11,671 Hits in 4.2 sec

Revisiting Defenses against Large-Scale Online Password Guessing Attacks

M. Alsaleh, M. Mannan, P. C. van Oorschot
2012 IEEE Transactions on Dependable and Secure Computing  
Brute force and dictionary attacks on password-only remote login services are now widespread and ever increasing.  ...  Index Terms-online password guessing attacks, brute force attacks, password dictionary, ATTs.  ...  One effective defense against automated online password guessing attacks is to restrict the number of failed trials without ATTs to a very small number (e.g., three), Version: Feb. 13, 2011.  ... 
doi:10.1109/tdsc.2011.24 fatcat:3xxvtkelfvezda4ef36ftaeyda

Automated Password Extraction Attack on Modern Password Managers [article]

Raul Gonzalez, Eric Y. Chen, Collin Jackson
2013 arXiv   pre-print
We suggest techniques for web developers to protect their web applications from attack, and we propose alternative designs for a secure password manager.  ...  To encourage users to use stronger and more secure passwords, modern web browsers offer users password management services, allowing users to save previously entered passwords locally onto their hard drives  ...  Web Application Defenses The most straightforward approach to defend against attacks on the password manager is to turn off the password manager.  ... 
arXiv:1309.1416v1 fatcat:4bg2d4lq7jfqth3doqep4omgs4

Classifying RFID attacks and defenses

Aikaterini Mitrokotsa, Melanie R. Rieback, Andrew S. Tanenbaum
2009 Information Systems Frontiers  
, techniques and procedures to combat these attacks may be developed.  ...  The goal of the paper is to categorize the existing weaknesses of RFID communication so that a better understanding of RFID attacks can be achieved and subsequently more efficient and effective algorithms  ...  Acknowledgements We would like to thank Michael Beye for providing valuable comments and discussions and Christos Dimitrakakis for additional proofreading.  ... 
doi:10.1007/s10796-009-9210-z fatcat:ssm2czwm3fbdxjqfket4ieyxha

Kamouflage: Loss-Resistant Password Management [chapter]

Hristo Bojinov, Elie Bursztein, Xavier Boyen, Dan Boneh
2010 Lecture Notes in Computer Science  
We implemented our proposal as a replacement for the built-in Firefox password manager, and provide performance measurements and the results from experiments with large real-world password sets to evaluate  ...  An attacker who steals a laptop or cell phone with a Kamouflage-based password manager is forced to carry out a considerable amount of online work before obtaining any user credentials.  ...  Other potential defenses and their drawbacks are discussed in Section 6. Our contribution. We propose a new architecture for building theft-resistant password managers called Kamouflage.  ... 
doi:10.1007/978-3-642-15497-3_18 fatcat:nekiyufzljh75hxcfvrfpbrcma

Android UI Deception Revisited: Attacks and Defenses [chapter]

Earlence Fernandes, Qi Alfred Chen, Justin Paupore, Georg Essl, J. Alex Halderman, Z. Morley Mao, Atul Prakash
2017 Lecture Notes in Computer Science  
We discuss the vulnerabilities found, propose possible defenses, and then evaluate the defenses against different types of UI deception attacks.  ...  App-based deception attacks are increasingly a problem on mobile devices and they are used to steal passwords, credit card numbers, text messages, etc.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.  ... 
doi:10.1007/978-3-662-54970-4_3 fatcat:qp24pb4ikzfwhbfsmjpfzefmbm

Analysis Cookies Spoofing Attack and Defense Strategies

Dong-Hui LI
2017 DEStech Transactions on Computer Science and Engineering  
of deception Cookies, usage and work process analysis of the Cookies Cookies deception deception theory and method of stealing, cheating typical attacks against Cookies steps to simulate the identity  ...  Cookies deception is to steal, modify, forgery Cookies Web content to cheat the system and get the appropriate permission or authority to operate accordingly an attack, this article describes the definition  ...  build a defense Cookies spoofing and script injection system in a broad sense, you can avoid being attacked Cookies certain extent.  ... 
doi:10.12783/dtcse/aice-ncs2016/5667 fatcat:kidwvblmivdx3krdrk67ydnsly

Cybersecurity for Critical Infrastructures: Attack and Defense Modeling

Chee-Wooi Ten, Govindarasu Manimaran, Chen-Ching Liu
2010 IEEE transactions on systems, man and cybernetics. Part A. Systems and humans  
The leaf vulnerability is fundamental to the methodology that involves port auditing or password strength evaluation.  ...  In addition, an attack-tree-based methodology for impact analysis is developed.  ...  The improvement for an attack leaf and intrusion scenario can be measured with the implementation of defense nodes denoted as v (G) and V (i), respectively, for the leaf and scenario vulnerability after  ... 
doi:10.1109/tsmca.2010.2048028 fatcat:gbmrh67lvrcx3e63w22yast3aa

Horcrux: A Password Manager for Paranoids [article]

Hannah Li, David Evans
2017 arXiv   pre-print
Vulnerabilities in password managers are unremitting because current designs provide large attack surfaces, both at the client and server.  ...  We describe and evaluate Horcrux, a password manager that is designed holistically to minimize and decentralize trust, while retaining the usability of a traditional password manager.  ...  This work was partially funded by an award from the National Science Foundation (1422332) and gifts from Amazon, Google, and Microsoft.  ... 
arXiv:1706.05085v2 fatcat:akiblnrinbddnci47llln64hoq

Cyber Attack and Defense Emulation Agents

Jeong Do Yoo, Eunji Park, Gyungmin Lee, Myung Kil Ahn, Donghwa Kim, Seongyun Seo, Huy Kang Kim
2020 Applied Sciences  
As the scale of the system and network grows, IT infrastructure becomes more complex and hard to be managed. Many organizations have a serious problem to manage their system and network security.  ...  The blue team agent deploys defense measures to react to the red team agent's attack patterns.  ...  /find' with administrator privilege without a password.  ... 
doi:10.3390/app10062140 fatcat:obfpdkifijfn5etimwr7uw4r6e

Generative Models for Security: Attacks, Defenses, and Opportunities [article]

Luke A. Bauer, Vincent Bindschaedler
2021 arXiv   pre-print
In particular, we discuss the use of generative models in adversarial machine learning, in helping automate or enhance existing attacks, and as building blocks for defenses in contexts such as intrusion  ...  We survey recent research at the intersection of security and privacy and generative models.  ...  For example, generating realistic passwords can help practitioners study password management policies or design defenses for data breaches.  ... 
arXiv:2107.10139v2 fatcat:wjb4dcdpvveztd2h4aretus56a

A Survey on Attacks and Defense Mechanisms in Phishing

2014 International Journal of Research and Applications  
The convenience of online commerce has been embraced by consumers and criminals. Phishing has a negative impact on the economy through financial losses experienced by businesses and consumers.  ...  Phishing is defined as the act of stealing an Individual's Information for the purpose of committing financial fraud and has become a significant criminal activity on the internet [1] .  ...  DEFENSE MECHANISMS IN PHISHING Various techniques are developed to conduct phishing attacks and make them less suspicious.  ... 
doi:10.17812/ijra.1.1(7)2014 fatcat:v74wnw7c4ne3tavbl5vhbqb5ru

A convenient method for securely managing passwords

J. Alex Halderman, Brent Waters, Edward W. Felten
2005 Proceedings of the 14th international conference on World Wide Web - WWW '05  
Unlike previous approaches, our design is both highly resistant to brute force attacks and nearly stateless, allowing users to retrieve their passwords from any location so long as they can execute our  ...  passwords (and the adversary's computational power) increases into the future.  ...  Strengthening Passwords Researchers have long recognized that passwords guarded by one-way functions were vulnerable to brute force attacks, and that those functions should be made slower as a defense.  ... 
doi:10.1145/1060745.1060815 dblp:conf/www/HaldermanWF05 fatcat:7dr4agssofdw5kbyj4xem2rdjy

Department of Defense Password Management Guideline [chapter]

1985 The 'Orange Book' Series  
Wessel and Bernard Peters, Department of Defense, Col. Roger R. Schell, formerly DoDCSC, and James P. Anderson, James P. Anderson & Co, who gave generously of their time and  ...  security management who understand the particular security requirements of their user environment.  ...  INTRODUCTION In August 1983, the DoD Computer Security Center published CSC-STD-001-83, Department of Defense Trusted Computer System Evaluation Criteria.  ... 
doi:10.1007/978-1-349-12020-8_4 fatcat:ngl2tmbnsffqfllruehczfvzt4

Attacks and Defenses in Short-Range Wireless Technologies for IoT

Karim Lounis, Mohammad Zulkernine
2020 IEEE Access  
The paper also provides a taxonomy of these attacks based on a security service-based attack classification and discusses existing security defenses and mechanisms that mitigate certain attacks as well  ...  In this paper, we provide a survey of attacks related to the wireless infrastructures of IoT in general, and to the most used short-range wireless communication technologies in the resource-constrained  ...  password=admin or logname='' '' and password=admin).  ... 
doi:10.1109/access.2020.2993553 fatcat:jtcl7llvy5crjaktwmvchlmcxa

Automated Attack and Defense Framework for 5G Security on Physical and Logical Layers [article]

Zhihong Tian, Yanbin Sun, Shen Su, Mohan Li, Xiaojiang Du, Mohsen Guizani
2019 arXiv   pre-print
This article explores the 5G security by combining the physical layer and the logical layer from the perspective of automated attack and defense, and dedicate to provide automated solution framework for  ...  center to the network edge and from the logical layer to the physical layer.  ...  The quality of the password library and guessing efficiency are two challenges for the password guessing technology.  ... 
arXiv:1902.04009v1 fatcat:3mq3eypokzgmlpyy57ppms4coa
« Previous Showing results 1 — 15 out of 11,671 results