Computer Science ›› 2015, Vol. 42 ›› Issue (11): 222-227.doi: 10.11896/j.issn.1002-137X.2015.11.046

Previous Articles     Next Articles

Password Strength Metric Based Classification Proactive Model

SHEN Ying, LIAO Liu-cheng and DONG Tian-yang   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Refusing user-defined weak password is an important means to protect information system.Different from rule based proactive password checker,we proposed a combination password proactive classification model.The model firstly uses Markov model and constructes effective password strength metric integrating typical password strength factors such as length,frequency and first letter.Then strength metric assesses each password and grades them with suitable threshold values.The model deployes multilevel bloom filter to record classification result.It not only reduces time-consuming in password strength assessment and retrieval,but also keeps proactive model and graded password in secret.Experimental results show that password strength evaluation results are reasonable compared with other metrics,and classification result can across password datasets.

Key words: Password strength metric,Combination model,Proactive model

[1] The Evolution of the Password — And Why It’s Still Far From Safe.http://mashable.com/2013/12/30/history-of-the-password/
[2] Jakobsson M,Dhiman M.The benefits of understanding passwords[M]∥Mobile Authentication.Springer New York,2013:5-24
[3] Ma J,Yang W,Luo M,et al.A study of probabilistic password models[C]∥Proceedings of the 2014 IEEE Symposium on Security and Privacy.IEEE Computer Society,2014:689-704
[4] Weir M,Aggarwal S,De Medeiros B,et al.Password crackingusing probabilistic context-free grammars[C]∥ 2009 30th IEEE Symposium on Security and Privacy.IEEE,2009:391-405
[5] Veras R,Collins C,Thorpe J.On the semantic patterns of passwords and their security impact[C]∥Network and Distributed System Security Symposium (NDSS’14).2014
[6] Cheng Ying,Gao Qing-de.Study of the hole of strong password authentication protocol[J].Computer Science,2009,6(10):106-116
[7] Wang Ding,Ma Chun-guang,Zhang Qi-ming,et al.Attacks and improvements on a strong-password authentication scheme [J].Computer Science,2012,9(6):72-76
[8] Juels A,Rivest R L.Honeywords:Making password cracking detectable[C]∥Proceedings of the 2013 ACM SIGSAC Confe-rence on Computer & Communications Security.ACM,2013:145-160
[9] Genc Z A,Kardas S,Kiraz M S.Examination of a New Defense Mechanism:Honeywords[R].IACR Cryptology ePrint Archive,2013
[10] Bojinov H,Sanchez D,Reber P J,et al.Neuroscience MeetsCryptography:Designing Crypto Primitives Secure Against Rubber Hose Attacks[C]∥USENIX Security Symposium.2012:129-141
[11] Castelluccia C,Dürmuth M,Perito D.Adaptive Password-Strength Meters from Markov Models[C]∥NDSS.2012
[12] Burr W E,Dodson D F,Polk W T.Electronic authenticationguideline[R].NIST special publication 800-63,2006
[13] de Carnavalet X C,Mannan M.From very weak to very strong:Analyzing password-strength meters[C]∥Proceedings of the Network and Distributed System Security Symposium.2014
[14] Spafford E H.Opus:Preventing weak password choices[J].Computers & Security,1992,11(3):273-278
[15] Davies C,Ganesan R.Bapasswd:A new proactive passwordchecker[C]∥16th National Computer Security Conference.1993:1-15
[16] Vijaya M S,Jamuna K S,Karpagavalli S.Password strength prediction using supervised machine learning techniques[C]∥International Conference on Advances in Computing,Control,& Telecommunication Technologies,2009(ACT’09).IEEE,2009:401-405
[17] Blundo C,D’Arco P,Santis A D,et al.A Novel Approach to Proactive Password Checking[J].Computer Science,2002,2437:30-39

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!