SlideShare a Scribd company logo

Honeywords

S
Sreya Sridhar PP

This document proposes a new approach to generating honeywords (fake passwords) to detect password cracking. Instead of generating fake passwords, it uses passwords from existing user accounts. When a user registers, the system selects fake passwords from other accounts and stores their indices along with the real password index. During login, if the entered password does not match the real one, it checks the stored indices to see if it matches a fake password. This reduces storage costs compared to storing fake passwords and makes cracking harder by utilizing real passwords. The document compares this approach to previous honeyword generation methods.

Data & Analytics
1 of 26
Download to read offline
Achieving Flatness: Selecting the Honeywords from Existing User Passwords SREYA SRIDHAR P.P 9 November 2017 SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 1 / 26
CONTENTS 1 Introduction 2 Honeyword generation algorithm Honeyword generation algorithm (k) 3 Honeyword Generation Methods Security Analysis of honeywords 4 A NEW APPROACH 1.Initialization 2.Registration 3.Honeychecker 4.Login Process 5 Future Work 6 Conclusions 7 References SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 2 / 26
Introduction Leaked password causes many cyber attacks. Password file is stolen using password cracking technique. Devlope a methode to detect a password file disclousure. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 3 / 26
Honey Words Fake passwords are stored with real passwords. Detect incorrect password login attempt and cracked file. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 4 / 26
Honeyword generation algorithm (k) Input : k as the number of sweetwords Outputs: both the password list and ci , where ci is the index of the correct password SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 5 / 26
Honeyword generation algorithm (k)[Cond..] The username and the hashes of the sweetwords as [ ui,(v1,....vk)] tuple is kept in the database of the main server. ci is stored in another server called as honeychecker. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 6 / 26
Login procedure 1.User ui enters a password g to login to the system. 2.Server firstly checks whether or not H(g) is in list Vi . If not, then login is denied. 3.Otherwise system checks to verify if it is a honey word or the correct password. 4.Let v(i, j) = H(g). Then j value is delivered to the honeychecker in an authenticated secure communication. 5.The honeychecker checks whether j = c i or not. If the equality holds, it returns a TRUE value, other wise it responses FALSE and may raise an alarm depending on security policy of the system. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 7 / 26
Flatness of Gen() It measures the chance of an adversary in picking the correct password. If the algorithm is not flat enough, the real password stands out from the remaining fake password. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 8 / 26
Honeyword Generation Methods The honeyword generation methods are categorized into two groups. 1.the legacy-UI (user interface) procedures. 2.modified-UI procedures (Take-a-tail method) SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 9 / 26
1.Chaffing-by-tweaking Generator algorithm Gen(k, t). Eg: t=3 and password is “ 52galaxy ” The generated honey words are 40galaxy,69galaxy etc.. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 10 / 26
2.Chaffing-with-a-password-model 1.Modeling syntax In this model the password is splitted into character sets. 2.Simple model Generates honeywords through a password list. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 11 / 26
3.Chaffing with ”Tough Nuts” The system intentionally injects some special honeywords, named as tough nuts. Eg: ’9,50PEe[KV.0?RIOtcL-:IJ”b+Wol¡*]! NWT/pb’. Inverting hash values of those words is computationally infeasible. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 12 / 26
4.Hybrid Method Combining the chaffing-with-a-password-model and chaffing-by-tweaking digits. happy9679 apple1422 angel2656 happy9757 apple1903 angel2036 happy9743 apple1172 angel2849 Happy9392 apple1792 angel2562 SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 13 / 26
Security Analysis of honeywords 1.Denial-of-service Attack 2.Brute-force Attack 3.Choosing Policy SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 14 / 26
A NEW APPROACH Our proposed model is still based on use of honeyword. Instead of generating the honeywords and storing them, benefit from existing passwords to simulate honeywords. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 15 / 26
1.Initialization 1. T user accounts are created. 2.For each account a honeyindex set is built like Xi =(x1 , x2 , . . . , xk ) 3.One of the elements in X i is the correct index (sugarindex) as ci . SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 16 / 26
Password files F1 and F2 Figure: Example Password File F2 for the proposed Model SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 17 / 26
2.Registration 1.Generator algorithm Gen(k, S I ) Produce ci , Xi 2.Outputs includes ci as the correct index for ui Xi = (x1 , x2 , . . . , xk ) as honeyindexes. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 18 / 26
3.Honeychecker 1.Honeychecker store correct indexes for each account. 2.It communicates with the main server through a secure channel. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 19 / 26
4.Login Process 1.System firstly checks whether entered password, g is correct for ui. 2.If a match is not obtained g is neither the correct password nor one of the honeywords, i.e. login fails. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 20 / 26
SECURITY A NALYSIS OF THE PROPOSED MODEL 1.DoS Attack 2. Password Guessing 3. Brute-force Attack 4. Same User in Multiple Systems SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 21 / 26
COMPARISON OF HONEYWORD GENERATION MODELS 1.DoS Resistance 2.Storage Cost 3.Flatness 4.Usability SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 22 / 26
COMPARISON OF HONEYWORD GENERATION MODELS Figure: Comparison of honeyword generation model SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 23 / 26
Future WORK Refine this model by involving hybrid generation algorithm to make the total hash inversion function harder. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 24 / 26
Conclusions We have analyzed the security of the honeyword system . The honeyword system directly depends on the generation algorithm. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 25 / 26
References 1.A. Juels and R. L. Rivest, “Honeywords: Making Password-cracking Detectable,” in Proceedings of the 2013 ACM SIGSACConference on Computer Communications Security, ser. CCS’13. New York, NY, USA: ACM, 2013, pp. 145–160. [Online].Available: http://doi.acm.org/10.1145/2508859.2516671 2.M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek, “Password Cracking Using Probabilistic Context-Free Grammars,” in Security and Privacy, 30th IEEE Symposium on. IEEE, 2009, pp. 391–405. 3.P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas,L. Bauer, N. Christin, L. F. Cranor, and J. Lopez, “Guess again (and gain and again): Measuring Password Strength by SimulatingPassword-cracking Algorithms,” in Security and Privacy (SP), 2012IEEE Symposium on. IEEE, 2012, pp. 523–537. 4.[21] A. Pathak, “An Analysis of Various Tools, Methods and Systems to Generate Fake Accounts for Social Media,” Ph.D. dissertation,Northeastern University Boston, 2014 SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 26 / 26

Recommended

Honey Encryption
Honey EncryptionHoney Encryption
Honey Encryptionshiriskumar
 
Raspberry-Pi
Raspberry-PiRaspberry-Pi
Raspberry-PiRehan Fazal
 
Unidade 1.2. areas de aplicacao das tic
Unidade 1.2. areas de aplicacao das ticUnidade 1.2. areas de aplicacao das tic
Unidade 1.2. areas de aplicacao das tichenriquecorreiosapo
 
ESP32 IoT presentation @ dev.bg
ESP32 IoT presentation @ dev.bgESP32 IoT presentation @ dev.bg
ESP32 IoT presentation @ dev.bgMartin Harizanov
 
A seminar report on Raspberry Pi
A seminar report on Raspberry PiA seminar report on Raspberry Pi
A seminar report on Raspberry Pinipunmaster
 
Introduction to Raspberry PI
Introduction to Raspberry PIIntroduction to Raspberry PI
Introduction to Raspberry PIChandrashekar Babu
 
Honey encryption
Honey encryption Honey encryption
Honey encryption SahadebBarman
 
Introdução a Sistemas Embarcados com Arduino - mini-curso
Introdução a Sistemas Embarcados com Arduino - mini-cursoIntrodução a Sistemas Embarcados com Arduino - mini-curso
Introdução a Sistemas Embarcados com Arduino - mini-cursoFelipe Martins
 

Recommended

Honey Encryption
Honey EncryptionHoney Encryption
Honey Encryptionshiriskumar
 
Raspberry-Pi
Raspberry-PiRaspberry-Pi
Raspberry-PiRehan Fazal
 
Unidade 1.2. areas de aplicacao das tic
Unidade 1.2. areas de aplicacao das ticUnidade 1.2. areas de aplicacao das tic
Unidade 1.2. areas de aplicacao das tichenriquecorreiosapo
 
ESP32 IoT presentation @ dev.bg
ESP32 IoT presentation @ dev.bgESP32 IoT presentation @ dev.bg
ESP32 IoT presentation @ dev.bgMartin Harizanov
 
A seminar report on Raspberry Pi
A seminar report on Raspberry PiA seminar report on Raspberry Pi
A seminar report on Raspberry Pinipunmaster
 
Introduction to Raspberry PI
Introduction to Raspberry PIIntroduction to Raspberry PI
Introduction to Raspberry PIChandrashekar Babu
 
Honey encryption
Honey encryption Honey encryption
Honey encryption SahadebBarman
 
Introdução a Sistemas Embarcados com Arduino - mini-curso
Introdução a Sistemas Embarcados com Arduino - mini-cursoIntrodução a Sistemas Embarcados com Arduino - mini-curso
Introdução a Sistemas Embarcados com Arduino - mini-cursoFelipe Martins
 
Raspberry Pi Presentation
Raspberry Pi PresentationRaspberry Pi Presentation
Raspberry Pi PresentationGeekizer
 
Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)deepu427
 
Raspberry-Pi
Raspberry-PiRaspberry-Pi
Raspberry-PiChristophe Porchet
 
APLICAÇÃO DAS TIC
APLICAÇÃO DAS TICAPLICAÇÃO DAS TIC
APLICAÇÃO DAS TICbamp
 
Système WB pour un renfort à la traction perpendiculaire
Système WB pour un renfort à la traction perpendiculaireSystème WB pour un renfort à la traction perpendiculaire
Système WB pour un renfort à la traction perpendiculaireSFS intec
 
Apostila de hardware
Apostila de hardwareApostila de hardware
Apostila de hardwareJailson Torquato
 
Machine learning
Machine learningMachine learning
Machine learningTushar Nikam
 
Aula 4 - História e evolução dos Computadores
Aula 4 - História e evolução dos ComputadoresAula 4 - História e evolução dos Computadores
Aula 4 - História e evolução dos ComputadoresVitor Hugo Melo Araújo
 
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU Artivatic.ai
 
Arduino introdução - 10 projectos
Arduino introdução - 10 projectosArduino introdução - 10 projectos
Arduino introdução - 10 projectosDaniel Chavier
 
Palestra: Robótica com Arduino
Palestra: Robótica com ArduinoPalestra: Robótica com Arduino
Palestra: Robótica com ArduinoFelipe Martins
 
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e PythonCriação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e PythonLeandro Mendes Ferreira
 
Evolução dos computadores
Evolução dos computadoresEvolução dos computadores
Evolução dos computadoresSilvanery2012
 
Placa-Mãe
Placa-Mãe Placa-Mãe
Placa-Mãe Evandro Júnior
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduinoelliando dias
 
Ultimaker's Future Strategy
Ultimaker's Future StrategyUltimaker's Future Strategy
Ultimaker's Future StrategyMartijn Stolk
 
Presentation on Raspberry pi
Presentation on Raspberry piPresentation on Raspberry pi
Presentation on Raspberry piOpenDev
 
quantumcrypto
quantumcryptoquantumcrypto
quantumcryptonit jalandhar
 
Organizacao e estrutura de Computadores
Organizacao e estrutura de ComputadoresOrganizacao e estrutura de Computadores
Organizacao e estrutura de ComputadoresSuzana Viana Mota
 
5˚ E 6˚ GERAÇÃO de Computadores.pptx
5˚ E 6˚ GERAÇÃO de Computadores.pptx5˚ E 6˚ GERAÇÃO de Computadores.pptx
5˚ E 6˚ GERAÇÃO de Computadores.pptxTriceCarter
 
Honey words
Honey wordsHoney words
Honey wordsSreya Sridhar PP
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
 

More Related Content

What's hot

Raspberry Pi Presentation
Raspberry Pi PresentationRaspberry Pi Presentation
Raspberry Pi PresentationGeekizer
 
Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)deepu427
 
APLICAÇÃO DAS TIC
APLICAÇÃO DAS TICAPLICAÇÃO DAS TIC
APLICAÇÃO DAS TICbamp
 
Système WB pour un renfort à la traction perpendiculaire
Système WB pour un renfort à la traction perpendiculaireSystème WB pour un renfort à la traction perpendiculaire
Système WB pour un renfort à la traction perpendiculaireSFS intec
 
Aula 4 - História e evolução dos Computadores
Aula 4 - História e evolução dos ComputadoresAula 4 - História e evolução dos Computadores
Aula 4 - História e evolução dos ComputadoresVitor Hugo Melo Araújo
 
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU Artivatic.ai
 
Arduino introdução - 10 projectos
Arduino introdução - 10 projectosArduino introdução - 10 projectos
Arduino introdução - 10 projectosDaniel Chavier
 
Palestra: Robótica com Arduino
Palestra: Robótica com ArduinoPalestra: Robótica com Arduino
Palestra: Robótica com ArduinoFelipe Martins
 
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e PythonCriação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e PythonLeandro Mendes Ferreira
 
Evolução dos computadores
Evolução dos computadoresEvolução dos computadores
Evolução dos computadoresSilvanery2012
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduinoelliando dias
 
Ultimaker's Future Strategy
Ultimaker's Future StrategyUltimaker's Future Strategy
Ultimaker's Future StrategyMartijn Stolk
 
Presentation on Raspberry pi
Presentation on Raspberry piPresentation on Raspberry pi
Presentation on Raspberry piOpenDev
 
Organizacao e estrutura de Computadores
Organizacao e estrutura de ComputadoresOrganizacao e estrutura de Computadores
Organizacao e estrutura de ComputadoresSuzana Viana Mota
 
5˚ E 6˚ GERAÇÃO de Computadores.pptx
5˚ E 6˚ GERAÇÃO de Computadores.pptx5˚ E 6˚ GERAÇÃO de Computadores.pptx
5˚ E 6˚ GERAÇÃO de Computadores.pptxTriceCarter
 

What's hot (20)

Raspberry Pi Presentation
Raspberry Pi PresentationRaspberry Pi Presentation
Raspberry Pi Presentation
 
Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)
 
Raspberry-Pi
Raspberry-PiRaspberry-Pi
Raspberry-Pi
 
APLICAÇÃO DAS TIC
APLICAÇÃO DAS TICAPLICAÇÃO DAS TIC
APLICAÇÃO DAS TIC
 
Système WB pour un renfort à la traction perpendiculaire
Système WB pour un renfort à la traction perpendiculaireSystème WB pour un renfort à la traction perpendiculaire
Système WB pour un renfort à la traction perpendiculaire
 
Apostila de hardware
Apostila de hardwareApostila de hardware
Apostila de hardware
 
Machine learning
Machine learningMachine learning
Machine learning
 
Aula 4 - História e evolução dos Computadores
Aula 4 - História e evolução dos ComputadoresAula 4 - História e evolução dos Computadores
Aula 4 - História e evolução dos Computadores
 
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
Natural Language Processing in Artificial Intelligence - Codeup #5 - PayU
 
Arduino introdução - 10 projectos
Arduino introdução - 10 projectosArduino introdução - 10 projectos
Arduino introdução - 10 projectos
 
Palestra: Robótica com Arduino
Palestra: Robótica com ArduinoPalestra: Robótica com Arduino
Palestra: Robótica com Arduino
 
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e PythonCriação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
Criação de Data Warehouse em Banco de Dados NoSQL com Cassandra, Spark e Python
 
Evolução dos computadores
Evolução dos computadoresEvolução dos computadores
Evolução dos computadores
 
Placa-Mãe
Placa-Mãe Placa-Mãe
Placa-Mãe
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduino
 
Ultimaker's Future Strategy
Ultimaker's Future StrategyUltimaker's Future Strategy
Ultimaker's Future Strategy
 
Presentation on Raspberry pi
Presentation on Raspberry piPresentation on Raspberry pi
Presentation on Raspberry pi
 
quantumcrypto
quantumcryptoquantumcrypto
quantumcrypto
 
Organizacao e estrutura de Computadores
Organizacao e estrutura de ComputadoresOrganizacao e estrutura de Computadores
Organizacao e estrutura de Computadores
 
5˚ E 6˚ GERAÇÃO de Computadores.pptx
5˚ E 6˚ GERAÇÃO de Computadores.pptx5˚ E 6˚ GERAÇÃO de Computadores.pptx
5˚ E 6˚ GERAÇÃO de Computadores.pptx
 

Similar to Honeywords

Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
 
Honeywords for Password Security and Management
Honeywords for Password Security and ManagementHoneywords for Password Security and Management
Honeywords for Password Security and ManagementIRJET Journal
 
Managing Your Risks – The Problem of Passwords
Managing Your Risks – The Problem of PasswordsManaging Your Risks – The Problem of Passwords
Managing Your Risks – The Problem of PasswordsPECB
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
I Forgot Your Password: Breaking Modern Password Recovery Systems
I Forgot Your Password: Breaking Modern Password Recovery SystemsI Forgot Your Password: Breaking Modern Password Recovery Systems
I Forgot Your Password: Breaking Modern Password Recovery SystemsPriyanka Aash
 

Similar to Honeywords (8)

Honey words
Honey wordsHoney words
Honey words
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for Developers
 
Honeywords for Password Security and Management
Honeywords for Password Security and ManagementHoneywords for Password Security and Management
Honeywords for Password Security and Management
 
Jc2516111615
Jc2516111615Jc2516111615
Jc2516111615
 
Jc2516111615
Jc2516111615Jc2516111615
Jc2516111615
 
Managing Your Risks – The Problem of Passwords
Managing Your Risks – The Problem of PasswordsManaging Your Risks – The Problem of Passwords
Managing Your Risks – The Problem of Passwords
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
 
I Forgot Your Password: Breaking Modern Password Recovery Systems
I Forgot Your Password: Breaking Modern Password Recovery SystemsI Forgot Your Password: Breaking Modern Password Recovery Systems
I Forgot Your Password: Breaking Modern Password Recovery Systems
 

Recently uploaded

一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单vcaxypu
 
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPsWebinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPsCEPTES Software Inc
 
Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...
Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...
Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...Domenico Conte
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单enxupq
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhArpitMalhotra16
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单ocavb
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP
 
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单nscud
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundOppotus
 
Using PDB Relocation to Move a Single PDB to Another Existing CDB
Using PDB Relocation to Move a Single PDB to Another Existing CDBUsing PDB Relocation to Move a Single PDB to Another Existing CDB
Using PDB Relocation to Move a Single PDB to Another Existing CDBAlireza Kamrani
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单ewymefz
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单ewymefz
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单vcaxypu
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单enxupq
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .NABLAS株式会社
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单ewymefz
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单ewymefz
 
Supply chain analytics to combat the effects of Ukraine-Russia-conflict
Supply chain analytics to combat the effects of Ukraine-Russia-conflictSupply chain analytics to combat the effects of Ukraine-Russia-conflict
Supply chain analytics to combat the effects of Ukraine-Russia-conflictJack Cole
 
Uber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis ReportUber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis ReportSatyamNeelmani2
 

Recently uploaded (20)

一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
 
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPsWebinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
 
Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...
Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...
Professional Data Engineer Certification Exam Guide  _  Learn  _  Google Clou...
 
Slip-and-fall Injuries: Top Workers' Comp Claims
Slip-and-fall Injuries: Top Workers' Comp ClaimsSlip-and-fall Injuries: Top Workers' Comp Claims
Slip-and-fall Injuries: Top Workers' Comp Claims
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
 
一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单一比一原版(TWU毕业证)西三一大学毕业证成绩单
一比一原版(TWU毕业证)西三一大学毕业证成绩单
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
一比一原版(CBU毕业证)卡普顿大学毕业证成绩单
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
Using PDB Relocation to Move a Single PDB to Another Existing CDB
Using PDB Relocation to Move a Single PDB to Another Existing CDBUsing PDB Relocation to Move a Single PDB to Another Existing CDB
Using PDB Relocation to Move a Single PDB to Another Existing CDB
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
一比一原版(RUG毕业证)格罗宁根大学毕业证成绩单
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
Supply chain analytics to combat the effects of Ukraine-Russia-conflict
Supply chain analytics to combat the effects of Ukraine-Russia-conflictSupply chain analytics to combat the effects of Ukraine-Russia-conflict
Supply chain analytics to combat the effects of Ukraine-Russia-conflict
 
Uber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis ReportUber Ride Supply Demand Gap Analysis Report
Uber Ride Supply Demand Gap Analysis Report
 

Honeywords

  • 1. Achieving Flatness: Selecting the Honeywords from Existing User Passwords SREYA SRIDHAR P.P 9 November 2017 SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 1 / 26
  • 2. CONTENTS 1 Introduction 2 Honeyword generation algorithm Honeyword generation algorithm (k) 3 Honeyword Generation Methods Security Analysis of honeywords 4 A NEW APPROACH 1.Initialization 2.Registration 3.Honeychecker 4.Login Process 5 Future Work 6 Conclusions 7 References SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 2 / 26
  • 3. Introduction Leaked password causes many cyber attacks. Password file is stolen using password cracking technique. Devlope a methode to detect a password file disclousure. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 3 / 26
  • 4. Honey Words Fake passwords are stored with real passwords. Detect incorrect password login attempt and cracked file. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 4 / 26
  • 5. Honeyword generation algorithm (k) Input : k as the number of sweetwords Outputs: both the password list and ci , where ci is the index of the correct password SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 5 / 26
  • 6. Honeyword generation algorithm (k)[Cond..] The username and the hashes of the sweetwords as [ ui,(v1,....vk)] tuple is kept in the database of the main server. ci is stored in another server called as honeychecker. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 6 / 26
  • 7. Login procedure 1.User ui enters a password g to login to the system. 2.Server firstly checks whether or not H(g) is in list Vi . If not, then login is denied. 3.Otherwise system checks to verify if it is a honey word or the correct password. 4.Let v(i, j) = H(g). Then j value is delivered to the honeychecker in an authenticated secure communication. 5.The honeychecker checks whether j = c i or not. If the equality holds, it returns a TRUE value, other wise it responses FALSE and may raise an alarm depending on security policy of the system. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 7 / 26
  • 8. Flatness of Gen() It measures the chance of an adversary in picking the correct password. If the algorithm is not flat enough, the real password stands out from the remaining fake password. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 8 / 26
  • 9. Honeyword Generation Methods The honeyword generation methods are categorized into two groups. 1.the legacy-UI (user interface) procedures. 2.modified-UI procedures (Take-a-tail method) SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 9 / 26
  • 10. 1.Chaffing-by-tweaking Generator algorithm Gen(k, t). Eg: t=3 and password is “ 52galaxy ” The generated honey words are 40galaxy,69galaxy etc.. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 10 / 26
  • 11. 2.Chaffing-with-a-password-model 1.Modeling syntax In this model the password is splitted into character sets. 2.Simple model Generates honeywords through a password list. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 11 / 26
  • 12. 3.Chaffing with ”Tough Nuts” The system intentionally injects some special honeywords, named as tough nuts. Eg: ’9,50PEe[KV.0?RIOtcL-:IJ”b+Wol¡*]! NWT/pb’. Inverting hash values of those words is computationally infeasible. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 12 / 26
  • 13. 4.Hybrid Method Combining the chaffing-with-a-password-model and chaffing-by-tweaking digits. happy9679 apple1422 angel2656 happy9757 apple1903 angel2036 happy9743 apple1172 angel2849 Happy9392 apple1792 angel2562 SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 13 / 26
  • 14. Security Analysis of honeywords 1.Denial-of-service Attack 2.Brute-force Attack 3.Choosing Policy SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 14 / 26
  • 15. A NEW APPROACH Our proposed model is still based on use of honeyword. Instead of generating the honeywords and storing them, benefit from existing passwords to simulate honeywords. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 15 / 26
  • 16. 1.Initialization 1. T user accounts are created. 2.For each account a honeyindex set is built like Xi =(x1 , x2 , . . . , xk ) 3.One of the elements in X i is the correct index (sugarindex) as ci . SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 16 / 26
  • 17. Password files F1 and F2 Figure: Example Password File F2 for the proposed Model SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 17 / 26
  • 18. 2.Registration 1.Generator algorithm Gen(k, S I ) Produce ci , Xi 2.Outputs includes ci as the correct index for ui Xi = (x1 , x2 , . . . , xk ) as honeyindexes. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 18 / 26
  • 19. 3.Honeychecker 1.Honeychecker store correct indexes for each account. 2.It communicates with the main server through a secure channel. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 19 / 26
  • 20. 4.Login Process 1.System firstly checks whether entered password, g is correct for ui. 2.If a match is not obtained g is neither the correct password nor one of the honeywords, i.e. login fails. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 20 / 26
  • 21. SECURITY A NALYSIS OF THE PROPOSED MODEL 1.DoS Attack 2. Password Guessing 3. Brute-force Attack 4. Same User in Multiple Systems SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 21 / 26
  • 22. COMPARISON OF HONEYWORD GENERATION MODELS 1.DoS Resistance 2.Storage Cost 3.Flatness 4.Usability SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 22 / 26
  • 23. COMPARISON OF HONEYWORD GENERATION MODELS Figure: Comparison of honeyword generation model SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 23 / 26
  • 24. Future WORK Refine this model by involving hybrid generation algorithm to make the total hash inversion function harder. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 24 / 26
  • 25. Conclusions We have analyzed the security of the honeyword system . The honeyword system directly depends on the generation algorithm. SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 25 / 26
  • 26. References 1.A. Juels and R. L. Rivest, “Honeywords: Making Password-cracking Detectable,” in Proceedings of the 2013 ACM SIGSACConference on Computer Communications Security, ser. CCS’13. New York, NY, USA: ACM, 2013, pp. 145–160. [Online].Available: http://doi.acm.org/10.1145/2508859.2516671 2.M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek, “Password Cracking Using Probabilistic Context-Free Grammars,” in Security and Privacy, 30th IEEE Symposium on. IEEE, 2009, pp. 391–405. 3.P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas,L. Bauer, N. Christin, L. F. Cranor, and J. Lopez, “Guess again (and gain and again): Measuring Password Strength by SimulatingPassword-cracking Algorithms,” in Security and Privacy (SP), 2012IEEE Symposium on. IEEE, 2012, pp. 523–537. 4.[21] A. Pathak, “An Analysis of Various Tools, Methods and Systems to Generate Fake Accounts for Social Media,” Ph.D. dissertation,Northeastern University Boston, 2014 SREYA SRIDHAR P.P Achieving Flatness: Selecting the Honeywords from Existing User Passwords9 November 2017 26 / 26