Detecting Password File Theft using Predeﬁned Time-Delays between Certain Password Characters, Journal of Telecommunications and Information Technology, 2017, nr 4

Mahmoud, Khaled W.; Makableh, Alaa; Mansour, Khalid

- ris
- BibTeX

Detecting Password File Theft using Predeﬁned Time-Delays between Certain Password Characters, Journal of Telecommunications and Information Technology, 2017, nr 4 Mahmoud, Khaled W.; Makableh, Alaa; Mansour, Khalid

Struktura obiektu

Detecting Password File Theft using Predeﬁned Time-Delays between Certain Password Characters, Journal of Telecommunications and Information Technology, 2017, nr 4

Mahmoud, Khaled W. ; Makableh, Alaa ; Mansour, Khalid

network security ; access control ; intrusion detection systems ; password protection

This paper presents novel mechanisms that eﬀectively detect password ﬁle thefts and at the same time prevent uncovering passwords. The proposed mechanism uses delay between consecutive keystrokes of the password characters. In presented case, a user should not only enter his password correctly during the sign-up process, but also needs to introduce relatively large time gaps between certain password characters. The proposed novel approaches disguise stored passwords by adding a suﬃx value that helps in detecting password ﬁle theft at the ﬁrst sign-in attempt by an adversary who steals and cracks the hashed password ﬁle. Any attempt to login using a real password without adding the time delays in the correct positions may considered as an impersonation attack, i.e. the password ﬁle has been stolen and cracked.

National Institute of Telecommunications

2017, nr 4

artykuł

application/pdf

ISSN 1509-4553, on-line: ISSN 1899-8852

Journal of Telecommunications and Information Technology

ang

Biblioteka Naukowa Instytutu Łączności

Cytowanie