Undetectable on-line password guessing attacks

Ding, Yunpeng; Horster, Patrick

doi:10.1145/219282.219298

Cited by 226 publications

(130 citation statements)

References 7 publications

Supporting

Mentioning

129

Contrasting

Unclassified

Order By: Relevance

“…Unfortunately, users prefer usability, thus choosing memorable passwords that are easy to recall [12], but easy to recover with dictionary attacks [15]. The proliferation of smartphones made other authentication mechanisms popular, e.g.…”

Section: Related Workmentioning

confidence: 99%

Exploring the Adoption of Physical Security Controls in Smartphones

Alshammari

Mylonas

Sedky

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user's data from unauthorized physical access. We conducted a survey to measure their adoption and the reasons behind users' selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access.

show abstract

Section: Related Workmentioning

confidence: 99%

Exploring the Adoption of Physical Security Controls in Smartphones

Alshammari

Mylonas

Sedky

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…As it is simple for the users to remember the passwords, password based key exchange protocol achieved greater attention. Even though the protocol is simple and efficient, according to Ding and Horster [2], it should not be vulnerable to any type of off line, undetectable or detectable on line password guessing attacks, since the passwords are of low-entropy. In general the password guessing attacks can be divided into three classes and they are listed below:…”

Section: Introductionmentioning

confidence: 99%

Impersonation Attack on Eke Protocol

Tallapally¹

2010

IJNSA

View full text Add to dashboard Cite

show abstract

“…From this point of view, PAKE provides convenience and mobility. Password-based authenticated key exchange protocols, however, are vulnerable to password guessing attacks [3] since users usually choose easy-to-remember passwords. Unlike typical private keys, the password has limited entropy, and is constrained by the memory of the user.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis on a Three Party Key Exchange Protocol-STPKE'

Tallapally¹,

Padmavathy²

2010

Journal of Information Processing Systems

View full text Add to dashboard Cite

Abstract-In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE' protocol has been proposed by Kim and Choi. An undetectable online password guessing attack on STPKE' protocol is presented in the current study. An alternative protocol to overcome undetectable online password guessing attacks is proposed. The results show that the proposed protocol can resist undetectable online password guessing attacks. Additionally, it achieves the same security level with reduced random numbers and without XOR operations. The computational efficiency is improved by ≈ 30% for problems of size ≈ 2048 bits. The proposed protocol is achieving better performance efficiency and withstands password guessing attacks. The results show that the proposed protocol is secure, efficient and practical.

show abstract

Undetectable on-line password guessing attacks

Cited by 226 publications

References 7 publications

Exploring the Adoption of Physical Security Controls in Smartphones

Exploring the Adoption of Physical Security Controls in Smartphones

Impersonation Attack on Eke Protocol

Cryptanalysis on a Three Party Key Exchange Protocol-STPKE'

Contact Info

Product

Resources

About