Shadow Attacks Based on Password Reuses: A Quantitative Empirical Analysis - 2018


With the proliferation of internet sites, the protection level of password-protected accounts is now not purely determined by individual ones. Users may register multiple accounts on the same web site or across multiple sites, and these passwords from the identical users are probably to be the same or similar. Thus, an adversary can compromise the account of a user on a.Net forum, then guess the accounts of the identical user in sensitive accounts, e.g., online banking services, whose accounts might have the same or even stronger passwords. We name this attack as the shadow attack on passwords. To perceive things, we tend to examined the state-ofthe-art Intra-Site Password Reuses (ISPR) and Cross-Website Password Reuses (CSPR) based on the leaked passwords from the most important Web user cluster (i.e., 668 million members in China). With a collection of regarding seventy million real-world.Net passwords across four large websites in China, we have a tendency to obtained around 4.6 million distinct users who have multiple accounts on the identical site or across different sites. We have a tendency to found that for the users with multiple accounts in a very single website, 59.seventy two p.c reused their passwords and for the users with multiple accounts on multiple websites, thirty three.sixteen + eight.91 p.c reused their passwords across websites. For the users that have multiple accounts however completely different passwords, the set of passwords of the same user exhibits patterns that may help password guessing: a leaked weak password reveals partial info of a robust one, which degrades the strength of the strong one. Given the aforementioned findings, we conducted an experiment and achieved a 39.thirty eight percent improvement of guessing success rate with John the Ripper guessing tool. To the most effective of our information, we have a tendency to are the primary to supply a giant-scale, empirical, and quantitative measurement of web password reuses, particularly ISPR, and streamline the severity of such threat in the $64000 world.

Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here

PROJECT TITLE : Attention in Reasoning Dataset, Analysis, and Modeling ABSTRACT: Although attention has become an increasingly popular component in deep neural networks for the purpose of both interpreting data and improving
PROJECT TITLE :A Physics-Based Deep Learning Approach to Shadow Invariant Representations of Hyperspectral Images - 2018ABSTRACT:This Project proposes the Relit Spectral AngleStacked Autoencoder, a novel unsupervised feature
PROJECT TITLE :Cost-Optimal Caching for D2D Networks With User Mobility: Modeling, Analysis, and Computational Approaches - 2018ABSTRACT:Caching well-liked files at the user equipments (UEs) provides an efficient way to alleviate
PROJECT TITLE :Design, Analysis, and Implementation of ARPKI: An Attack-Resilient Public-Key Infrastructure - 2018ABSTRACT:This Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is based on a weakest-link security
PROJECT TITLE : shadow detection of man made buildings in high resolution panchromatic satellite images - 2014 ABSTRACT: High-resolution satellite imagery is considered an wonderful candidate for extracting info regarding the

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry