Selecting the Honeywords from Existing User’s Passwords Using Improved Hashing and Salting Algorithm
Nowadays, hashing passwords become the most essential tool for various web applications for making login process. However, password hashing takes many times for processing and it has become easier for attackers to crack hashing passwords from legitimate users by using brute force attack. Brute force attack is one of the dangerous attacks for password hashing techniques. Therefore, the legitimate user accounts are stored the passwords with honeywords using honeywords generation algorithm in order to prevent from brute force attack. Honeywords generation method is to produce the fake or decoy password for deceiving the attackers. However, the existing honeywords generation algorithm meets the storage overhead problem. So, we are implementing the improved honeywords generation method which decreases the storage overhead problem and also it addresses the majority of the drawbacks of existing honeywords generation methods. Moreover, we store the password and honeywords into the database using a unique hashing algorithm with very low time complexity as most of the steps involved simple binary operations.
Ari Jules, Ronald L. Rivest. “ Honeywords: Making Password-e Cracking Detectable.” MIT CSAIL, May 2, 2013.
Brown,K . “The danger of weak hashes,” Technical report. SANS Institute InfoSec Reading Room. 2013.
Defense Information Systems Agency (DISA) for the Department of Defense (DOD). “Application security and development.” Security technical implementation guide (STIG), version 3 release 4, 28 Oct. 2011.
K. Brown, “The Dangers of Weak Hashes,” SANS Institute InfoSec Reading Room, Tech. Rep., 2013
Mirante, D and Justin,C. “Understanding Password Database Compromise,” Technical Report TR-CSE-2013-02, Department of Computer Science and Engineering Polytechnici Institute of NYU. 2013.
Nilesh Charkraborty and Samrat Mondal. “A New Storage Optimized Honeyword Generation Approach for Enhancing Security and Usability,” 21 SEPT. 2015.
Nirvan Tyagi [ntyagi], Jessica Wang [jzwang], Kevin Wen [kevinwen] and Daniel Zuo [dzuo]. “Honey encryption Application,” Computer and network Security, Springer, 2015.
Prof. Rohini S. More, Prof. Smita S. Konda. “Resilient security against hackers using enchanced encryption techniques: Blowfish and Honey Encryption.” International Journal on Recent and Innovation Trends in Computing and Communication, vol. 4, Issue: 6, June. 2016.
R. Gennaro and Y. Lindell. “A framework for password-based authenticated key exchange,” In Advances in CryptologyEUROCRYPT 2003, Springer, 2003, pp 524–543.
S.Schechter, C. Herley and M.Mitzenmacher. “Popularity is everything: a new approach to protecting passwords from statical guressing attacks,” USENIX HotSec, 2010, pp1.
Vence, A. “If your password is 123456, just make it hackme”, The New York Times (2010).
Ziya Alper Genc, Suleyman Kardas, Mehmet Sabir Kiraz. “Examination of a New Defence Mechanism: Honeywords,” Inernational Journal of Engineering Trends and Technology (IJETT), vol. 27, Number 4, Sept. 2015.
Authors who submit papers with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- By submitting the processing fee, it is understood that the author has agreed to our terms and conditions which may change from time to time without any notice.
- It should be clear for authors that the Editor In Chief is responsible for the final decision about the submitted papers; have the right to accept\reject any paper. The Editor In Chief will choose any option from the following to review the submitted papers:A. send the paper to two reviewers, if the results were negative by one reviewer and positive by the other one; then the editor may send the paper for third reviewer or he take immediately the final decision by accepting\rejecting the paper. The Editor In Chief will ask the selected reviewers to present the results within 7 working days, if they were unable to complete the review within the agreed period then the editor have the right to resend the papers for new reviewers using the same procedure. If the Editor In Chief was not able to find suitable reviewers for certain papers then he have the right to reject the paper.
- Author will take the responsibility what so ever if any copyright infringement or any other violation of any law is done by publishing the research work by the author
- Before publishing, author must check whether this journal is accepted by his employer, or any authority he intends to submit his research work. we will not be responsible in this matter.
- If at any time, due to any legal reason, if the journal stops accepting manuscripts or could not publish already accepted manuscripts, we will have the right to cancel all or any one of the manuscripts without any compensation or returning back any kind of processing cost.
- The cost covered in the publication fees is only for online publication of a single manuscript.