Global ETD Search

1	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh 20 December 2012 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
2	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh 20 December 2012 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
3	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh January 2013 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
4	Modeling Rational Adversaries: Predicting Behavior and Developing Deterrents Benjamin D Harsha (11186139) 26 July 2021 (has links) In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utility-optimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated Application-Specific Integrated Circuits (ASICs) to store passwords. Computation Theory and Mathematics Computer System Security rational adversary cryptography passwords password security password cracking
5	Password Management : A Study about Current Challenges with Password Management Jalali, Ali, Assadi, Laila, Osman, Asma January 2023 (has links) Effective password management is crucial for safeguarding online accounts and sensitive information. This research examines the current challenges and provides alternative solutions for better password management. This study encompasses a comprehensive survey and interviews conducted with individuals across various professional backgrounds. A total of 137 online users participated in the survey, which spanned over a duration of 15 days. Additionally, four individuals were interviewed to gather more indepth data. The study aimed to understand password selection behaviors and the factors influencing them. The goal is to develop practical strategies to enhance password security and mitigate unauthorized access to sensitive information. The purpose of the study is to provide valuable insights into the complexities of password management and contribute to the development of informed approaches for stronger password security. The study emphasizes the significance of password management and highlights the importance of educating users about the risks associated with weak passwords. The findings have implications not only for the research community but also for individuals and organizations seeking to understand user behavior and attitudes towards password systems. By gaining a deeper understanding of these aspects, it becomes possible to design more effective strategies to protect online accounts and sensitive data. Password managers password management password security user behavior authentication methods Computer Sciences Datavetenskap (datalogi)
6	Password protection by analyzed keystrokes : Using Artificial Intelligence to find the impostor Danilovic, Robert, Svensson, Måns January 2021 (has links) A literature review was done to find that there are still issues with writing passwords. From the information gathered, it is stated that using keystroke characteristics could have the potential to add another layer of security to compromised user accounts. The world has become more and more connected and the amount of people who store personal information online or on their phones has steadily increased. In this thesis, a solution is proposed and evaluated to make authentication safer and less intrusive. Less intrusive in this case means that it does not require cooperation from the user, it just needs to capture data from the user in the background. As authentication methods such as fingerprint scanning and facial recognition are becoming more popular this work is investigating if there are any other biometric features for user authentication.Employing Artificial Intelligence, extra sensor metrics and Machine Learning models with the user's typing characteristics could be used to uniquely identify users. In this context the Neural Network and Support Vector Machine algorithms have been examined, alongside the gyroscope and the touchscreen sensors. To test the proposed method, an application has been built to capture typing characteristics for the models to train on. In this thesis, 10 test subjects were chosen to type a password multiple times so that they would generate the data. After the data was gathered and pre-processed an analysis was conducted and sent to train the Machine Learning models. This work's proposed solution and presented data serve as a proof of concept that there are additional sensors that could be used to authenticate users, namely the gyroscope. Capturing typing characteristics of users, our solution managed to achieve a 97.7% accuracy using Support Vector Machines in authenticating users. Keystroke dynamics Password security Artificial Intelligence Mobile application Neural network SVM Gyroscope Typing Characteristics Computer Engineering Datorteknik
7	Användning och uppfattning av lösenordshanterare : En kvantitativ enkätundersökning om vilka faktorer som påverkar användningen av lösenordshanterare / Usage and perception of password managers : A quantitative survey on which factors influence the use of password managers Björk, Theodor January 2023 (has links) Lösenord och användarnamn används för att identifiera och autentisera användare i olika system, tjänster och applikationer. För att försäkra att ingen obehörig får åtkomst till diverse system, tjänst eller applikation krävs korrekta autentiseringsuppgifter. Nya användare har oftast i uppgift att skapa egna lösenord, vilket har visat sig vara bristfälligt. Genom tidigare forskning har det fastställts att användare i stort omfång återanvänder eller skapar lösenord som är lätta att gissa. Genom att använda en lösenordshanterare kan skapandet av nya lösenord underlättas genom att generera nya via lösenordshanteraren. Lösenordshanterare kan även spara och lagra lösenord som gör det enklare att skapa lösenord som är mer komplexa. Tidigare studier visar på att webbaserade alternativ inte är lika säkra som fristående alternativ. Denna studie undersöker vilka faktorer som påverkar användningen av lösenordshanterare. Genom att genomföra en enkätundersökning med respondenterna som använder olika typer av lösenordshanterare kan en uppskattning av faktorer som påverkar användandet mätas. Att även rikta frågor mot personer som inte använder lösenordshanterare kan ge förståelse för användning av lösenordshanterare ur ett bredare perspektiv. Resultatet från studien visar på att upplevd nytta, vana, kostnad och tillit är faktorer som påverkar användningen av lösenordshanterare. Password managers perception attitude password security survey Lösenordshanterare uppfattning attityder lösenordssäkerhet enkätundersökning Information Systems, Social aspects
8	New Theoretical Techniques For Analyzing And Mitigating Password Cracking Attacks Peiyuan Liu (18431811) 26 April 2024 (has links) <p dir="ltr">Brute force guessing attacks continue to pose a significant threat to user passwords. To protect user passwords against brute force attacks, many organizations impose restrictions aimed at forcing users to select stronger passwords. Organizations may also adopt stronger hashing functions in an effort to deter offline brute force guessing attacks. However, these defenses induce trade-offs between security, usability, and the resources an organization is willing to investigate to protect passwords. In order to make informed password policy decisions, it is crucial to understand the distribution over user passwords and how policy updates will impact this password distribution and/or the strategy of a brute force attacker.</p><p dir="ltr">This first part of this thesis focuses on developing rigorous statistical tools to analyze user password distributions and the behavior of brute force password attackers. In particular, we first develop several rigorous statistical techniques to upper and lower bound the guessing curve of an optimal attacker who knows the user password distribution and can order guesses accordingly. We apply these techniques to analyze eight password datasets and two PIN datasets. Our empirical analysis demonstrates that our statistical techniques can be used to evaluate password composition policies, compare the strength of different password distributions, quantify the impact of applying PIN blocklists, and help tune hash cost parameters. A real world attacker may not have perfect knowledge of the password distribution. Prior work introduced an efficient Monte Carlo technique to estimate the guessing number of a password under a particular password cracking model, i.e., the number of guesses an attacker would check before this particular password. This tool can also be used to generate password guessing curves, but there is no absolute guarantee that the guessing number and the resulting guessing curves are accurate. Thus, we propose a tool called Confident Monte Carlo that uses rigorous statistical techniques to upper and lower bound the guessing number of a particular password as well as the attacker's entire guessing curve. Our empirical analysis also demonstrate that this tool can be used to help inform password policy decisions, e.g., identifying and warning users with weaker passwords, or tuning hash cost parameters.</p><p dir="ltr">The second part of this thesis focuses on developing stronger password hashing algorithms to protect user passwords against offline brute force attacks. In particular, we establish that the memory hard function Scrypt, which has been widely deployed as password hash function, is maximally bandwidth hard. We also present new techniques to construct and analyze depth robust graph with improved concrete parameters. Depth robust graph play an essential rule in the design and analysis of memory hard functions.</p> Cryptography Data security and protection Memory Hard Function Password Security Statistical Analysis Cryptography Theoretical Bounds Depth-Robust Graph Password Dataset Password Distribution Bandwidth Hardness Password Cracking Model
9	Webbläsares inbyggda lösenordshanterare : Faktorer som påverkar privatpersoners användning/ickeanvändning av webbläsares inbyggda lösenordshanterare / Web-browsers built-in password managers : Factors affecting the use/non-use of browsers' built-in password managers by individuals Klaar, Jonathan, Masak, Allen January 2021 (has links) Kunskap om lösenord och deras säkerhet är idag något som förbises av den gemene datoranvändaren. Lösenordshanterare kan både hjälpa och skydda vid hanteringen av lösenord. De flesta webbläsare idag har inbyggda funktioner för lösenordshantering. Utifrån existerande litteratur kunde det identifieras att det behövs data kring vilka faktorer som påverkar webbläsares användare att använda respektive inte använda dessa inbyggda lösenordshanterare. Syftet med rapporten är att presentera en analys av faktorer som påverkar varför privatpersoner väljer att använda respektive inte använda webbläsares inbyggda lösenordshanterare. Resultatet presenteras med hjälp av kvalitativa semi-strukturerade intervjuer där 33 respondenter deltagit och besvarat frågor kring deras hantering av lösenord och användning av webbläsares inbyggda lösenordshanterare. Resultat från intervjuer visade att faktorer som var av betydande roll för ickeanvändande respondenter var starkt kopplade till datorvana och hur ofta respondenter använde datorn. De faktorer som spelade störst roll för användare av verktyget var enkelhet och tidseffektivitet. Icke-användare tenderade att ha en behovsbrist gällande verktyget, mestadels på grund av deras avsaknad av datoranvändning. Faktorer som påverkar användare och icke-användare visade sig stämma överens med tidigare forskning. Dessutom sammanfattades att antalet respondenter som var användare av lösenordshanterare var betydligt högre än vad som tidigare hävdats i litteratur. Majoriteten av respondenterna (79%) var användare av lösenordshanterare, vilket motsäger tidigare studier som utförts där endast 23% använder sig av lösenordshanterare. / Knowledge of passwords and their security is today something that is overlooked by the everyday computer user. Password managers can both help and protect when managing passwords. Most web browsers today have built-in password management features. Based on existing literature, it could be identified that there is a need for knowledge concerning which factors influence web browser users to use or not use their built-in password managers. The purpose of the report is to present an analysis of factors that affect why private individuals choose to use or not use browsers built-in password managers. The results are presented with the help of qualitative semi-structured interviews in which 33 respondents participated and answered questions about their handling of passwords and the use of web browsers built-in password managers. Results from the interviews showed that factors that were significant for non-user respondents were strongly linked to computer skills and how often respondents used the computer. The factors that played the biggest role for users of the tool were simplicity and time efficiency. Non-users tended to have a lack of need for the tool, mostly because of their lack of computer usage. Factors affecting users and non-users were found to be consistent with previous research. In addition, it was concluded that the number of respondents who were users of password managers was significantly higher than previously claimed in the literature. The majority of respondents (79%) were users of password managers, which contradicts previous studies conducted where only 23% use password managers. Password management technical security informational security web browsers builtin password managers password security master password memorization Lösenordshantering teknisk säkerhet informationssäkerhet lösenordssäkerhet huvudlösenord memorering Information Systems
10	The trends in the offline password-guessing field : Offline guessing attack on Swedish real-life passwords / Trenderna inom fältet för offline-gissning av lösenord : Offline-gissningsattack på svenska verkliga lösenord Zarzour, Yasser, Alchtiwi, Mohamad January 2023 (has links) Password security is one of the most critical aspects of IT security, as password-based authentication is still the primary authentication method. Unfortunately, our passwords are subject to different types of weaknesses and various types of password-guessing attacks. The first objective of this thesis is to provide a general perception of the trends in offline password-guessing tools, methods, and techniques. The study shows that the most cited tools are Hashcat, John the Ripper, Ordered Markov ENumerator (OMEN), and PassGan. Methods are increasingly evolving and becoming more sophisticated by emerging Deep Learning and Neural Networks. Unlike methods and tools, techniques are not subject to significant development, noting that dictionary and rule-based attacks are at the top of used techniques. The second objective of this thesis is to explore to what extent Swedish personal names are used in real-life passwords. Hence, an experiment is conducted for this purpose. The experiment results show that about 26% of Swedish users use their personal names when they create passwords, making them vulnerable to easy guessing by password-guessing tools. Furthermore, a simple analysis of the resulting password recovery file is performed in terms of password length and complexity. The resulting numbers show that more than half of guessed passwords are shorter than eight characters, indicating incompliance with the recommendations from standard organizations. In addition, results show a weak combination of letters, digits, and special characters, indicating that many Swedish users do not maintain sufficient diversity when composing their passwords. This means less password complexity, making passwords an easy target to guess. This study may serve as a quick reference to getting an overview of trends in the password-guessing field. On the other side, the resulting rate of Swedish personal names in Swedish password leaks may draw the attention of active social actors regarding information security to improve password security measures in Sweden. / Lösenordssäkerhet är en av de mest kritiska aspekterna av IT-säkerhet eftersom lösenordsbaserad autentisering fortfarande är den viktigaste metoden för autentisering. Tyvärr är våra lösenord föremål för olika typer av svagheter och olika typer av lösenordsgissningsattacker. Det första syftet med detta arbete är att ge en allmän uppfattning om trenderna inom verktyg,metoder och tekniker angående offline lösenordsgissning. Studien visar att Hashcat, John the Ripper, Ordered Markov ENumerator OMEN och PassGan är de mest citerade verktygen. Medan metoderna alltmer utvecklas och blir mer sofistikerade genom framväxande “DeepLearning”, och “Neural Networks”. Till skillnad från metoder och verktyg är tekniker inte föremål för stor utveckling, och notera att “dictionary” attacker och “rule-based” attacker är överst bland använda tekniker. Det andra syftet är att utforska i vilken utsträckning svenska personnamn används i verkliga lösenord. Därför genomförs ett experiment för detta ändamål. Resultaten av experimentet visar att cirka 26 % av svenska användare använder sina personnamn när de skapar lösenord, vilket gör lösenord sårbara för enkel gissning med hjälp av lösenordsgissningsverktyg. Dessutom utförs en enkel analys av den resulterande lösenordsåterställningsfilen vad gäller lösenordslängd och komplexitet. De resulterande siffrorna visar att mer än hälften av de gissade lösenorden är kortare än åtta tecken, vilket är en indikation på att de inte följer rekommendationerna från standardorganisationer. Resultaten visar också en svag kombination av bokstäver, siffror och specialtecken vilket indikerar att många svenskar inte upprätthåller tillräcklig variation när de komponerar sina lösenord. Detta innebär mindre lösenordskomplexitet, vilket gör lösenord till ett mål för enkel gissning. Arbetet kan fungera som en snabbreferens för att få en överblick över trender inom lösenordsgissningsfältet. Å andra sidan kan den resulterande andelen svenska personnamn i svenska lösenordsläckor uppmärksamma de aktiva aktörerna i samhället gällande informationssäkerhet för att förbättra lösenordssäkerhetsåtgärderna i Sverige. Password security password-guessing tool password-guessing method password-guessing technique offline attack Swedish password leak Lösenordssäkerhet lösenordsgissningsverktyg lösenordsgissningsmetoder lösenordsgissningstekniker offline attack svenska lösenordsläckor Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Information Systems Other Computer and Information Science Annan data- och informationsvetenskap Probability Theory and Statistics Sannolikhetsteori och statistik Computer Systems Datorsystem

Search results