Presentation is loading. Please wait.

Presentation is loading. Please wait.

Targeted Online Password Guessing: An Underestimated Threat

Published byKauko Penttilä Modified over 6 years ago

Similar presentations

Presentation on theme: "Targeted Online Password Guessing: An Underestimated Threat"— Presentation transcript:

1 Targeted Online Password Guessing: An Underestimated Threat
ACM CCS 2016 Ding Wang, Zijian Zhang, Ping Wang (Peking University,China) Jeff Yan (Lancaster University, UK) Xinyi Huang (Fujian Normal University, China)

2 Real-world password datasets
Five Chinese datasets, Five English ones A total of million

3 Real-world personal info datasets
Three Chinese ones, One English Finally, we get 7 PII-associated datasets by by matching with password datasets.

4 Experimental results on normal users With 100 guesses,
TarGuess-I outperforms Personal-PCFG by 46%; TarGuess-II outperforms Das et al. ‘s by 72%; Both TarGuess-III and IV gain 73%+ success rates.

5 on security-savvy users
Experimental results on security-savvy users With 100 guesses, TarGuess-I outperforms Personal-PCFG by 142%; TarGuess-II outperforms Das et al. ‘s by 169%; Both TarGuess-III and IV gain 32%+ success rates.

6 ——A further validation
Experimental results ——A further validation Cracking real Xiaomi cloud accounts 5.3K Xiaomi MD5-salted hashes, obtained by matching the 8.28 million Xiaomi dataset with the 130K dataset using . Very consistent results with these plaintext-based experiments on normal users.

7 THANK YOU & QUESTIONS

Download ppt "Targeted Online Password Guessing: An Underestimated Threat"

Similar presentations

Your Security in the IT Market www.i.cz Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno.

Your Security in the IT Market Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno.
How the Private Virtual Office delivers Scalable and Elastic computing resources to your Organization Without Additional Investment in Server Capacity.

How the Private Virtual Office delivers Scalable and Elastic computing resources to your Organization Without Additional Investment in Server Capacity.
Miguel E. Andrés. What is information leakage? An incident where the confidentiality of information has been compromised. Examples [2010] Gmail accounts.

Miguel E. Andrés. What is information leakage? An incident where the confidentiality of information has been compromised. Examples [2010] Gmail accounts.
1 Financial Mathematics Clicker review session, Final.

1 Financial Mathematics Clicker review session, Final.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
OCFS: Optimal Orthogonal Centroid Feature Selection for Text Categorization Jun Yan, Ning Liu, Benyu Zhang, Shuicheng Yan, Zheng Chen, and Weiguo Fan et.

OCFS: Optimal Orthogonal Centroid Feature Selection for Text Categorization Jun Yan, Ning Liu, Benyu Zhang, Shuicheng Yan, Zheng Chen, and Weiguo Fan et.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
Better Air Quality in Asian and Pacific Rim Cities (BAQ 2002) 16-18 December 2002, Hong Kong SAR The Trend of Acid Rain in China W. Wang 1,3, T. Wang 2,

Better Air Quality in Asian and Pacific Rim Cities (BAQ 2002) December 2002, Hong Kong SAR The Trend of Acid Rain in China W. Wang 1,3, T. Wang 2,
Enter User Id and Password Click on Submit Press Place Order Button.

Enter User Id and Password Click on Submit Press Place Order Button.
Databases and security continued CMSC 461 Michael Wilson.

Databases and security continued CMSC 461 Michael Wilson.
Honey Encryption: Security Beyond the Brute-Force Bound

Honey Encryption: Security Beyond the Brute-Force Bound
The Online Activity Module User Account and Contact Us June 5, 2013.

The Online Activity Module User Account and Contact Us June 5, 2013.
TAD Screen Shots Kevin Coombes, et al.. TAD TAD (Tissue Array Database) is an SQL database and ASP front end for tissue microarrays The screen shots in.

TAD Screen Shots Kevin Coombes, et al.. TAD TAD (Tissue Array Database) is an SQL database and ASP front end for tissue microarrays The screen shots in.
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.

6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
Online Kinect Handwritten Digit Recognition Based on Dynamic Time Warping and Support Vector Machine Journal of Information & Computational Science, 2015.

Online Kinect Handwritten Digit Recognition Based on Dynamic Time Warping and Support Vector Machine Journal of Information & Computational Science, 2015.
Национальная процедура одобрения и регистрации проектов (программ) международной технической помощи (исключая представление информации об организации и.

Национальная процедура одобрения и регистрации проектов (программ) международной технической помощи (исключая представление информации об организации и.
8.1.4 Can it still be factored? Factoring Completely I can factor out a common factor.

8.1.4 Can it still be factored? Factoring Completely I can factor out a common factor.
BEHAVIORAL TARGETING IN ON-LINE ADVERTISING: AN EMPIRICAL STUDY AUTHORS: JOANNA JAWORSKA MARCIN SYDOW IN DEFENSE: XILING SUN & ARINDAM PAUL.

BEHAVIORAL TARGETING IN ON-LINE ADVERTISING: AN EMPIRICAL STUDY AUTHORS: JOANNA JAWORSKA MARCIN SYDOW IN DEFENSE: XILING SUN & ARINDAM PAUL.
Institute of International Studies Tsinghua University

Institute of International Studies Tsinghua University

Similar presentations

Ads by Google