1 / 12

Method of Password Security Evaluation

Method of Password Security Evaluation. Miloslav Hub, Jan Capek Institut od System Engineering and Informatics Faculty of Economics and Administration University of Pardubice Czech Republic. Access Control Concept.

tadeo
Télécharger la présentation

Method of Password Security Evaluation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Method of Password Security Evaluation Miloslav Hub, Jan CapekInstitut od SystemEngineeringandInformaticsFacultyofEconomicsandAdministration University of Pardubice CzechRepublic

  2. Access Control Concept • Access control - it is a security feature that controls how users and systems communicate and interact with other systems and resources. • Identification and authentication - this combination determines who can or not access/logging in. • Authorization determines what a subject can do. • Accounting identifies whata subject did.

  3. Factors of Password Security • Humanfactors: • Type ofpasswords • Mode the user guards a password

  4. Evaluation of Passwords Security • Decisionsaboutauthentificationimplementation. • Surveys on long-timetrends in passwordsselection. • Surveys in passwordsselection by differenttypesofusers. • Studies on theeffectofdifferentmodes on training in passwordsselection. Currentapproaches: • Expert opinions (weak versus strongpasswords). • Breakingpasswords as a proofofpasswordsweakness. Currentlythereis not exactnumberthatrepresentsthesecuritylevelofsomepassword.

  5. Attack Simulation Model • Sorted set of reduced dictionaries that the attacker can use in the event he wants to break a password in the most effective way. • We can think a brute force attack is like a special kind of a dictionary attack.

  6. Password Security Evaluation • Security of a password is defined as the expected value of number of attempts the impostor has to carry out to break a password.

  7. Empirical Password Survey Czech First Names (490 words), Common Czech Words (382 words), Common Passwords (239 words), Czech First Names - the first character uppercase (490 words), Years 1900 – 2029 (114 words), Common Logins (2,131 words), The Most Commonly Used English Words (391 words), Czech and American Word Combinations (496 words), Word, Personages (437 words), American Women Names (4,414 words),…

  8. Correlation of Password Characters

  9. Result of our study Pearson correlation coefficient betweenexpecxted and actual frequency of passwords equals 0.94.

  10. Keystroke dynamics

  11. Our results

  12. Thank you for your attenction. miloslav.hub@upce.cz capek@upce.cz

More Related