Strategie distribuovaného lámání hesel / Strategies for Distributed Password Cracking

Večeřa, Vojtěch

January 2019

This thesis introduces viable password recovery tools and their categories as well as the technologies and hardware commonly used in this field of informatics. It follows by an overview of the available benchmarking tools for the given hardware. Thesis later contains a description of the custom benchmarking process targeting the aspects of interest. Later, the thesis moves to a distributed system FITcrack as it proposes and experimentally implements new features. The thesis finishes by comparison of the additions against the original state and highlights the areas of improvement.

Útoky pomocí programu Cain & Abel / Network attacks by Cain & Abel

Smékal, Lukáš

January 2010

This Master’s thesis is dealt in the local area network security, cryptographic algorithms, particular attacks on computer networks a practical application these attacks in local area networks. To application particular attacks is used the Cain & Abel program. The detailed manual for this program is created from the results of these attacks. This manual contains the exhibits of usage particular program tools and the attack application exhibits. This manual considers consequences of particular attacks and summarises achieved results during work with tools too. Master thesis closely deals with one of the program tools called RSA SecureID Token Calculator. Authentication via hardware tokens is contained in this Master thesis. Thesis contains the way of authentication using RSA SecureID Token Calculator without physical owning of the hardware token. Cain & Abel program shows and interprets why cashed passwords in operation system are dangerous and it shows methods how attacker can reveal this passwords from the operation system memory. This Master thesis is focused on sniffing credentials and passwords in local area networks and it is focused on cryptographic algorithms cracking for username and passwords revealing.

Obnova hesel v distribuovaném prostředí / Password Recovery in Distributed Environment

Kos, Ondřej

January 2016

The goal of this thesis is to design and implement a framework allowing password recovery in a distributed environment. The research is therefore focused on analyzing the security of passwords, techniques used for attacks on them and also presents methods preventing attacks on passwords. Described is the Wrathion tool which is allowing password recovery using acceleration on graphic cards through the integration of OpenCL framework. Conducted is also an analysis of available environments providing means to run computing tasks on multiple devices, based on which the OpenMPI platform is chosen for extending Wrathion. Disclosed are various modifications and added components, and the entire system is also subjected to experiments aiming at the measuring of scalability and network traffic performance. The financial side of the use of Wrathion tool is also discussed in terms of its usability in cloud based distributed environment.

Managing Two-Factor Authentication Setup Through Password Managers

Dutson, Jonathan William

09 April 2020

Two-factor authentication (2FA) provides online accounts with protection against remote account compromise. Despite the security benefits, adoption of 2FA has remained low, in part due to poor usability. We explore the possibility of improving the usability of the 2FA setup process by providing setup automation through password managers. We create a proof-of-concept KeePass (a popular password manager) extension that adds browser-based automation to the 2FA setup process and conduct a 30-participant within-subjects user study to measure user perceptions about the system. Our system is found to be significantly more usable than the current manual method of 2FA setup for multiple online accounts, with our system receiving an average SUS score of ‘A’ while the manual setup method received an average score of ‘D’. We conduct a meta-analysis of some of the most common methods of 2FA used by websites today and propose a web API that could increase the speed, ease, and scalability of 2FA setup automation. Our threat analysis suggests that using password managers for 2FA automation can be implemented without introducing significant security risks to the process. The promising results from our user study and analysis indicate that password managers have strong potential for improving the usability of 2FA setup.

security

usable security

two-factor authentication

2FA

password managers

automation

usability

Physical Sciences and Mathematics

Nepoučitelní uživatelé: příčiny (ne)bezpečných hesel / Careless society: Drivers of (un)secure passwords

Nedvěd, Vojtěch

January 2021

Careless Society: Drivers of (Un)Secure Passwords Thesis abstract Vojtěch Nedvěd May 2, 2021 Vulnerabilities related to poor cybersecurity are a dangerous global economic issue. This thesis aims to explain two examples of poor password management. First, why users use similar password and username and second, why they reuse their passwords, as the main drivers of this behaviour are unknown. We examined the effects of selected macroeconomic variables, gender, password length and password complexity. Additionally, this thesis suggest how to estimate sentiment in passwords using models build on Twitter posts. The results are verified on large password data, including password leaks from recent years. There are four main findings. First, a higher cybersecurity index and diversity of a password seem to be related to the lower similarity between a username and a password. Second, it seems that there are structural differences between countries and languages. Third, the sentiment seems to be a significant determinant too. Fourth, password reuse seems to be positively affected by the cybersecurity level. The thesis contributes to the study of password management. It proposes how to model the relationship, derive the data, split the passwords into words, model the sentiment of passwords, what variables might be...

Universal Cycles of Classes of Restricted Words

Leitner, Arielle, Godbole, Anant P.

06 December 2010

It is well known that Universal cycles (U-cycles) of k-letter words on an n-letter alphabet exist for all k and n. In this paper, we prove that Universal cycles exist for several restricted classes of words, including non-bijections, "equitable" words (under suitable restrictions), ranked permutations, and "passwords". In each case, proving the connectedness of the underlying de Bruijn digraph is a non-trivial step.

De Bruijn digraph

equitable word

graph connectedness

ordered bell number

password

universal cycle

Mathematics and Statistics

A Qualitative Exploration of the Security Practices of Registered Nurses

Savage, Beth Ann

01 January 2017

Increased breach occurrences in healthcare cause concern for health information as reported by the Federal Government. Significant effort, regulations, and safeguards are in place to protect the systems used in the healthcare industry. Employee handling of security remains an area of vulnerability related to security protocols. The unified theory of acceptance and usage of technology (UTAUT) served as the model for this qualitative exploratory study with the purpose of understanding registered nurse (RN) perceptions and lived experiences related to IT security. Face-to-face interviews were conducted with 20 participants from the Three Rivers Chapter American Association Critical Care Nurses. Transcribed data were analyzed with a priori codes aligned to the constructs of UTAUT and emergent themes. The emergent themes from the RNs' lived experiences revealed perceptions of IT security mishandling, including walking away from the computer without log-off, and sharing of accounts through single sign on authenticated badges. Strategic planning for the organizational IT security may be strengthened due to the insight about the RNs' workflow related to IT security. Understanding employee perceptions, expressed intentions, and self-reported behaviors to IT security allows for the ability as managers to apply that knowledge to IT security systems, access methods, and implement procedures that will provide for increased organizational IT security and increased patient confidence. The social change from this work may provide contributions to the development of IT infrastructure systems for healthcare helping to create and maintain continued access to and availability of electronic medical records and data for increasing numbers of people who need health maintenance and care.

healthcare

information technology

nurse

password

security

UTAUT

Security or Usability : A literature study about strategies for how users choose passwords

Tran, Thanh

January 2022

Security solutions such as passwords are widely used around the world. Choosing a new password is an important security choice with significant concern for end users. For the emphasis on the security-focused feature of a password, passwords can be complicated and long. For the emphasis on the usability feature of a password, passwords can also be simple, straightforward - easy to remember and apply. The security/usability tradeoff indicates opposing restrictions that form password creation and use. Learning how users choose their passwords and the constraints they are dealt with for these tradeoffs can support technologists to improve their authentication system. Moreover, strong passwords are not always easy to remember while the effect of weak passwords is not described thoroughly to users so users certainly have a demand for good password solutions that can support them to meet their own goals. As a result, readers will explore answers to these questions and study how to be more secure with password authentication in this paper.

Password

Security

Usability

Authentication

Strategies

Övrig annan teknik

Att vara smart i det smarta hemmet

Haupt, Carl-Fredrik Eugen, Ankarstad, Erik

January 2023

Smart homes are becoming more popular and there are more and more different devices for smart homes being made. Discussions have increased about the low security level of these devices, how much data is shared with companies that provide these services and how that data is used. This study aims to find what methods are most common for securing smart homes and not sharing too much data, and why these methods are used. The question that the study is based on is: What safety precautions do users take to not spread their private information through devices in smart homes and why? To answer this question a survey has been conducted by letting people answer an online survey and interviews based on the online survey. The answers from the online survey were then subjected to statistical testing, and for the interviews a thematic analysis was made. The most common methods for being safe in smart homes were strong passwords, having different passwords for different services, updating software on devices for smart homes and using multi-factor authentication. During the following interviews the interviewees motivated the reason for using these methods with them being easy to use, convenient and that some services required them. The interviewees also frequently spoke about why they did not use certain methods, which was lack of knowledge about those methods and the associated risks, not having anything to hide and that some methods were too complicated to use.

Smart homes

security

privacy

Internet of Things

IoT

password

Computer Sciences

Datavetenskap (datalogi)

Password Managers in Digital Forensics

Hähni, Sascha David

January 2023

Digital forensics – the scientific process to draw evidence from digital devices confiscated in a criminal investigation – is constantly adapting to technological changes. A current challenge is the widespread use of encryption that makes classical data retrieval methods obsolete. Relevant data must now be retrieved from running devices and without delay, ideally directly at the time of seizure. This requires standardised processes and specialised tools to ensure no data is overlooked, that forensic integrity is maintained, and that encrypted data can be successfully made available to investigators. While research produced many promising results in this field in the last years, there is still much work to be done due to countless different applications, operating systems, and devices that all behave in different ways. This thesis addresses a software category called password managers – applications that store login credentials to different services. Despite the obvious value of password manager data to a criminal investigation, a comprehensive description of a forensic process on how to extract such data has not yet been in the focus of research. The present work addresses this gap and presents a process to extract forensically relevant data from two password manager applications – Bitwarden and KeePass – by extending an existing forensic framework called Vision. Using design science, a forensic extraction process was developed by thoroughly analysing the inner workings of the mentioned password managers. The artefact was named Password Manager Forensics (PMF) and consists of a four-step extraction process with different Python modules to automate the extraction of relevant data. PMF was tested against three scenarios in a laboratory setting to evaluate its applicability in an investigative context. The results show that the artefact is able to extract forensically relevant information related to password managers that would otherwise not be readily available to investigators. PMF is capable to identify and extract relevant files, to extract master passwords from a memory dump, to parse configuration files for relevant data, to brute-force master passwords and PIN codes, to decrypt, extract, and validate password manager vault data, and to create summary reports. PMF is the first comprehensive forensic process to extract relevant data from password managers. This brings new opportunities for digital forensics examiners and a potential to improve the handling of devices that contain password manager data in digital investigations. The current version of PMF only supports Windows desktop applications of Bitwarden and KeePass. Yet, due to the open and flexible architecture of the artefact, further expansion and improvement is possible in future research.

Digital Forensics

Password Managers

Memory Forensics

Live Forensics

Computer Sciences

Datavetenskap (datalogi)