140 likes | 268 Vues
Method of Password Security Evaluation. Miloslav Hub, Jan Capek Institut od System Engineering and Informatics Faculty of Economics and Administration University of Pardubice Czech Republic. Access Control Concept.
E N D
Method of Password Security Evaluation Miloslav Hub, Jan CapekInstitut od SystemEngineeringandInformaticsFacultyofEconomicsandAdministration University of Pardubice CzechRepublic
Access Control Concept • Access control - it is a security feature that controls how users and systems communicate and interact with other systems and resources. • Identification and authentication - this combination determines who can or not access/logging in. • Authorization determines what a subject can do. • Accounting identifies whata subject did.
Factors of Password Security • Humanfactors: • Type ofpasswords • Mode the user guards a password
Evaluation of Passwords Security • Decisionsaboutauthentificationimplementation. • Surveys on long-timetrends in passwordsselection. • Surveys in passwordsselection by differenttypesofusers. • Studies on theeffectofdifferentmodes on training in passwordsselection. Currentapproaches: • Expert opinions (weak versus strongpasswords). • Breakingpasswords as a proofofpasswordsweakness. Currentlythereis not exactnumberthatrepresentsthesecuritylevelofsomepassword.
Attack Simulation Model • Sorted set of reduced dictionaries that the attacker can use in the event he wants to break a password in the most effective way. • We can think a brute force attack is like a special kind of a dictionary attack.
Password Security Evaluation • Security of a password is defined as the expected value of number of attempts the impostor has to carry out to break a password.
Empirical Password Survey Czech First Names (490 words), Common Czech Words (382 words), Common Passwords (239 words), Czech First Names - the first character uppercase (490 words), Years 1900 – 2029 (114 words), Common Logins (2,131 words), The Most Commonly Used English Words (391 words), Czech and American Word Combinations (496 words), Word, Personages (437 words), American Women Names (4,414 words),…
Result of our study Pearson correlation coefficient betweenexpecxted and actual frequency of passwords equals 0.94.
Thank you for your attenction. miloslav.hub@upce.cz capek@upce.cz