arXiv   pre-print
We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks.  ...  Thus, a well-defined signaling strategy will encourage the attacker to reduce his guessing costs by cracking fewer passwords.  ...  Contributions We introduce password information signaling as a novel, counter-intuitive, defense against rational password attackers.  ... 
arXiv:2009.10060v5 fatcat:ood2ykcaefbz7f6ac3tlg673y4

Usability and Security An Appraisal of Usability Issues in Information Security Methods

E.Eugene Schultz, Robert W Proctor, Mei-Ching Lien, Gavriel Salvendy
2001 Computers & security  
The intent is to make a strong case for the need for systematic usability analyses and for the development of usability metrics for information security.  ...  In the present paper, we review the various information security methods that are used, appraise the usability issues, and develop a taxonomy to organize these issues.  ...  An unauthorized user can gain entry by accessing electronic messages that contain passwords, cracking passwords, or entering successive username-password combinations until successful (unless the system  ... 
doi:10.1016/s0167-4048(01)00712-x fatcat:u7auhmubd5eddbzgtrljrnd47i

Zipf's Law in Passwords

Ding Wang, Haibo Cheng, Ping Wang, Xinyi Huang, Gaopeng Jian
2017 IEEE Transactions on Information Forensics and Security  
By conducting linear regressions on a corpus of 97.2 million passwords (a mass of chaotic data), we for the first time show that Zipf's law perfectly exists in user-generated passwords, figure out the  ...  the strength of password datasets, and prove its correctness in a mathematically rigorous manner.  ...  counter-intuitive relationship: G α (U N ) ̸ = µ α (U N ).  ... 
doi:10.1109/tifs.2017.2721359 fatcat:enjpsga34rd7hpvzel6uozysym

The "Iterated Weakest Link" Model of Adaptive Security Investment

Rainer Böhme, Tyler Moore
2016 Journal of Information Security  
We devise a model for security investment that reflects dynamic interaction between a defender, who faces uncertainty, and an attacker, who repeatedly targets the weakest link.  ...  We show how the best strategy depends on the defender's knowledge about prospective attacks and the recoverability of costs when upgrading defenses reactively.  ...  Acknowledgements We thank Chad Heitzenrater, the anonymous reviewers and participants of the 2009 Workshop on the Economics of Information Security (WEIS), and the anonymous reviewers of this special issue  ... 
doi:10.4236/jis.2016.72006 fatcat:3mafztdhdrf7tngpejgxvmeula

Intrusion and intrusion detection

John McHugh
2001 International Journal of Information Security  
With respect to the latter, it notes that, like many fields, intrusion detection has been based on a combination of intuition and brute-force techniques.  ...  It ends with a brief discussion of the problems associated with evaluating intrusion detection systems and a discussion of the difficulties associated with making further progress in the field.  ...  Stefan Axelsson of Chalmers University provided valuable insights into intrusion detection as a signal detection problem and has been extremely generous in sharing his exten-sive bibliography and other  ... 
doi:10.1007/s102070100001 fatcat:7itrx4jiofherarfsrhp527fpa

Narrative Information Management [article]

Richard J. Cordes, Shaun Applegate-Swanson, Daniel Ari Friedman, Virginia Bleu Knight, Alexandra Mikhailova
2021 Zenodo  
In this paper, we address the need for synthesis and exchange of knowledge, tools, and approaches among various fields by proposing Narrative Information Management (NIM) as a unifying term and framework  ...  There are many areas of research defined by their interest in information dynamics related to facilitating organizational sensemaking, such as knowledge management, information management, and library  ...  , "Which precedents can we use to structure a legal defense?")  ... 
doi:10.5281/zenodo.5565578 fatcat:7incd5aftzbd7c3y73rs5rh2am

Narrative Information Management [article]

Richard J. Cordes, Shaun Applegate-Swanson, Daniel Ari Friedman, Virginia Bleu Knight, Alexandra Mikhailova
2021 Zenodo  
In this paper, we address the need for synthesis and exchange of knowledge, tools, and approaches among various fields by proposing Narrative Information Management (NIM) as a unifying term and framework  ...  There are many areas of research defined by their interest in information dynamics related to facilitating organizational sensemaking, such as knowledge management, information management, and library  ...  , "Which precedents can we use to structure a legal defense?")  ... 
doi:10.5281/zenodo.5565577 fatcat:h6fbrpgawvhn3b3tq7fuxm3mdu

Security Analysis for CBTC Systems under Attack–Defense Confrontation

Wenhao Wu, Bing Bu
2019 Electronics  
Communication-based train controls (CBTC) systems play a major role in urban rail transportation.  ...  Finally, we compared the security of the system with single defensive measures and multiple defensive measures.  ...  The prerequisite for successful password cracking is that the system uses a weak password. A complex password requires an extensive dictionary and a lot of time to crack.  ... 
doi:10.3390/electronics8090991 fatcat:pgpmeucoufgl3iibwp5tumw5q4

Principal Component Analysis Based on Graph Laplacian and Double Sparse Constraints for Feature Selection and Sample Clustering on Multi-View Data

Ming-Juan Wu, Ying-Lian Gao, Jin-Xing Liu, Rong Zhu, Juan Wang
2019 Human Heredity  
Principal component analysis (PCA) is a widely used method for evaluating low-dimensional data.  ...  This way, we can make a better interpretation of the new PCs in low-dimensional subspace.  ...  The prerequisite for successful password cracking is that the system uses a weak password. A complex password requires an extensive dictionary and a lot of time to crack.  ... 
doi:10.1159/000501653 pmid:31466072 fatcat:4t3pyuevbvdz5iruxikplkzgbq

DALock: Password Distribution-Aware Throttling

Jeremiah Blocki, Wuwei Zhang
2022 Proceedings on Privacy Enhancing Technologies  
The common method for mitigating the risk of online cracking is to lock out the user after a fixed number (K) of consecutive incorrect login attempts.  ...  Large-scale online password guessing attacks are widespread and pose a persistant privacy and security threat to users.  ...  Wuwei Zhang was supported in part by a grant from Purdue Research Foundation. A preliminary draft of this paper was presented at WAY 2019.  ... 
doi:10.56553/popets-2022-0084 fatcat:jkk5jb5365dqziyokcht4fdkhy

History of Computer Security [chapter]

Umesh Hodeghatta Rao, Umesha Nayak
2014 The InfoSec Handbook  
Web 3.0 technology called 'the intelligent Web' emphasized machine-facilitated understanding of information to provide a more intuitive user experience.  ...  Semaphore Flags are the telegraphy system that conveys information at a distance by means of visual signals with handheld flags, rods, disks, paddles, or occasionally bare or gloved hands.  ...  During the same time, the term "cracker" originated as a name for people who crack the system's security, often by cracking the system's password. Figure 2-3.  ... 
doi:10.1007/978-1-4302-6383-8_2 fatcat:pqfuv2vd3nfqrn75ocz2umg6yq

On the Security of Cracking-Resistant Password Vaults

Maximilian Golla, Benedict Beuscher, Markus Dürmuth
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
To protect the master password against guessing attacks, previous work has introduced cracking-resistant password vaults based on Honey Encryption.  ...  In this work, we propose attacks against cracking-resistant password vaults that are able to distinguish between real and decoy vaults with high accuracy and thus circumvent the offered protection.  ...  The authors of NoCrack implemented a full version of a Honey Encryption-based password vault. The implementation must be considered a prototype which does not always  ... 
doi:10.1145/2976749.2978416 dblp:conf/ccs/GollaBD16 fatcat:ki3wnb7zrnfarnlm2zxv7cnbcm

Honeyword-based Authentication Techniques for Protecting Passwords: A Survey

Nilesh Chakraborty, Jianqiang Li, Victor C. M. Leung, Samrat Mondal, Yi Pan, Chengwen Luo, Mithun Mukherjee
2022 ACM Computing Surveys  
Honeyword (or decoy password) based authentication, first introduced by Juels and Rivest in 2013, has emerged as a security mechanism that can provide security against server-side threats on the password-files  ...  From the theoretical perspective, this security mechanism reduces attackers' efficiency to a great extent as it detects the threat on a password-file so that the system administrator can be notified almost  ...  Obtained information by A under conventional and honeyword-based defenses. Fig. 5 . 5 Fig. 5. A taxonomy of existing state-of-the-art honeyword generation approaches, reviewed in this article.  ... 
doi:10.1145/3552431 fatcat:2iza3ysbxnc23dqmm7y4qw4rku

Assessing and managing risks to information assurance: A methodological approach

Gregory A. Lamm, Yacov Y. Haimes
2002 Systems Engineering  
The organizations are interagency organizations that span across law enforcement, defense, counter terrorism, cabinet offices, research, academia and the private sector.  ...  sessions Exploiting Backdoors Viruses/Trojan Horses Disabling Audits Exploiting Vulnerabilities Password Cracking Self-replicating code Point and Click Hacker Tools Killer Viruses Denial  ...  Level 5: Systems for simple requirements, which do not inform human operators or take appropriate actions after a fault is noted.  ... 
doi:10.1002/sys.10030 fatcat:3cthjejvubexfbzjaht7q77kby

Quantifying the security advantage of password expiration policies

Sonia Chiasson, P. C. van Oorschot
2015 Designs, Codes and Cryptography  
In this note, we quantify the security advantage of a password expiration policy, finding that the optimal benefit is relatively minor at best, and questionable in light of overall costs.  ...  Many security policies force users to change passwords within fixed intervals, with the apparent justification that this improves overall security.  ...  (If you find this counter-intuitive, consider this question, related to Q1 above: if z is the probability that an attacker's next guess is your password, how does z change if you change your password just  ... 
doi:10.1007/s10623-015-0071-9 fatcat:ikypvrf5e5g7vgddorcxyqdsfq
« Previous Showing results 1 — 15 out of 479 results