Related papers: Bernoulli honeywords
With the increasing prevalence of security incidents, the adoption of deception-based defense strategies has become pivotal in cyber security. This work addresses the challenge of scalability in designing honeytokens, a key component of…
Strong passwords are fundamental to the security of password-based user authentication systems. In recent years, much effort has been made to evaluate password strength or to generate strong passwords. Unfortunately, the usability or…
One of the widely used cyber deception techniques is decoying, where defenders create fictitious machines (i.e., honeypots) to lure attackers. Honeypots are deployed to entice attackers, but their effectiveness depends on their…
Some protected password change protocols were proposed. However, the previous protocols were easily vulnerable to several attacks such as denial of service, password guessing, stolen-verifier and impersonation atacks etc. Recently, Chang et…
Many computer-based authentication schemata are based on pass- words. Logging on a computer, reading email, accessing content on a web server are all examples of applications where the identification of the user is usually accomplished…
Weak passwords and availability of supercomputers to password crackers make the financial institutions and businesses at stake. This calls for use of strong passwords and multi factor authentication for secure transactions. Remembering a…
Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers…
A honeypot is a type of security facility deliberately created to be probed, attacked and compromised. It is often used for protecting production systems by detecting and deflecting unauthorized accesses. It is also useful for investigating…
Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems…
A password composition policy restricts the space of allowable passwords to eliminate weak passwords that are vulnerable to statistical guessing attacks. Usability studies have demonstrated that existing password composition policies can…
Although it is common for users to select bad passwords that can be easily cracked by attackers, password-based authentication remains the most widely-used method. To encourage users to select good passwords, enterprises often enforce…
The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In…
Privacy is of the utmost concern when it comes to releasing data to third parties. Data owners rely on anonymization approaches to safeguard the released datasets against re-identification attacks. However, even with strict anonymization in…
System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute…
Honeypot is an important cyber defense technique that can expose attackers new attacks. However, the effectiveness of honeypots has not been systematically investigated, beyond the rule of thumb that their effectiveness depends on how they…
Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social…
The rapid evolution of cyber threats necessitates innovative solutions for detecting and analyzing malicious activity. Honeypots, which are decoy systems designed to lure and interact with attackers, have emerged as a critical component in…
In this age of digitalization, Internet services face more attacks than ever. An attacker's objective is to exploit systems and use them for malicious purposes. Such efforts are rising as vulnerable systems can be discovered and compromised…
In today's world password are mostly used for authentication. This makes them prone to various kinds of attacks like dictionary attacks. A dictionary attack is a method of breaking the password by systematically entering every word in a…
Designing an efficient protocol for avoiding the threat of recording based attack in presence of a powerful eavesdropper remains a challenge for more than two decades. During authentication, the absence of any secure link between the prover…