Global ETD Search

1	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh 20 December 2012 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
2	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh 20 December 2012 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
3	CredProxy: A Password Manager for Online Authentication Environments Golrang, Mohammad Saleh January 2013 (has links) Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing. Dictionary Attacks Password Managers Password Security Website User Authentication Virtual Keyboards MITB Attacks
4	Modeling Rational Adversaries: Predicting Behavior and Developing Deterrents Benjamin D Harsha (11186139) 26 July 2021 (has links) In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utility-optimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated Application-Specific Integrated Circuits (ASICs) to store passwords. Computation Theory and Mathematics Computer System Security rational adversary cryptography passwords password security password cracking
5	Password Management : A Study about Current Challenges with Password Management Jalali, Ali, Assadi, Laila, Osman, Asma January 2023 (has links) Effective password management is crucial for safeguarding online accounts and sensitive information. This research examines the current challenges and provides alternative solutions for better password management. This study encompasses a comprehensive survey and interviews conducted with individuals across various professional backgrounds. A total of 137 online users participated in the survey, which spanned over a duration of 15 days. Additionally, four individuals were interviewed to gather more indepth data. The study aimed to understand password selection behaviors and the factors influencing them. The goal is to develop practical strategies to enhance password security and mitigate unauthorized access to sensitive information. The purpose of the study is to provide valuable insights into the complexities of password management and contribute to the development of informed approaches for stronger password security. The study emphasizes the significance of password management and highlights the importance of educating users about the risks associated with weak passwords. The findings have implications not only for the research community but also for individuals and organizations seeking to understand user behavior and attitudes towards password systems. By gaining a deeper understanding of these aspects, it becomes possible to design more effective strategies to protect online accounts and sensitive data. Password managers password management password security user behavior authentication methods Computer Sciences Datavetenskap (datalogi)
6	User Perception of their Password Habits in Terms of Security, Memorability, and Usability Florestedt, Louise, Andersson, Malin January 2024 (has links) In an era where digital security concerns are paramount, understanding users' behaviors and attitudes towards password management is crucial. This research examines users' perception of their password habits in terms of security, memorability, and usability. The study encompasses a comprehensive survey and interviews conducted with individuals across various professional backgrounds and age groups. A total of 87 online users responded to the questionnaire and ten individuals were interviewed to gather more in-depth data. The study aimed to understand how users perceive the trade-offs between security, memorability, and usability in their password habits and what factors influence their choices in creating and managing passwords. The findings reveal nuanced insights into users' password practices. While users acknowledge the importance of security, they often prioritize memorability and usability over stringent security measures. Factors such as convenience, familiarity, and personal preferences significantly influence password creation and management. Despite being aware of security risks associated with weak passwords and password reuse, users commonly engage in these practices due to the challenges posed by complex password requirements and the sheer volume of passwords needed for various accounts. Overall, this research underscores the importance of understanding users' perspectives on password habits to develop more effective strategies for promoting password security. By bridging the gap between user behavior and security policies, organizations may be able to tailor interventions that align with user preferences, thereby fostering a more secure online environment. Information Security Passwords Password Security Memorability Usability Password Habits Information Systems
7	PASSWORD SECURITY, AN ANALYSIS OF AUTHENTICATION METHODS Safder, Waqas January 2024 (has links) An era in which transactions and communication are quick and easy owing to fast-growing IT technology has commenced nowadays. Because of the extensive use of IT and its wide distribution, it is easy to access private information. Implementing more stringent computer security processes is vital to shielding this data from unlawful penetration, a never-ending battle. Data and service integrity, availability, and confidentiality are the three pillars upon which computer security stands. Password authentication is the key defense mechanism used among the systems battling security loopholes. This research selected a systematic literature review (SLR) to collect up-to-date data on different password security authentication mechanisms. A detailed review of the previous work isdone to gather all existing authentication techniques from the current literature and compare and select them for use in different settings. The result revealed the usages, benefits, and drawbacks of discovered password security and authentication methods. In the end, a framework is proposed to enhance the security of password systems. Password-Based Authentication Password Security Authentication Techniques Computer and Information Sciences Data- och informationsvetenskap
8	Password protection by analyzed keystrokes : Using Artificial Intelligence to find the impostor Danilovic, Robert, Svensson, Måns January 2021 (has links) A literature review was done to find that there are still issues with writing passwords. From the information gathered, it is stated that using keystroke characteristics could have the potential to add another layer of security to compromised user accounts. The world has become more and more connected and the amount of people who store personal information online or on their phones has steadily increased. In this thesis, a solution is proposed and evaluated to make authentication safer and less intrusive. Less intrusive in this case means that it does not require cooperation from the user, it just needs to capture data from the user in the background. As authentication methods such as fingerprint scanning and facial recognition are becoming more popular this work is investigating if there are any other biometric features for user authentication.Employing Artificial Intelligence, extra sensor metrics and Machine Learning models with the user's typing characteristics could be used to uniquely identify users. In this context the Neural Network and Support Vector Machine algorithms have been examined, alongside the gyroscope and the touchscreen sensors. To test the proposed method, an application has been built to capture typing characteristics for the models to train on. In this thesis, 10 test subjects were chosen to type a password multiple times so that they would generate the data. After the data was gathered and pre-processed an analysis was conducted and sent to train the Machine Learning models. This work's proposed solution and presented data serve as a proof of concept that there are additional sensors that could be used to authenticate users, namely the gyroscope. Capturing typing characteristics of users, our solution managed to achieve a 97.7% accuracy using Support Vector Machines in authenticating users. Keystroke dynamics Password security Artificial Intelligence Mobile application Neural network SVM Gyroscope Typing Characteristics Computer Engineering Datorteknik
9	Användning och uppfattning av lösenordshanterare : En kvantitativ enkätundersökning om vilka faktorer som påverkar användningen av lösenordshanterare / Usage and perception of password managers : A quantitative survey on which factors influence the use of password managers Björk, Theodor January 2023 (has links) Lösenord och användarnamn används för att identifiera och autentisera användare i olika system, tjänster och applikationer. För att försäkra att ingen obehörig får åtkomst till diverse system, tjänst eller applikation krävs korrekta autentiseringsuppgifter. Nya användare har oftast i uppgift att skapa egna lösenord, vilket har visat sig vara bristfälligt. Genom tidigare forskning har det fastställts att användare i stort omfång återanvänder eller skapar lösenord som är lätta att gissa. Genom att använda en lösenordshanterare kan skapandet av nya lösenord underlättas genom att generera nya via lösenordshanteraren. Lösenordshanterare kan även spara och lagra lösenord som gör det enklare att skapa lösenord som är mer komplexa. Tidigare studier visar på att webbaserade alternativ inte är lika säkra som fristående alternativ. Denna studie undersöker vilka faktorer som påverkar användningen av lösenordshanterare. Genom att genomföra en enkätundersökning med respondenterna som använder olika typer av lösenordshanterare kan en uppskattning av faktorer som påverkar användandet mätas. Att även rikta frågor mot personer som inte använder lösenordshanterare kan ge förståelse för användning av lösenordshanterare ur ett bredare perspektiv. Resultatet från studien visar på att upplevd nytta, vana, kostnad och tillit är faktorer som påverkar användningen av lösenordshanterare. Password managers perception attitude password security survey Lösenordshanterare uppfattning attityder lösenordssäkerhet enkätundersökning Information Systems, Social aspects
10	New Theoretical Techniques For Analyzing And Mitigating Password Cracking Attacks Peiyuan Liu (18431811) 26 April 2024 (has links) <p dir="ltr">Brute force guessing attacks continue to pose a significant threat to user passwords. To protect user passwords against brute force attacks, many organizations impose restrictions aimed at forcing users to select stronger passwords. Organizations may also adopt stronger hashing functions in an effort to deter offline brute force guessing attacks. However, these defenses induce trade-offs between security, usability, and the resources an organization is willing to investigate to protect passwords. In order to make informed password policy decisions, it is crucial to understand the distribution over user passwords and how policy updates will impact this password distribution and/or the strategy of a brute force attacker.</p><p dir="ltr">This first part of this thesis focuses on developing rigorous statistical tools to analyze user password distributions and the behavior of brute force password attackers. In particular, we first develop several rigorous statistical techniques to upper and lower bound the guessing curve of an optimal attacker who knows the user password distribution and can order guesses accordingly. We apply these techniques to analyze eight password datasets and two PIN datasets. Our empirical analysis demonstrates that our statistical techniques can be used to evaluate password composition policies, compare the strength of different password distributions, quantify the impact of applying PIN blocklists, and help tune hash cost parameters. A real world attacker may not have perfect knowledge of the password distribution. Prior work introduced an efficient Monte Carlo technique to estimate the guessing number of a password under a particular password cracking model, i.e., the number of guesses an attacker would check before this particular password. This tool can also be used to generate password guessing curves, but there is no absolute guarantee that the guessing number and the resulting guessing curves are accurate. Thus, we propose a tool called Confident Monte Carlo that uses rigorous statistical techniques to upper and lower bound the guessing number of a particular password as well as the attacker's entire guessing curve. Our empirical analysis also demonstrate that this tool can be used to help inform password policy decisions, e.g., identifying and warning users with weaker passwords, or tuning hash cost parameters.</p><p dir="ltr">The second part of this thesis focuses on developing stronger password hashing algorithms to protect user passwords against offline brute force attacks. In particular, we establish that the memory hard function Scrypt, which has been widely deployed as password hash function, is maximally bandwidth hard. We also present new techniques to construct and analyze depth robust graph with improved concrete parameters. Depth robust graph play an essential rule in the design and analysis of memory hard functions.</p> Cryptography Data security and protection Memory Hard Function Password Security Statistical Analysis Cryptography Theoretical Bounds Depth-Robust Graph Password Dataset Password Distribution Bandwidth Hardness Password Cracking Model

Search results