1. bookVolumen 22 (2022): Edición 2 (June 2022)
Detalles de la revista
License
Formato
Revista
eISSN
1314-4081
Primera edición
13 Mar 2012
Calendario de la edición
4 veces al año
Idiomas
Inglés
access type Acceso abierto

A Scrutiny of Honeyword Generation Methods: Remarks on Strengths and Weaknesses Points

Publicado en línea: 23 Jun 2022
Volumen & Edición: Volumen 22 (2022) - Edición 2 (June 2022)
Páginas: 3 - 25
Recibido: 25 Jan 2022
Aceptado: 25 Feb 2022
Detalles de la revista
License
Formato
Revista
eISSN
1314-4081
Primera edición
13 Mar 2012
Calendario de la edición
4 veces al año
Idiomas
Inglés
Abstract

Honeyword system is a successful password cracking detection system. Simply the honeywords are (False passwords) that are accompanied to the sugarword (Real password). Honeyword system aims to improve the security of hashed passwords by facilitating the detection of password cracking. The password database will have many honeywords for every user in the system. If the adversary uses a honeyword for login, a silent alert will indicate that the password database might be compromised. All previous studies present a few remarks on honeyword generation methods for max two preceding methods only. So, the need for one that lists all preceding researches with their weaknesses is shown. This work presents all generation methods then lists the strengths and weaknesses of 26 ones. In addition, it puts 32 remarks that highlight their strengths and weaknesses points. This research has proved that every honeyword generation method has many weaknesses points.

Keywords

1. Mohammed, A. A., A. K. Abdul-Hassan, B. S. Mahdi. Authentication System Based on Hand Writing Recognition. – In: Proc. of 2nd Scientific Conference of Computer Sciences (SCCS’19), March 2019, pp. 138-142. DOI: 10.1109/SCCS.2019.8852594. Abierto DOISearch in Google Scholar

2. Mukthineni, V., R. Mukthineni, O. Sharma, S. J. Narayanan. Face Authenticated Hand Gesture Based Human Computer Interaction for Desktops. – Cybernetics and Information Technologies, Vol. 20, 2020, No 4, pp. 74-89.10.2478/cait-2020-0048 Search in Google Scholar

3. Ahmed Tariq Sadiq, A. A. A., Sura Ali. Attacking Classical Cryptography Method Using Pso Based on Variable Neighborhood Search. – International Journal of Computer Engineering & Technology (IJCET), 2014. https://www.iaeme.com/ijcet.asp Search in Google Scholar

4. Qasaimeh, M., R. S. Al-qassas, S. Aljawarneh. Recent Development in Smart Grid Authentication Approaches : A Systematic Literature Review. – Cybernetics and Information Technologies, Vol. 19, 2019, No 1, pp. 27-52.10.2478/cait-2019-0002 Search in Google Scholar

5. Alaa Kadhim, F., H. I. Mhaibes. A New Initial Authentication Scheme for Kerberos 5 Based on Biometric Data and Virtual Password. – In: Proc. of International Conference on Advanced Science and Engineering (ICOASE’18), 2018, pp. 280-285. DOI: 10.1109/ICOASE.2018.8548852. Abierto DOISearch in Google Scholar

6. Sadiq, A. T., L. Ali. Attacking Transposition Cipher Using Improved Cuckoo Search. – Journal of Advanced Computer Science and Technology Research, Vol. 4, 2014, No 1, pp. 22-32. http://www.sign-ific-ance.co.uk/index.php/JACSTR/article/view/385 Search in Google Scholar

7. Chaudhari, S., R. Aparna, A. Rane. A Survey on Proxy Re-Signature Schemes for Translating One Type of Signature to Another. – Cybernetics and Information Technologies, Vol. 21, 2021, No 3, pp. 24-49.10.2478/cait-2021-0028 Search in Google Scholar

8. Abed, T. M., H. B. Abdul-Wahab. Anti-Phishing System Using Intelligent Techniques. – In: Proc. of 2nd Scientific Conference of Computer Sciences (SCCS’19), March 2019, pp. 44-50. DOI: 10.1109/SCCS.2019.8852601. Abierto DOISearch in Google Scholar

9. Genç, Z. A., S. Kardaş, M. S. Kiraz. Examination of a New Defense Mechanism: Honeywords. –Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 10741. G. P. Hancke, E. Damiani, Eds. Cham, Springer International Publishing, 2018, pp. 130-139. Search in Google Scholar

10. Kute, S., V. Thite, S. Chopade. Achieving Security using Honeyword. – Int. J. Comput. Appl., Vol. 180, Jun 2018, No 49, pp. 43-47. DOI: 10.5120/ijca2018917333. Abierto DOISearch in Google Scholar

11. Win, T., K. S. M. Moe. Protecting Private Data Using Improved Honey Encryption and Honeywords Generation Algorithm. – Adv. Sci. Technol. Eng. Syst., Vol. 3, 2018, No 5, pp. 311-320. DOI: 10.25046/aj030537. Abierto DOISearch in Google Scholar

12. Chakraborty, N., S. Mondal. Towards Improving Storage Cost and Security Features of Honeyword Based Approaches. – Procedia Comput. Sci., Vol. 93, 2016, No September, pp. 799-807. DOI: 10.1016/j.procs.2016.07.298. Abierto DOISearch in Google Scholar

13. Kusuma, A. B., Y. R. Pramadi. Implementation of Honeywords as a Codeigniter Library for a Solution to Password-Cracking Detection. – In: Proc. of IOP Conf. Ser. Mater. Sci. Eng., Vol. 508, May 2019, No 1, 012134. DOI: 10.1088/1757-899X/508/1/012134. Abierto DOISearch in Google Scholar

14. Juels, A., R. L. Rivest. Honeywords: Making Password-Cracking Detectable. – In: Proc. of 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS’13), 2013, No October 2015, pp. 145-160. DOI: 10.1145/2508859.2516671. Abierto DOISearch in Google Scholar

15. Erguler, I. Some Remarks on Honeyword Based Password-Cracking Detection. – IACR Cryptol. ePrint Arch., Vol. 2014, 2014, 323. https://eprint.iacr.org/2014/323.pdf Search in Google Scholar

16. Thakur, P. V. Honeywords: The New Approach for Password Security. – Int. J. Res. Appl. Sci. Eng. Technol., Vol. 7, April 2019, No 4, pp. 2449-2450. DOI: 10.22214/ijraset.2019.4446. Abierto DOISearch in Google Scholar

17. Ghare, H. Securing System Using Honeyword and MAC Address. – Int. J. Res. Appl. Sci. Eng. Technol., Vol. 7, May 2019, No 5, pp. 2685-2689. DOI: 10.22214/ijraset.2019.5446. Abierto DOISearch in Google Scholar

18. Wang, R., H. Chen, J. Sun. Phoney: Protecting Password Hashes with Threshold Cryptology and Honeywords. – Int. J. Embed. Syst., Vol. 8, 2016, No 2-3, pp. 146-154. DOI: 10.1504/IJES.2016.076108. Abierto DOISearch in Google Scholar

19. Palaniappan, S., V. Parthipan, S. Stewart Kirubakaran, R. Johnson. Secure User Authentication Using Honeywords. – Lecture Notes on Data Engineering and Communications Technologies, Vol. 31, 2020, pp. 896-903.10.1007/978-3-030-24643-3_105 Search in Google Scholar

20. Suryawanshi, B. D., P. B. Tayade, A. V. Patil, J. B. Patil, D. V. Rajput. Enhancing the Security Using Honeywords. – IJIRCT1601039 Int. J. Innov. Res. Creat. Technol., Vol. 208, 2017, No 6, pp. 208-211. www.ijirct.org Search in Google Scholar

21. Guo, Y., Z. Zhang, Y. Guo. Superword: A Honeyword System for Achieving Higher Security Goals. – Comput. Secur., Vol. 103, April 2021, 101689. DOI: 10.1016/j.cose.2019.101689. Abierto DOISearch in Google Scholar

22. Lanjulkar Pritee, I. V., I. Rupali, L. Arti. Honeywords : A New Approach for Enhancing Security. – Int. Res. J. Eng. Technol., Vol. 06, 2019, No 03, pp. 1360-1363. https://www.irjet.net/archives/V6/i3/IRJET-V6I3256.pdf Search in Google Scholar

23. Sivaji, N., K. S. Yuvaraj. Improving Usability of Password Management with Storage Optimized Honeyword Generation. – Int. J. Sci. Res. Sci. Technol., Vol. 4, 2018, No 5, pp. 55-60. DOI: 10.32628/IJSRST184531. Abierto DOISearch in Google Scholar

24. Pagar, V. R., R. G. Pise. Strengthening Password Security through Honeyword and Honeyencryption Technique. – In: Proc. of Int. Conf. Trends Electron. Informatics, ICEI 2017, Vol. 2018-January, 2018, pp. 827-831. DOI: 10.1109/ICOEI.2017.8300819. Abierto DOISearch in Google Scholar

25. H. R. B. B. S. J. Web Application: (with) HoneyWords and HoneyEncryption. – Int. J. Sci. Res., Vol. 4, 2015, No 2, pp. 2313-2316. https://www.ijsr.net/archive/v4i2/SUB151773.pdf Search in Google Scholar

26. Genç, Z. A., G. Lenzini, P. Y. A. Ryan, I. Vazquez Sandoval. A Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack. –Communications in Computer and Information Science, Vol. 977, 2019, pp. 125-151.10.1007/978-3-030-25109-3_7 Search in Google Scholar

27. Brindtha, J., K. R. Hithaeishini, R. Komala, G. Abirami, U. Arul. Identification and Detecting of Attacker in a Purchase Portal Using Honeywords. – In: Proc. of 3rd IEEE Int. Conf. Sci. Technol. Eng. Manag. (ICONSTEM’17), Vol. 2018-January, 2017, pp. 389-393. DOI: 10.1109/ICONSTEM.2017.8261414. Abierto DOISearch in Google Scholar

28. Bamane, S. Achieving Flatness Using Honeywords Generation Algorithm. – Int. J. Res. Appl. Sci. Eng. Technol., Vol. 7, May 2019, No 5, pp. 3491-3496. DOI: 10.22214/ijraset.2019.5572. Abierto DOISearch in Google Scholar

29. Catuogno, L., A. Castiglione, F. Palmieri. A Honeypot System with Honeyword-Driven Fake Interactive Sessions. – In: Proc. of Int. Conf. High Perform. Comput. Simulation (HPCS’15), 2015, pp. 187-194. DOI: 10.1109/HPCSim.2015.7237039. Abierto DOISearch in Google Scholar

30. Fauzi, M. A., B. Yang, E. Martiri. Password Guessing-Based Legacy-UI Honeywords Generation Strategies for Achieving Flatness. – In: Proc. of 44th IEEE Annu. Comput. Software, Appl. Conf. (COMPSAC’20), 2020, pp. 1610-1615. DOI: 10.1109/COMPSAC48688.2020.00-25. Abierto DOISearch in Google Scholar

31. Gadgil, M. A. A. Enhancing Security in User Authentication through Honeyword. – Int. J. Sci. Res. Manag., Vol. 4, Jun 2016, No 6, pp. 4347-4350. DOI: 10.18535/ijsrm/v4i6.17. Abierto DOISearch in Google Scholar

32. Nathezhtha, T., V. Vaidehi. Honeyword with Salt-Chlorine Generator to Enhance Security of Cloud User Credentials. – Commun. Comput. Inf. Sci., Vol. 746, 2017, pp. 159-169. DOI: 10.1007/978-981-10-6898-0_13. Abierto DOISearch in Google Scholar

33. Moe, K. S. M., T. Win. Improved Hashing and Honey-Based Stronger Password Prevention against Brute Force Attack. – In: Proc. of International Symposium on Electronics and Smart Devices (ISESD’17), Vol. 2018-January, October 2017, pp. 1-5. DOI: 10.1109/ISESD.2017.8253295. Abierto DOISearch in Google Scholar

34. Shamini, P. B., E. Dhivya, S. Jayasree, M. P. Lakshmi. Detection and Avoidance of Attacker Using Honey Words in Purchase Portal. – In: Proc. of 3rd International Conference on Science Technology Engineering & Management (ICONSTEM’17), Vol. 2018-January, March 2017, pp. 260-263. DOI: 10.1109/ICONSTEM.2017.8261290. Abierto DOISearch in Google Scholar

35. Wang, D., H. Cheng, P. Wang, J. Yan, X. Huang. A Security Analysis of Honeywords. – In: Proc. of NDSS-Symposium, 2018, No February. DOI: 10.14722/ndss.2018.12345. https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_02B-2_Wang_paper.pdf Abierto DOISearch in Google Scholar

36. Karthik, A., M. D. Kamalesh. Rat Trap: Inviting, Detection & Identification of Attacker Using Honey Words in Purchase Portal. – In: Proc. of 3rd International Conference on Science Technology Engineering & Management (ICONSTEM’17), Vol. 2018-January, March 2017, pp. 130-132. DOI: 10.1109/ICONSTEM.2017.8261268. Abierto DOISearch in Google Scholar

37. Juels, A. A Bodyguard of Lies. – In: Proc. of 19th ACM Symposium on Access Control Models and Technologies (SACMAT’14), 2014, pp. 1-4. DOI: 10.1145/2613087.2613088. Abierto DOISearch in Google Scholar

38. Shinde, P. D., S. H. Patil. Secured Password Using Honeyword Encryption. – Iioab J., Vol. 9, 2018, No 2, SI, pp. 78-82. https://www.iioab.org/IIOABJ_9.2_78-82.pdf Search in Google Scholar

39. Genç, Z. A., G. Lenzini, P. Y. A. Ryan, I. V. Sandoval. A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System. – In: Proc. of 4th International Conference on Information Systems Security and Privacy, Vol. 2018-January, 2018, No Icissp, pp. 83-95. DOI: 10.5220/0006609100830095. Abierto DOISearch in Google Scholar

40. Zhang, Y., F. Monrose, M. K. Reiter. The Security of Modern Password Expiration. – In: Proc. of 17th ACM Conference on Computer and Communications Security (CCS’10), 2010, 176. DOI: 10.1145/1866307.1866328. Abierto DOISearch in Google Scholar

41. Weir, M., S. Aggarwal, B. De Medeiros, B. Glodek. Password Cracking Using Probabilistic Context-Free Grammars. – In: Proc. of IEEE Symposium on Security and Privacy, May 2009, pp. 391-405. DOI: 10.1109/SP.2009.8. Abierto DOISearch in Google Scholar

42. Bojinov, H., E. Bursztein, X. Boyen, D. Boneh. Kamouflage: Loss-Resistant Password Management,” – Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 6345 LNCS, 2010, pp. 286-302. Search in Google Scholar

43. Erguler, I. Achieving Flatness: Selecting the Honeywords from Existing User Passwords. – IEEE Trans. Dependable Secur. Comput., Vol. 13, March 2015, No 2, pp. 284-295. DOI: 10.1109/TDSC.2015.2406707. Abierto DOISearch in Google Scholar

44. Chakraborty, N., S. Mondal. Few Notes towards Making Honeyword System More Secure and Usable. – In: Proc. of Int. ACM Conf. Ser., Vol. 08-10-September, 2015, No September 2015. DOI: 10.1145/2799979.2799992. Abierto DOISearch in Google Scholar

45. Akshaya, K., S. Dhanabal. Achieving Flatness from Non-Realistic Honeywords. – In: Proc. of International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS’17), March 2017, pp. 1-3. DOI: 10.1109/ICIIECS.2017.8276120. Abierto DOISearch in Google Scholar

46. Chakraborty, N., S. Mondal. On Designing a Modified-UI Based Honeyword Generation Approach for Overcoming the Existing Limitations. – Comput. Secur., Vol. 66, 2017, pp. 155-168. DOI: 10.1016/j.cose.2017.01.011. Abierto DOISearch in Google Scholar

47. Chor, A., A. Gawali, A. Mohite, M. Tanpure, P. S. P. B., P. T. P. B. Improving Security Using Honeyword for Online Banking Authentication System. – IJARCCE, Vol. 6, March 2017, No 3, pp. 976-978. DOI: 10.17148/IJARCCE.2017.63226. Abierto DOISearch in Google Scholar

48. Akshima, A., D. Chang, A. Goel, S. Mishra, S. K. Sanadhya. Generation of Secure and Reliable Honeywords, Preventing False Detection. – In: IEEE Trans. Dependable Secur. Comput. Vol. 5971. No c. 2018, pp. 1-13. DOI: 10.1109/TDSC.2018.2824323. Abierto DOISearch in Google Scholar

49. Chakraborty, N., S. Singh, S. Mondal. On Designing a Questionnaire Based Honeyword Generation Approach for Achieving Flatness. – In: Proc. of 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE’18), August 2018, pp. 444-455. DOI: 10.1109/TrustCom/BigDataSE.2018.00071. Abierto DOISearch in Google Scholar

50. Akif, O. Z., A. F. Sabeeh, G. J. Rodgers, H. S. Al-Raweshidy. Achieving Flatness: Honeywords Generation Method for Passwords Based on User Behaviours. – Int. J. Adv. Comput. Sci. Appl., Vol. 10, 2019, No 3, pp. 28-37. DOI: 10.14569/IJACSA.2019.0100305. Abierto DOISearch in Google Scholar

51. Fauzi, M. A., B. Yang, E. Martiri. PassGAN Based Honeywords System for Machine-Generated Passwords Database. – In: Proc. of 6th IEEE Intl. Conf. Big Data Secur. Cloud, BigDataSecurity 2020, 2020 IEEE Intl. Conf. High Perform. Smart Comput. HPSC 2020 2020 IEEE Intl Conf. Intell. Data Secur. IDS 2020, pp. 214-220, 2020. DOI: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00046. Abierto DOISearch in Google Scholar

52. Hitaj, B., P. Gasti, G. Ateniese, F. Perez-Cruz. PassGAN: A Deep Learning Approach for Password Guessing. – Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 11464 LNCS, 2019, pp. 217-237. DOI: 10.1007/978-3-030-21568-2_11. Abierto DOISearch in Google Scholar

53. Goodfellow, I. et al. Generative Adversarial Networks. – Communications of the ACM, Vol. 63, 2020, No 11. pp. 139-144. DOI: 10.1145/3422622. Abierto DOISearch in Google Scholar

54. Gulrajani, I., F. Ahmed, M. Arjovsky, V. Dumoulin, A. Courville. Improved Training of Wasserstein GANs. – Advances in Neural Information Processing Systems, Vol. 2017-December, 2017, pp. 5768-5778. Search in Google Scholar

55. Qi, P., W. Zhou, J. Han. A Method for Stochastic L-BFGS Optimization. – In: Proc. of 2nd IEEE International Conference on Cloud Computing and Big Data Analysis (ICCCBDA’17), 2017, pp. 156-160. DOI: 10.1109/ICCCBDA.2017.7951902. Abierto DOISearch in Google Scholar

Artículos recomendados de Trend MD

Planifique su conferencia remota con Sciendo