Selecting the Honeywords from Existing User’s Passwords Using Improved Hashing and Salting Algorithm

Authors

  • Khin Su Myat Moe Department of Computer Engineering and Information Technology, Yangon Technological University, Yangon, Myanmar
  • Thanda Win Department of Computer Engineering and Information Technology, Yangon Technological University, Yangon, Myanmar

Keywords:

brute force attack, hashing passwords, honeywords generation algorithm, storage overhead problem, time complexity.

Abstract

Nowadays, hashing passwords become the most essential tool for various web applications for making login process. However, password hashing takes many times for processing and it has become easier for attackers to crack hashing passwords from legitimate users by using brute force attack. Brute force attack is one of the dangerous attacks for password hashing techniques. Therefore, the legitimate user accounts are stored the passwords with honeywords using honeywords generation algorithm in order to prevent from brute force attack. Honeywords generation method is to produce the fake or decoy password for deceiving the attackers. However, the existing honeywords generation algorithm meets the storage overhead problem. So, we are implementing the improved honeywords generation method which decreases the storage overhead problem and also it addresses the majority of the drawbacks of existing honeywords generation methods. Moreover, we store the password and honeywords into the database using a unique hashing algorithm with very low time complexity as most of the steps involved simple binary operations.

References

Ari Jules, Ronald L. Rivest. “ Honeywords: Making Password-e Cracking Detectable.” MIT CSAIL, May 2, 2013.

Brown,K . “The danger of weak hashes,” Technical report. SANS Institute InfoSec Reading Room. 2013.

Defense Information Systems Agency (DISA) for the Department of Defense (DOD). “Application security and development.” Security technical implementation guide (STIG), version 3 release 4, 28 Oct. 2011.

K. Brown, “The Dangers of Weak Hashes,” SANS Institute InfoSec Reading Room, Tech. Rep., 2013

Mirante, D and Justin,C. “Understanding Password Database Compromise,” Technical Report TR-CSE-2013-02, Department of Computer Science and Engineering Polytechnici Institute of NYU. 2013.

Nilesh Charkraborty and Samrat Mondal. “A New Storage Optimized Honeyword Generation Approach for Enhancing Security and Usability,” 21 SEPT. 2015.

Nirvan Tyagi [ntyagi], Jessica Wang [jzwang], Kevin Wen [kevinwen] and Daniel Zuo [dzuo]. “Honey encryption Application,” Computer and network Security, Springer, 2015.

Prof. Rohini S. More, Prof. Smita S. Konda. “Resilient security against hackers using enchanced encryption techniques: Blowfish and Honey Encryption.” International Journal on Recent and Innovation Trends in Computing and Communication, vol. 4, Issue: 6, June. 2016.

R. Gennaro and Y. Lindell. “A framework for password-based authenticated key exchange,” In Advances in CryptologyEUROCRYPT 2003, Springer, 2003, pp 524–543.

S.Schechter, C. Herley and M.Mitzenmacher. “Popularity is everything: a new approach to protecting passwords from statical guressing attacks,” USENIX HotSec, 2010, pp1.

Vence, A. “If your password is 123456, just make it hackme”, The New York Times (2010).

Ziya Alper Genc, Suleyman Kardas, Mehmet Sabir Kiraz. “Examination of a New Defence Mechanism: Honeywords,” Inernational Journal of Engineering Trends and Technology (IJETT), vol. 27, Number 4, Sept. 2015.

Downloads

Published

2018-02-16

How to Cite

Moe, K. S. M., & Win, T. (2018). Selecting the Honeywords from Existing User’s Passwords Using Improved Hashing and Salting Algorithm. International Journal of Computer (IJC), 28(1), 133–142. Retrieved from https://ijcjournal.org/index.php/InternationalJournalOfComputer/article/view/1148

Issue

Section

Articles