Dynamic User-Dependent Technique for Robust Multi-Password Generation Against Offline Cracking Attacks

Azubuike I. Erike¹ , Augustine C. Azubogu² , Kenneth A. Akpado³ , Chukwudi O. Arinze⁴ , Yusuf U. Mshelia⁵

1. Dept. of Software Engineering, Federal University of Technology, Owerri, Nigeria.
2. Dept. of Electronic and Computer Engineering, Nnamdi Azikiwe University, Awka, Nigeria.
3. Dept. of Electronic and Computer Engineering, Nnamdi Azikiwe University, Awka, Nigeria.
4. Dept. of Computer Engineering, Gregory University, Uturu, Nigeria.
5. Dept. of Software Engineering, Federal University of Technology, Owerri, Nigeria.

Section:Research Paper, Product Type: Journal-Paper
Vol.11 , Issue.4 , pp.15-23, Aug-2023

Online published on Aug 31, 2023

Copyright © Azubuike I. Erike, Augustine C. Azubogu, Kenneth A. Akpado, Chukwudi O. Arinze, Yusuf U. Mshelia . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

93 Views    167 Downloads    24 Downloads

Abstract :
This research presented a user-dependent robust multi-password generation technique for authentication. Dynamic chaffing-with-tough-nuts technique was used to dynamically generate real-user triplicate passwords and multiple honey passwords. These combinations stored in a single password relation leaves authentication to a correct combination of the real user triplicate password. A character transformation function used for the implementation leaves a 47% increase in the character length of the already supplied user-password with mandatory inclusion of an array of symbols in the given password, thereby creating a high entropy password. The strength of the generated password analysed against the Hive Systems` report shows that passwords generated through the techniques even with weak hashing algorithm like MD5 would take approximately 7trillion years to crack, thus becomes near impossible to crack using rainbow table attack. Upon successful password cracking, it would take a correct combination of the triplicate model for access to be granted.

Key-Words / Index Term :
Cybercrime, Cracking attacks, Time-to-crack, Cyber-Protection, Security

References :
[1] Department for Digital Culture Media and Sport, “Cyber Security Breaches Survey 2021 Statistical Release,” London, 2021.
[2] H. Alquran and B. Ferdousi, “Effect of Cybersecurity , Privacy and Academic Integrity Concerns on Assessment in E-Learning Environment,” Int. J. Sci. Res. Multidiscip. Stud., Vol.8, Issue.11, pp. 11–18, 2022.
[3] M. Koteshwar and B. B. J. Singh, “Survey Report on Cyber Crimes and Cyber Criminals Get Protected from Cyber Crimes Review Paper,” Int. J. Comput. Sci. Eng., Vol.7, Issue.12, pp.99–109, 2019, doi: 10.26438/ijcse/v7i12.99109.
[4] A. Al Hasib, “Threats of Online Social Networks,” Int. J. Comput. Sci. Netw. Secur., Vol.9, Issue.11, pp.288, 2009.
[5] Thomas F. Stafford and Robin Poston, “Online Security Threats and Computer User Intentions.” IEEE Computer Society, 2010.
[6] L. Cheng, F. Liu, and D. D. Yao, “Enterprise data breach: causes, challenges, prevention, and future directions,” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, Wiley-Blackwell, Vol.7, Issue.5. 01-Sep-2017, doi: 10.1002/widm.1211.
[7] S. Wheatley, A. Hofmann, and D. Sornette, “Data breaches in the catastrophe framework & beyond,” 2019.
[8] IBM Security, “Cost of a Data Breach Report 2020 2 Contents,” 2020.
[9] D. V Klein, “‘“ Foiling the Cracker ”’: A Survey of , and Improvements to , Password Securit y †.”
[10] D. Florêncio, C. Herley, and P. C. Van Oorschot, “An Administrator ’ s Guide to Internet Password Research,” in 28th Large Installation System Administration Conference (LISA14), 2014.
[11] E. Stobert and R. Biddle, “A Password Manager that Doesn ’ t Remember Passwords,” ACM, pp.39–52, 2014, doi: http://dx.doi.org/10.1145/2683467.2683471.
[12] R. Blake, J. Collin, M. Nick, B. Dan, and C. M. John, “Stronger Password Authentication Using Browser Extensions 1,” 4th USENIX Security Symposium, 2005. [Online]. Available: https://www.usenix.org/legacy/event/sec05/tech/full_papers/ross/ross_html/. [Accessed: 29-Mar-2023].
[13] C. Somboonpattanakit and N. Wisitpongphan, “Secure Password Storing Using Prime Decomposition,” IAENG Int. J. Comput. Sci., Vol.48, Issue.1, 2021.
[14] N. Katrandzhiev, D. Hristozov, and B. Milenkov, “A Comparison of Password Protection Methods for Web-Based Platforms Implemented with PHP and MySQL,” 2019.
[15] R. Hranický, L. Zobal, V. Ve?e?a, and P. Matoušek, “Distributed Password Cracking in a Hybrid Environment,” 2017.
[16] G. Soumya, P. Soumya, and M. Student, “Authentication by Encrypted Negative Password,” J. Resour. Manag. Technol., Vol.12, Issue.1, pp.437–442, 2021.
[17] J. Blocki and A. Datta, “CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection,” in 29th IEEE Computer Security Foundations Symposium, 2015, doi: DOI: 10.1109/CSF.2016.33.
[18] S. Anand, N. Susila, and S. Balakrishnan, “Challenges and issues in ensuring safe cloud based password management to enhance security,” Int. J. Pure Appl. Math., Vol.119, Issue.12, pp.1207–1215, 2018.
[19] Shubham Sawant, Pratik Saptal, Kritish Lokhande, Karan Gadhave, and Randeep Kaur, “Honeywords - Making Password Cracking Detectable,” Int. J. Eng. Res. Adv. Technol., Vol.4, Issue.4, Apr. 2018, doi: http://dx.doi.org/10.7324/IJERAT.2018.3218.
[20] Changhee Lee and Heejo Lee, “A Password Stretching Method using User Specific Salts,” in WWW ’07: Proceedings of the 16th international conference on World Wide Web, pp.1215–1216, 2007. doi: https://doi.org/10.1145/1242572.1242772.
[21] A. Reinhold and A. G. Reinhold, “HEKS: A Family of Key Stretching Algorithms Breastfeeding economics View project Dummies books View project HEKS: A Family of Key Stretching Algorithms,” 1999.
[22] I. Erguler, “Achieving Flatness: Selecting the Honeywords from Existing User Passwords,” IEEE Trans. Dependable Secur. Comput., Vol.13, Issue.2, pp.284–295, 2016, doi: 10.1109/TDSC.2015.2406707.
[23] G. S. V. Bhanu and V. S. Naresh, “An Efficient Privacy Preserving Technique Using Decoy Passwords,” Int. J. Sci. Res. Manag., no. June 2017, 2017, doi: 10.18535/ijsrm/v5i6.36.
[24] C. V Sailaja and B. T. Reddy, “Creating secure and dependable honey words to increase password security.,” Ann. Rom. Soc. Cell Biol., Vol.25, Issue.4, pp.19588–19594, 2021.
[25] A. Mogaddam and M. Khan, Developing a password generating software Regarding password memorability and security. KTH Skolan för kemi, bioteknologi och hälsa 141 52 Huddinge, Sverige, 2022.