1 / 7

Targeted Online Password Guessing: An Underestimated Threat

Targeted Online Password Guessing: An Underestimated Threat. Ding Wang, Zijian Zhang, Ping Wang (Peking University,China) Jeff Yan (Lancaster University, UK) Xinyi Huang (Fujian Normal University, China). ACM CCS 2016. Five Chinese datasets, Five English ones

carlo
Télécharger la présentation

Targeted Online Password Guessing: An Underestimated Threat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Targeted Online Password Guessing: An Underestimated Threat Ding Wang, Zijian Zhang, Ping Wang (Peking University,China) Jeff Yan (Lancaster University, UK) Xinyi Huang (Fujian Normal University, China) ACM CCS 2016

  2. Five Chinese datasets, Five English ones A total of 95.83 million Real-world password datasets

  3. Three Chinese ones, One English Finally, we get 7 PII-associated datasets by by matching email with password datasets. Real-world personal info datasets

  4. Experimental results on normal users • With 100 guesses, • TarGuess-I outperforms Personal-PCFG by 46%; • TarGuess-II outperforms Das et al. ‘s by 72%; • Both TarGuess-III and IV gain 73%+ success rates.

  5. Experimental results on security-savvy users • With 100 guesses, • TarGuess-I outperforms Personal-PCFG by 142%; • TarGuess-II outperforms Das et al. ‘s by 169%; • Both TarGuess-III and IV gain 32%+ success rates.

  6. Experimental results ——A further validation • Cracking real Xiaomi cloud accounts • 5.3K Xiaomi MD5-salted hashes, obtained by matching the 8.28 million Xiaomi dataset with the 130K 12306 dataset using email. Very consistent results with these plaintext-based experiments on normal users.

  7. THANK YOU & QUESTIONS

More Related