Cracking Associative Passwords

Helkala, Kirsi; Svendsen, Nils Kalstad; Thorsheim, Per; Wiehe, Anders

doi:10.1007/978-3-642-34210-3_11

Cited by 5 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The use of single words, either alone or together with digits, is a bad habit. However, use of several modified words or use of sentences adds robustness against password cracking (Helkala et al, 2012). Due to the small number of users without guidance in this case, we can conclude only with 90 per cent confidence interval that the users without guidance more often use pure words (38 Ϯ 11 per cent of the respondents without guidance and 21 Ϯ 6 per cent with guidance).…”

Section: Description Of a Good Passwordmentioning

confidence: 74%

Extended results of Norwegian password security survey

Helkala

Bakås²

2014

Information Management &Amp; Computer Security

Self Cite

View full text Add to dashboard Cite

Purpose – The purpose of this paper is to extend the results of a Norwegian password security survey. Research, especially in the early 21st century, has shown that education is needed to change people’s behaviour regarding password generation, management and storage. As our daily routines and duties have become more dependent on electronic services in the last decade, one could think that qualitative education is nowadays given to users. This survey is to verify that assumption. Methodology – A nation-wide demographic survey among employees in Norway with a sample of 1,003 respondents at the ages of 18-64 years was conducted in October 2012. Findings – The results show that the education or proper guidance seldom is given leading to the outdated users’ behaviour. Research limitations – The results of the study are limited to the employed only and they do not explain behaviour of students, teenagers or children. Social implications – During the current year, the results of the study have been discussed several times in national media and, hopefully, have an impact to employees’ behaviour. The results have also been used in the National Security Month campaign in October 2013. Originality/value – The questionnaire itself is not unique. However, the large amount of respondents gives higher value to the results.

show abstract

Section: Description Of a Good Passwordmentioning

confidence: 74%

Extended results of Norwegian password security survey

Helkala

Bakås²

2014

Information Management &Amp; Computer Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…e researches present about some possibilities which can be done to break the password in both ways: offline and online. Moreover, Helkala et al [13] reinforced Venter's research by using small instruments that yielded high impacts. In addition, Pilli et al [14] and Vykopal [15] described other aspects of BFAs regarding taxonomy, multiple approaches, and distributions.…”

Section: Related Workmentioning

confidence: 99%

“…Both of these attacks are illustrated in Figure 1. Meanwhile, online password hacking has been described in [18], and offline hacking research has demonstrated that a number of characters and password combinations greatly influence the length of time required for hacking [13,15]. Overall, all cited investigators stressed that BFAs have real-time capability to actually deduce valid passwords on FTP servers.…”

Section: Related Workmentioning

confidence: 99%

Investigating Brute Force Attack Patterns in IoT Network

Stiawan

Idris

Malik

et al. 2019

Journal of Electrical and Computer Engineering

View full text Add to dashboard Cite

Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.

show abstract