A Novel Verification scheme for Resisting Password Guessing Attacks

2021 IEEE Conference on Dependable and Secure Computing (DSC) Pub Date : 2021-01-30 DOI:10.1109/DSC49826.2021.9346234

Albert Guan, Chia-Mei Chen

{"title":"A Novel Verification scheme for Resisting Password Guessing Attacks","authors":"Albert Guan, Chia-Mei Chen","doi":"10.1109/DSC49826.2021.9346234","DOIUrl":null,"url":null,"abstract":"User name and password are one of the most commonly used authentication mechanisms in information systems and social networks. Strong passwords are secure, but not easy to memorize; users may choose passwords that are easy to remember as well as easy to be compromised. Therefore, online password guessing attacks becomes a major security threat in information systems and social networks. It is a challenge to provide a reliable user authentication solution that allows legitimate access and prevents password guessing attacks. Our preliminary study observed the fact that legal users know what passwords they have chosen, while attackers can only guess what they are. The proposed solution applies information theory and compares the entropy discrepancy between the passwords entered by the user and attacker. The password entropy is calculated by accumulating the frequencies of the entered characters, not the password itself. The experimental results show that, even if the user selects a common password, the proposed authentication method can distinguish between legitimate users and attackers effectively and efficiently.","PeriodicalId":184504,"journal":{"name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC49826.2021.9346234","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

User name and password are one of the most commonly used authentication mechanisms in information systems and social networks. Strong passwords are secure, but not easy to memorize; users may choose passwords that are easy to remember as well as easy to be compromised. Therefore, online password guessing attacks becomes a major security threat in information systems and social networks. It is a challenge to provide a reliable user authentication solution that allows legitimate access and prevents password guessing attacks. Our preliminary study observed the fact that legal users know what passwords they have chosen, while attackers can only guess what they are. The proposed solution applies information theory and compares the entropy discrepancy between the passwords entered by the user and attacker. The password entropy is calculated by accumulating the frequencies of the entered characters, not the password itself. The experimental results show that, even if the user selects a common password, the proposed authentication method can distinguish between legitimate users and attackers effectively and efficiently.

查看原文本刊更多论文

一种新的抗密码猜测攻击验证方案

用户名和密码是信息系统和社交网络中最常用的身份验证机制之一。强密码很安全，但不容易记忆;用户可以选择容易记忆和容易被泄露的密码。因此，在线猜密码攻击已成为信息系统和社交网络的主要安全威胁。提供可靠的用户身份验证解决方案以允许合法访问并防止密码猜测攻击是一项挑战。我们的初步研究发现，合法用户知道自己选择了什么密码，而攻击者只能猜测密码是什么。该方案应用信息论，比较用户和攻击者输入的密码之间的熵差。密码熵是通过累积输入字符的频率来计算的，而不是密码本身。实验结果表明，即使用户选择通用密码，所提出的认证方法也能有效区分合法用户和攻击者。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE Conference on Dependable and Secure Computing (DSC)

自引率

0.00%

发文量