Yasser A. Yasser

Bio: Yasser A. Yasser is an academic researcher. The author has contributed to research in topics: Password & Computer science. The author has an hindex of 1, co-authored 4 publications receiving 2 citations.

A Scrutiny of Honeyword Generation Methods: Remarks on Strengths and Weaknesses Points

Abstract: Abstract Honeyword system is a successful password cracking detection system. Simply the honeywords are (False passwords) that are accompanied to the sugarword (Real password). Honeyword system aims to improve the security of hashed passwords by facilitating the detection of password cracking. The password database will have many honeywords for every user in the system. If the adversary uses a honeyword for login, a silent alert will indicate that the password database might be compromised. All previous studies present a few remarks on honeyword generation methods for max two preceding methods only. So, the need for one that lists all preceding researches with their weaknesses is shown. This work presents all generation methods then lists the strengths and weaknesses of 26 ones. In addition, it puts 32 remarks that highlight their strengths and weaknesses points. This research has proved that every honeyword generation method has many weaknesses points.

Honeyword Generation Using a Proposed Discrete Salp Swarm Algorithm

Abstract: : Honeywords are fake passwords that serve as an accompaniment to the real password, which is called a “sugarword.” The honeyword system is an effective password cracking detection system designed to easily detect password cracking in order to improve the security of hashed passwords. For every user, the password file of the honeyword system will have one real hashed password accompanied by numerous fake hashed passwords. If an intruder steals the password file from the system and successfully cracks the passwords while attempting to log in to users’ accounts, the honeyword system will detect this attempt through the honeychecker. A honeychecker is an auxiliary server that distinguishes the real password from the fake passwords and triggers an alarm if intruder signs in using a honeyword. Many honeyword generation approaches have been proposed by previous research, all with limitations to their honeyword generation processes, limited success in providing all required honeyword features, and susceptibility to many honeyword issues. This work will present a novel honeyword generation method that uses a proposed discrete salp swarm algorithm. The salp swarm algorithm (SSA) is a bio-inspired metaheuristic optimization algorithm that imitates the swarming behavior of salps in their natural environment. SSA has been used to solve a variety of optimization problems. The presented honeyword generation method will improve the generation process, improve honeyword features, and overcome the issues of previous techniques. This study will demonstrate numerous previous honeyword generating strategies, describe the proposed methodology, examine the experimental results, and compare the new honeyword production method to those proposed in previous research.

A Proposal for Honeyword Generation via Meerkat Clan Algorithm

Abstract: Abstract An effective password cracking detection system is the honeyword system. The Honeyword method attempts to increase the security of hashed passwords by making password cracking easier to detect. Each user in the system has many honeywords in the password database. If the attacker logs in using a honeyword, a quiet alert trigger indicates that the password database has been hacked. Many honeyword generation methods have been proposed, they have a weakness in generating process, do not support all honeyword properties, and have many honeyword issues. This article proposes a novel method to generate honeyword using the meerkat clan intelligence algorithm, a metaheuristic swarm intelligence algorithm. The proposed generation methods will improve the honeyword generating process, enhance the honeyword properties, and solve the issues of previous methods. This work will show some previous generation methods, explain the proposed method, discuss the experimental results and compare the new one with the prior ones.

A Proposed Harmony Search Algorithm for Honeyword Generation

Abstract: The honeyword system is a password cracking detection technique that aims to improve the security of hashed passwords by making password cracking simpler to detect. Many honeywords (false passwords) accompany the sugarword (true password) to form the sweetwords (false and true passwords) for every user. If the attacker signs in using a honeyword, a silent alarm trigger shows that the honeyword system might be compromised. Many honeyword generation techniques are presented; each one has a flaw in the generating process, a lack of support for all honeyword characteristics, and a slew of honeyword problems. The harmony search algorithm (HSA), a metaheuristic intelligence algorithm inspired by music, is used in this article to offer a novel method for generating honeyword. The suggested honeyword generation technique will enhance the generating process, enhance honeyword characteristics, and address prior approaches’ shortcomings. This paper will show several previous honeyword generation techniques, explain the suggested one, discuss the experimental findings, and compare the new honeyword generation method with the previous ones.

Toward Developing a Password Breach Detection Technique for Serving the Purpose of Honeywords

Abstract: In the era of computer systems, user authentication, both online and offline, is an unavoidable step for securing users’ privacy. Password-based authentication is popularly adopted for its simplicity in this context. In password-based authentication, a set of credentials (mostly username and password) is required to identify the unique user. But this method of authentication is vulnerable to inversion attack paradigm. In inversion attack, the adversary obtains the plaintext password by cracking the hashed value of the password. Honeyword-based authentication has been introduced to combat such attacks. In this strategy, certain dummy passwords or honeywords are saved along with the user’s original password. When an adversary tries to enter one of the honeywords to log into the system, an alarm message is sent to the authority via an auxiliary server called honeychecker. Although this technique is useful to address this type of security threat, the requirement of additional space to store the honeywords is still an overhead. Driven by these drawbacks, this work is aimed to propose a strategy which can serve the purpose of honeywords but in a more cost-effective way. In this technique, the concept of tokenization is utilized. Theoretical and experimental analyses have been done to assess the viability of the proposed scheme. A comparative study between the proposed scheme and honeyword-based authentication has been carried out based on required storage cost and resiliency against MSV attack. From our rigorous analysis, it is found that our scheme shows promising results in terms of other usability and security features as well.

Toward Developing a Password Breach Detection Technique for Serving the Purpose of Honeywords

Abstract: In the era of computer systems, user authentication, both online and offline, is an unavoidable step for securing users’ privacy. Password-based authentication is popularly adopted for its simplicity in this context. In password-based authentication, a set of credentials (mostly username and password) is required to identify the unique user. But this method of authentication is vulnerable to inversion attack paradigm. In inversion attack, the adversary obtains the plaintext password by cracking the hashed value of the password. Honeyword-based authentication has been introduced to combat such attacks. In this strategy, certain dummy passwords or honeywords are saved along with the user’s original password. When an adversary tries to enter one of the honeywords to log into the system, an alarm message is sent to the authority via an auxiliary server called honeychecker. Although this technique is useful to address this type of security threat, the requirement of additional space to store the honeywords is still an overhead. Driven by these drawbacks, this work is aimed to propose a strategy which can serve the purpose of honeywords but in a more cost-effective way. In this technique, the concept of tokenization is utilized. Theoretical and experimental analyses have been done to assess the viability of the proposed scheme. A comparative study between the proposed scheme and honeyword-based authentication has been carried out based on required storage cost and resiliency against MSV attack. From our rigorous analysis, it is found that our scheme shows promising results in terms of other usability and security features as well.