English
Related papers

Related papers: Multi-user guesswork and brute force security

200 papers

We consider an abstraction of computational security in password protected systems where a user draws a secret string of given length with i.i.d. characters from a finite alphabet, and an adversary would like to identify the secret string…

Information Theory · Computer Science 2017-12-27 Arman Rezaee , Ahmad Beirami , Ali Makhdoumi , Muriel Medard , Ken Duffy

Given a collection of strings, each with an associated probability of occurrence, the guesswork of each of them is their position in a list ordered from most likely to least likely, breaking ties arbitrarily. Guesswork is central to several…

Information Theory · Computer Science 2019-08-12 Ahmad Beirami , Robert Calderbank , Mark Christiansen , Ken Duffy , Muriel Médard

Consider the situation where a word is chosen probabilistically from a finite list. If an attacker knows the list and can inquire about each word in turn, then selecting the word via the uniform distribution maximizes the attacker's…

Information Theory · Computer Science 2013-05-14 Mark M. Christiansen , Ken R. Duffy , Flavio du Pin Calmon , Muriel Medard

Consider the problem of guessing the realization of a random vector $\textbf{X}$ by repeatedly submitting queries (guesses) of the form "Is $\textbf{X}$ equal to $\textbf{x}$?" until an affirmative answer is obtained. In this setup, a key…

Information Theory · Computer Science 2018-11-13 Neri Merhav , Asaf Cohen

We study a notion of guesswork, where multiple agents intend to launch a coordinated brute-force attack to find a single binary secret string, and each agent has access to side information generated through either a BEC or a BSC. The…

Information Theory · Computer Science 2017-05-29 Salman Salamatian , Ahmad Beirami , Asaf Cohen , Muriel Médard

In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20\% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have…

Information Theory · Computer Science 2019-07-02 Salman Salamatian , Wasim Huleihel , Ahmad Beirami , Asaf Cohen , Muriel Médard

The guesswork refers to the distribution of the minimum number of trials needed to guess a realization of a random variable accurately. In this study, a non-trivial generalization of the guesswork called guessing cost (also referred to as…

Information Theory · Computer Science 2023-12-11 Suayb S. Arslan , Elif Haytaoglu

The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In…

Cryptography and Security · Computer Science 2024-03-18 Saul Johnson , João F. Ferreira , Alexandra Mendes , Julien Cordry

A guessing wiretapper's performance on a Shannon cipher system is analyzed for a source with memory. Close relationships between guessing functions and length functions are first established. Subsequently, asymptotically optimal encryption…

Information Theory · Computer Science 2016-11-17 Rajesh Sundaresan

Text password has served as the most popular method for user authentication so far, and is not likely to be totally replaced in foreseeable future. Password authentication offers several desirable properties (e.g., low-cost, highly…

Cryptography and Security · Computer Science 2022-12-27 Lam Tran , Thuc Nguyen , Changho Seo , Hyunil Kim , Deokjai Choi

How hard is it guess a password? Massey showed that that the Shannon entropy of the distribution from which the password is selected is a lower bound on the expected number of guesses, but one which is not tight in general. In a series of…

Information Theory · Computer Science 2013-02-12 Mark M. Christiansen , Ken R. Duffy

Choosing a hard-to-guess secret is a prerequisite in many security applications. Whether it is a password for user authentication or a secret key for a cryptographic primitive, picking it requires the user to trade-off usability costs with…

Computer Science and Game Theory · Computer Science 2015-05-12 MHR Khouzani , Piotr Mardziel , Carlos Cid , Mudhakar Srivatsa

A central challenge in password security is to characterize the attacker's guessing curve i.e., what is the probability that the attacker will crack a random user's password within the first $G$ guesses. A key challenge is that the guessing…

Cryptography and Security · Computer Science 2022-09-22 Jeremiah Blocki , Peiyuan Liu

Satisfiability solvers are increasingly playing a key role in software verification, with particularly effective use in the analysis of security vulnerabilities. String processing is a key part of many software applications, such as…

Computational Complexity · Computer Science 2009-03-17 Susmit Jha , Sanjit A. Seshia , Rhishikesh Limaye

A password composition policy restricts the space of allowable passwords to eliminate weak passwords that are vulnerable to statistical guessing attacks. Usability studies have demonstrated that existing password composition policies can…

Cryptography and Security · Computer Science 2013-02-26 Jeremiah Blocki , Saranga Komanduri , Ariel Procaccia , Or Sheffet

Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social…

Cryptography and Security · Computer Science 2017-09-26 Nicholas Micallef , Nalin Asanka Gamagedara Arachchilage

This paper proposes an operational measure of non-stochastic information leakage to formalize privacy against a brute-force guessing adversary. The information is measured by non-probabilistic uncertainty of uncertain variables, the…

Information Theory · Computer Science 2021-07-05 Ni Ding , Farhad Farokhi

Strings form a fundamental data type in computer systems. String searching has been extensively studied since the inception of computer science. Increasingly many applications have to deal with imprecise strings or strings with fuzzy…

Databases · Computer Science 2015-09-30 Sharma V. Thankachan , Manish Patil , Rahul Shah , Sudip Biswas

Modern authentication systems store hashed values of passwords of users using cryptographic hash functions. Therefore, to crack a password an attacker needs to guess a hash function input that is mapped to the hashed value, as opposed to…

Cryptography and Security · Computer Science 2019-11-28 Yair Yona , Suhas Diggavi

A string is sent over a noisy channel that erases some of its characters. Knowing the statistical properties of the string's source and which characters were erased, a listener that is equipped with an ability to test the veracity of a…

Information Theory · Computer Science 2013-11-27 Mark M. Christiansen , Ken R. Duffy , Flavio du Pin Calmon , Muriel Medard
‹ Prev 1 2 3 10 Next ›