Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Examination of a New Defense Mechanism: Honeywords
Genç, Ziya Alper; Kardaş, Süleyman; Kiraz
2017In Proceedings of the 11th WISTP International Conference on Information Security Theory and Practice
Peer reviewed
 

Files


Full Text
honeywords_wistp.pdf
Author postprint (435.71 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
passwords; cracking; honeywords; code modification
Abstract :
[en] Past experiences show us that password breach is still one of the main methods of attackers to obtain personal or sensitive user data. Basically, assuming they have access to list of hashed passwords, they apply guessing attacks, i.e., attempt to guess a password by trying a large number of possibilities. We certainly need to change our way of thinking and use a novel and creative approach in order to protect our passwords. In fact, there are already novel attempts to provide password protection. The Honeywords system of Juels and Rivest is one of them which provides a detection mechanism for password breaches. Roughly speaking, they propose a method for password-based authentication systems where fake passwords, i.e., "honeywords" are added into a password file, in order to detect impersonation. Their solution includes an auxiliary secure server called "honeychecker" which can distinguish a user's real password among her honeywords and immediately sets off an alarm whenever a honeyword is used. However, they also pointed out that their system needs to be improved in various ways by highlighting some open problems. In this paper, after revisiting the security of their proposal, we specifically focus on and aim to solve a highlighted open problem, i.e., active attacks where the adversary modifies the code running on either the login server or the honeychecker.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Computer science
Author, co-author :
Genç, Ziya Alper ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Kardaş, Süleyman
Kiraz
External co-authors :
yes
Language :
English
Title :
Examination of a New Defense Mechanism: Honeywords
Publication date :
2017
Event name :
11th WISTP International Conference on Information Security Theory and Practice
Event date :
28-29 September 2017
Audience :
International
Main work title :
Proceedings of the 11th WISTP International Conference on Information Security Theory and Practice
Publisher :
Springer
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 27 November 2017

Statistics


Number of views
167 (6 by Unilu)
Number of downloads
536 (6 by Unilu)

Scopus citations®
 
16
Scopus citations®
without self-citations
16

Bibliography


Similar publications



Contact ORBilu