Title:

Detecting Password File Theft using Predefined Time-Delays between Certain Password Characters, Journal of Telecommunications and Information Technology, 2017, nr 4

Creator:

Mahmoud, Khaled W. ; Makableh, Alaa ; Mansour, Khalid

Subject and Keywords:

network security ; access control ; intrusion detection systems ; password protection

Description:

This paper presents novel mechanisms that effectively detect password file thefts and at the same time prevent uncovering passwords. The proposed mechanism uses delay between consecutive keystrokes of the password characters. In presented case, a user should not only enter his password correctly during the sign-up process, but also needs to introduce relatively large time gaps between certain password characters. The proposed novel approaches disguise stored passwords by adding a suffix value that helps in detecting password file theft at the first sign-in attempt by an adversary who steals and cracks the hashed password file. Any attempt to login using a real password without adding the time delays in the correct positions may considered as an impersonation attack, i.e. the password file has been stolen and cracked.

Publisher:

National Institute of Telecommunications

Date:

2017, nr 4

Resource Type:

artykuł

Format:

application/pdf

Resource Identifier:

ISSN 1509-4553, on-line: ISSN 1899-8852

Source:

Journal of Telecommunications and Information Technology

Language:

ang

Rights Management:

Biblioteka Naukowa Instytutu Łączności