全面评估基于上下文的密码破解对数字取证的益处

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Aikaterini Kanta , Iwen Coisel , Mark Scanlon
{"title":"全面评估基于上下文的密码破解对数字取证的益处","authors":"Aikaterini Kanta ,&nbsp;Iwen Coisel ,&nbsp;Mark Scanlon","doi":"10.1016/j.jisa.2024.103809","DOIUrl":null,"url":null,"abstract":"<div><p>Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password’s strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect’s weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter — however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103809"},"PeriodicalIF":3.8000,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001121/pdfft?md5=4f90fdd3c66acaa8d04f675c1df40be6&pid=1-s2.0-S2214212624001121-main.pdf","citationCount":"0","resultStr":"{\"title\":\"A comprehensive evaluation on the benefits of context based password cracking for digital forensics\",\"authors\":\"Aikaterini Kanta ,&nbsp;Iwen Coisel ,&nbsp;Mark Scanlon\",\"doi\":\"10.1016/j.jisa.2024.103809\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password’s strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect’s weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter — however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.</p></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"84 \",\"pages\":\"Article 103809\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2024-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001121/pdfft?md5=4f90fdd3c66acaa8d04f675c1df40be6&pid=1-s2.0-S2214212624001121-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001121\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001121","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

基于密码的身份验证系统有许多弱点,但仍被大量使用,而且其宣布消失的时间还未确定。系统管理员通过在服务器端巧妙地执行强大的密码策略和合理的密码管理来克服这种缺陷。但归根结底,密码背后的用户仍然要对密码的强度负责。一个错误的选择可能会给用户甚至背后的服务带来严重后果,特别是考虑到关键基础设施。另一方面,执法部门可以从嫌疑人的错误决定中获益,恢复以加密格式存储的数字内容。一般的密码破解程序可以在这方面为执法部门提供支持,但这些方法很快就会显示出其局限性。本文证明,在有背景信息可利用的情况下,可以将更有针对性的方法与传统策略结合使用,以提高成功的可能性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A comprehensive evaluation on the benefits of context based password cracking for digital forensics

Password-based authentication systems have many weaknesses, yet they remain overwhelmingly used and their announced disappearance is still undated. The system admin overcomes the imperfection by skilfully enforcing a strong password policy and sane password management on the server side. But in the end, the user behind the password is still responsible for the password’s strength. A poor choice can have dramatic consequences for the user or even for the service behind, especially considering critical infrastructure. On the other hand, law enforcement can benefit from a suspect’s weak decisions to recover digital content stored in an encrypted format. Generic password cracking procedures can support law enforcement in this matter — however, these approaches quickly demonstrate their limitations. This article proves that more targeted approaches can be used in combination with traditional strategies to increase the likelihood of success when contextual information is available and can be exploited.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信