scispace - formally typeset
Search or ask a question
Author

G. J. Rodgers

Bio: G. J. Rodgers is an academic researcher from Brunel University London. The author has contributed to research in topics: Password & Login. The author has an hindex of 2, co-authored 2 publications receiving 5 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: The authors introduce a simple and effective solution to the detection of password file disclosure events and suggest an alternative approach that selects the honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters.
Abstract: Honeywords (decoy passwords) have been proposed to detect attacks against hashed password databases. For each user account, the original password is stored with many honeywords in order to thwart any adversary. The honeywords are selected deliberately such that a cyber-attacker who steals a file of hashed passwords cannot be sure, if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 24 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinise the honeyword system and highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters. Four sets of honeywords are added to the system that resembles the real passwords, thereby achieving an extremely flat honeywords generation method. To measure the human behaviours in relation to trying to crack the password, a testbed engaged with by 820 people was created to determine the appropriate words for the traditional and proposed methods. The results show that under the new method it is harder to obtain any indication of the real password (high flatness) when compared with traditional approaches and the probability of choosing the real password is 1/k, where k = number of honeywords plus the real password.

7 citations

Proceedings ArticleDOI
01 Jul 2017
TL;DR: A new password generating technique is proposed based on time, which can be used to protect a sensitive dataset in big data by using time as a part of the password, generated by using the shift-key to increase the possible combinations for the password.
Abstract: In this paper, a new password generating technique is proposed based on time, which can be used to protect a sensitive dataset in big data. Specifically, the proposed approach mitigates attacks and threats by using time as a part of the password, generated by using the shift-key. The aim is to increase the possible combinations for the password, thereby improving security when compared to traditional measures. First, a survey was carried out to determine the appropriate settings for the new password system. A mathematical model is built and the Password Quality Indicator (PQI) used to compare the outcomes generated by the model with those from the traditional password method. The difference percentage equation was employed to compare the new password technique is better than the traditional method. The results show that the former is better than the latter by 192 % when C=93 and the length of password is 4, whilst this improvement is up to 200% when the length is 15.

3 citations


Cited by
More filters
Proceedings Article
26 Mar 2014
TL;DR: This paper finds that Markov models, when done correctly, perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state-of-the-art password model in recent research.
Abstract: A probabilistic password model assigns a probability value to each string. Such models are useful for research into understanding what makes users choose more (or less) secure passwords, and for constructing password strength meters and password cracking utilities. Guess number graphs generated from password models are a widely used method in password research. In this paper, we show that probability-threshold graphs have important advantages over guess-number graphs. They are much faster to compute, and at the same time provide information beyond what is feasible in guess-number graphs. We also observe that research in password modeling can benefit from the extensive literature in statistical language modeling. We conduct a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, Markov models, when done correctly, perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state-of-the-art password model in recent research.

16 citations

Journal ArticleDOI
01 Feb 2021
TL;DR: The proposed technique allows the user to keep the ease-of-use in the mouse motion, while minimizing the risk of password guessing, in a new password generation technique on the basis of mouse motion and a special case location recognized by the number of clicks.
Abstract: This paper proposes a new password generation technique on the basis of mouse motion and a special case location recognized by the number of clicks to protect sensitive data for different companies. Two, three special locations click points for the users has been proposed to increase password complexity. Unlike other currently available random password generators, the path and number of clicks will be added by admin, and authorized users have to be training on it. This method aims to increase combinations for the graphical password generation using mouse motion for a limited number of users. A mathematical model is developed to calculate the performance of the password. The proposed technique in this paper allows the user to keep the ease-of-use in the mouse motion, while minimizing the risk of password guessing. A comparative evaluation has been conducted against a traditional password. The results show that the proposed approach improves the complexity 200% for fix position technique and two variants technique but more than 200% for three variants technique.

3 citations

Journal ArticleDOI
TL;DR: This research has proved that every honeyword generation method has many weaknesses points.
Abstract: Abstract Honeyword system is a successful password cracking detection system. Simply the honeywords are (False passwords) that are accompanied to the sugarword (Real password). Honeyword system aims to improve the security of hashed passwords by facilitating the detection of password cracking. The password database will have many honeywords for every user in the system. If the adversary uses a honeyword for login, a silent alert will indicate that the password database might be compromised. All previous studies present a few remarks on honeyword generation methods for max two preceding methods only. So, the need for one that lists all preceding researches with their weaknesses is shown. This work presents all generation methods then lists the strengths and weaknesses of 26 ones. In addition, it puts 32 remarks that highlight their strengths and weaknesses points. This research has proved that every honeyword generation method has many weaknesses points.

2 citations

Journal ArticleDOI
01 Nov 2022-Sensors
TL;DR: In this article , the authors proposed an algorithm for encrypting images based on the Carlisle Adams and Stafford Tavares CAST block cipher algorithm with 3D and 2D logistic maps.
Abstract: Background and Aim: due to the rapid growth of data communication and multimedia system applications, security becomes a critical issue in the communication and storage of images. This study aims to improve encryption and decryption for various types of images by decreasing time consumption and strengthening security. Methodology: An algorithm is proposed for encrypting images based on the Carlisle Adams and Stafford Tavares CAST block cipher algorithm with 3D and 2D logistic maps. A chaotic function that increases the randomness in the encrypted data and images, thereby breaking the relation sequence through the encryption procedure, is introduced. The time is decreased by using three secure and private S-Boxes rather than using six S-Boxes, as in the traditional method. Moreover, the CAST encryption algorithm was modified to be used on the private keys and substitution stage (S-Boxes), with the keys and S-Boxes of the encryption algorithm being generated according to the 2D and 3D chaotic map functions. The proposed system passed all evaluation criteria, including (MSE, PSNR, EQ, MD, SC, NC, AD, SNR, SIM, MAE, Time, CC, Entropy, and histograms). Results: Moreover, the results also illustrate that the created S-Boxes passed all evaluation criteria; compared with the results of the traditional method that was used in creating S-Box, the proposed method achieved better results than other methods used in the other works. The proposed solution improves the entropy which is between (7.991–7.999), reduces the processing time which is between (0.5–11 s/Images), and improves NCPR, which is between (0.991–1). Conclusions: The proposed solution focuses on reducing the total processing time for encryption and decryption and improving transmission security. Finally, this solution provides a fast security system for surgical telepresence with secure real-time communication. The complexity of this work needs to know the S-Box creation method used, the chaotic method, the values of the chaotic parameters, and which of these methods was used in the encryption process.

1 citations

Proceedings ArticleDOI
01 Jan 2014
TL;DR: An improved authentication scheme supporting the Diffie-Hellman key exchange protocol using hash functions and the ElGamal cryptosystem is proposed, which overcomes the offline password guessing attack, man-in-the-middle attack and so on.
Abstract: Remote user authentication scheme has been widely adopted in the cyberworld to provide security and privacy because of various online threats and insecure communications. In the past few decades, many smart card-based authentication schemes are put forward. In such schemes, a user only need to maintain an identity and a password and employ a smart card to fulfill the authentication with a remote server. In 2014, Lee et al. put forward an authentication scheme using smart based on the hash function. However, we find that novel as it is, the scheme still has some severe security and performance weaknesses such as a verification table should stored in their scheme, it is easy to suffer the stolen verifier attack. Besides, it has the problem of synchronization between the server and users, failure of protecting users' anonymity and it is unfriendly to users since the inability of supporting changing the password freely. In this paper, we propose an improved authentication scheme supporting the Diffie-Hellman key exchange protocol using hash functions and the ElGamal cryptosystem. Besides the drawbacks in Lee et al.'s scheme, our proposed scheme overcomes the offline password guessing attack, man-in-the-middle attack and so on. At last, we show that our scheme is more suitable and secure for practical use.

1 citations