Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, 2015 1 Karthik Padullaparty.

Slides:



Advertisements
Similar presentations
1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010
Advertisements

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.
Password Cracking Lesson 10. Why crack passwords?
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Access Control Methodologies
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
presenter : Eirini Aikaterini Degleri , 2735
Appendix B: Designing Policies for Managing Networks.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
CMSC 414 Computer (and Network) Security Lecture 9 Jonathan Katz.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.
Lecture 11 Reliability and Security in IT infrastructure.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Factors to be taken into account when designing ICT Security Policies
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.
CIS 450 – Network Security Chapter 8 – Password Security.
CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
In the web address box enter Enter your user ID (first and last initial 7 digit ID number) Select Log in.
Requirements I Gathering Data with Users. Objectives By the end of this class you should be able to… Explain the importance of involving users in requirements.
Honey Encryption: Security Beyond the Brute-Force Bound
Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University.
Brand-New Hash Function   BeeM A. Satoh SCIS2006 SHA-1 Broken! Prof. Xiaoyun Wang.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
MD5 ALGORITHM past and present. History Initial checking of integrity – checksums, then CRC These are only good at detecting lost information due to hardware.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
Presented by Sharan Dhanala
Lecture 5 User Authentication modified from slides of Lawrie Brown.
NetTech Solutions Supporting Local Users and Groups Lesson Three.
By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings.
Design 11 Mr. Jean October 1 st, The plan: Video clip of the day From the designers themselves –Examples for logo design Designing logos Design.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.
多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date: Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
The Development of a search engine & Comparison according to algorithms Sung-soo Kim The final report.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
CAP Malware and Software Vulnerability Analysis Term Project Proposal - Spring 2009 Professor: Dr. Zou Team members: Andrew Mantel & Peter Matthews.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.
Over 18 yrs experience with SQL Server
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Understanding Security Policies Lesson 3. Objectives.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Understanding Security Policies
Investigation of Instructions for Password Generation
Password Cracking Lesson 10.
Little work is accurate
CSCD 434 Network Security Spring 2012 Lecture 1 Course Overview.
Security network management
Computer Security Protection in general purpose Operating Systems
Password AL-Salman Mohammed Mohammed Ali Rayan Rasheed.
Presentation transcript:

Honeywords: Making Passwords-Cracking Detectable Ari Jules, Ronald L. Rivest Presented by: Karthik Padullaparty | kpad470 October 14, Karthik Padullaparty Proceeding CCS '13CCS '13 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security Pages

Summary Stolen hash files Extended from Honey accounts Honeywords (dummy passwords) for every user Use of Honey Checker for authentication Paper also covers: Honeyword generation Policy choices Potential attacks against this system 2October 14, 2015

Aspect Honeyword generation poses the same threats as passwords, and they are not the most satisfactory approach to authenticate a user My focus – Honeyword generation methods and their limitations Chaffing-with-a-password model Hybrid Generation October 14, 20153

Chaffing with a password model Use of a probabilistic model of real passwords Doesn’t require users password to generate a Honeyword Uses a simple probability model to generate x number of Honeywords October 14, 20154

Hybrid Generation Hybrid generation uses Legacy-UI Combines the strength of Chaffing with a password model and chaffing by tweaking digits “We assume a password composition policy that requires at least one digit, so that tweaking digits is always possible.” Use of dictionary words October 14, 20155

Final Thoughts Gather insights on how passwords are generated Refine cracking algorithms Using multiple systems to log in My thoughts Making passwords realistic Using old passwords October 14, 20156

Questions 7October 14, 2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.