Selecting the Honeywords from Existing User’s Passwords Using Improved Hashing and Salting Algorithm

Khin Su Myat Moe, Thanda Win

Abstract


Nowadays, hashing passwords become the most essential tool for various web applications for making login process. However, password hashing takes many times for processing and it has become easier for attackers to crack hashing passwords from legitimate users by using brute force attack. Brute force attack is one of the dangerous attacks for password hashing techniques. Therefore, the legitimate user accounts are stored the passwords with honeywords using honeywords generation algorithm in order to prevent from brute force attack. Honeywords generation method is to produce the fake or decoy password for deceiving the attackers. However, the existing honeywords generation algorithm meets the storage overhead problem. So, we are implementing the improved honeywords generation method which decreases the storage overhead problem and also it addresses the majority of the drawbacks of existing honeywords generation methods. Moreover, we store the password and honeywords into the database using a unique hashing algorithm with very low time complexity as most of the steps involved simple binary operations.


Keywords


brute force attack; hashing passwords; honeywords generation algorithm; storage overhead problem; time complexity.

Full Text:

PDF

References


Ari Jules, Ronald L. Rivest. “ Honeywords: Making Password-e Cracking Detectable.” MIT CSAIL, May 2, 2013.

Brown,K . “The danger of weak hashes,” Technical report. SANS Institute InfoSec Reading Room. 2013.

Defense Information Systems Agency (DISA) for the Department of Defense (DOD). “Application security and development.” Security technical implementation guide (STIG), version 3 release 4, 28 Oct. 2011.

K. Brown, “The Dangers of Weak Hashes,” SANS Institute InfoSec Reading Room, Tech. Rep., 2013

Mirante, D and Justin,C. “Understanding Password Database Compromise,” Technical Report TR-CSE-2013-02, Department of Computer Science and Engineering Polytechnici Institute of NYU. 2013.

Nilesh Charkraborty and Samrat Mondal. “A New Storage Optimized Honeyword Generation Approach for Enhancing Security and Usability,” 21 SEPT. 2015.

Nirvan Tyagi [ntyagi], Jessica Wang [jzwang], Kevin Wen [kevinwen] and Daniel Zuo [dzuo]. “Honey encryption Application,” Computer and network Security, Springer, 2015.

Prof. Rohini S. More, Prof. Smita S. Konda. “Resilient security against hackers using enchanced encryption techniques: Blowfish and Honey Encryption.” International Journal on Recent and Innovation Trends in Computing and Communication, vol. 4, Issue: 6, June. 2016.

R. Gennaro and Y. Lindell. “A framework for password-based authenticated key exchange,” In Advances in CryptologyEUROCRYPT 2003, Springer, 2003, pp 524–543.

S.Schechter, C. Herley and M.Mitzenmacher. “Popularity is everything: a new approach to protecting passwords from statical guressing attacks,” USENIX HotSec, 2010, pp1.

Vence, A. “If your password is 123456, just make it hackme”, The New York Times (2010).

Ziya Alper Genc, Suleyman Kardas, Mehmet Sabir Kiraz. “Examination of a New Defence Mechanism: Honeywords,” Inernational Journal of Engineering Trends and Technology (IJETT), vol. 27, Number 4, Sept. 2015.


Refbacks

  • There are currently no refbacks.

Comments on this article

View all comments


 

 
  

 

  


About IJC | Privacy PolicyTerms & Conditions | Contact Us | DisclaimerFAQs 

IJC is published by (GSSRR).