Using Personal Information for Targeted Attacks in Grammar based Probabilistic Password Cracking
نویسندگان
چکیده
Passwords continue to be the primary means of authentication and security for online accounts and use in encrypting files and disks. The goal of this paper is to show how knowledge of personal information about a user can systematically be added to improve a password cracking task. In this paper we focus on the dictionary-based probabilistic context-free grammar (PCFG) approach to password cracking that trains on revealed password sets and then uses the learned grammar to generate guesses in optimal probability order. We show that we can effectively incorporate personal information about a target into the PCFG password cracking system in a very straight forward manner to assist in a targeted attack. We first develop a mathematical model of merging multiple grammars that combines the characteristics of the component grammars. Then we show how various component grammars and dictionaries can be derived using personal information about the target. The component grammars model various types of personal information such as family names and dates, previous password information, and possible information about sequential passwords known. The resulting merged target grammar (also merged with a standard grammar) and various target dictionaries generates guesses that more quickly match the target’s password when personal information is used. Our results show that the password cracking is significantly improved using our approach. Furthermore, our software system is a separate module that can directly be used with the PCFG system since it does not modify the original code.
منابع مشابه
Probabilistic Context-Free Grammar Based Password Cracking: Attack, Defense and Applications
متن کامل
When Privacy meets Security: Leveraging personal information for password cracking
Passwords are widely used for user authentication and, despite their weaknesses, will likely remain in use in the foreseeable future. Human-generated passwords typically have a rich structure, which makes them susceptible to guessing attacks. In this paper, we study the effectiveness of guessing attacks based on Markov models. Our contributions are two-fold. First, we propose a novel password c...
متن کاملPoster: An Analysis of Targeted Password Guessing Using Neural Networks
Text-based passwords, dominant mechanism of authentication nowadays, are vulnerable to malicious attackers. Even though not recommended, users tend to use personal information (PI) when create passwords. Only a few studies have researched targeted password guessing, in which attackers guess passwords by utilizing users’ PI. We propose TPGXNN, a framework that uses neural networks (NN) in target...
متن کاملFast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
Human-chosen text passwords, today’s dominant form of authentication, are vulnerable to guessing attacks. Unfortunately, existing approaches for evaluating password strength by modeling adversarial password guessing are either inaccurate or orders of magnitude too large and too slow for real-time, client-side password checking. We propose using artificial neural networks to model text passwords...
متن کاملSecurity Issues in Smart Card Based Password Authentication Scheme
To secure information from unauthorized access, various authentication schemes have been deployed. Among these, password based authentication schemes using smart card are widely used for various applications such as remote user login, online banking, ID verification, access control and e-commerce. It provides mutual authentication between user and server. However, previous schemes are vulnerabl...
متن کامل