A Proposal for Honeyword Generation via Meerkat Clan Algorithm
01 Mar 2022-Cybernetics and Information Technologies-Vol. 22, Iss: 1, pp 40-59
TL;DR: A novel method to generate honeyword using the meerkat clan intelligence algorithm, a metaheuristic swarm intelligence algorithm is proposed, which will improve the honeyword generating process, enhance the honeywords properties, and solve the issues of previous methods.
Abstract: Abstract An effective password cracking detection system is the honeyword system. The Honeyword method attempts to increase the security of hashed passwords by making password cracking easier to detect. Each user in the system has many honeywords in the password database. If the attacker logs in using a honeyword, a quiet alert trigger indicates that the password database has been hacked. Many honeyword generation methods have been proposed, they have a weakness in generating process, do not support all honeyword properties, and have many honeyword issues. This article proposes a novel method to generate honeyword using the meerkat clan intelligence algorithm, a metaheuristic swarm intelligence algorithm. The proposed generation methods will improve the honeyword generating process, enhance the honeyword properties, and solve the issues of previous methods. This work will show some previous generation methods, explain the proposed method, discuss the experimental results and compare the new one with the prior ones.
••04 Nov 2013
TL;DR: It is proposed that an auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
Abstract: We propose a simple method for improving the security of hashed passwords: the maintenance of additional ``honeywords'' (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
TL;DR: An alternative approach is suggested that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords-a perfectly flat honeyword generation method-and also to reduce storage cost of the honeyword scheme.
Abstract: Recently, Juels and Rivest proposed honeywords (decoy passwords) to detect attacks against hashed password databases. For each user account, the legitimate password is stored with several honeywords in order to sense impersonation. If honeywords are selected properly, a cyber-attacker who steals a file of hashed passwords cannot be sure if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 20 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinize the honeyword system and present some remarks to highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords—a perfectly flat honeyword generation method—and also to reduce storage cost of the honeyword scheme.
••19 Dec 2018
TL;DR: This work intended to produce a safer system by creating an authentication using the honey words in the password database, which contains a combination of both the imitated passwords and the original passwords in order to detect whether the attack is happened or not.
Abstract: The purpose of the password is to protect the user account from unauthorized usage by the hacker. But in the current situation the field of security also realizes lot of threat to the password even in case if it is hashed. With the rise of hacking technology even the hashed password doesn’t provide the required security and also provides the hacker to misuse or exploit the user account without being noticed. The most vulnerable part in this is the misuse of account can be realized only after the user logs and sees the changes in their account usage. And so, the system doesn’t yet been improved in safeguarding or detecting the attacks against the database of password which are hashed. Ari Juels and et al. in 2013  discovered the method using honeywords for detecting the password cracking. Honey words are the imitated passwords which are connected with the account of each user. We intended to produce a safer system by creating an authentication using the honey words in the password database. The newly created database contains a combination of both the imitated ones and the original passwords in order to detect whether the attack is happened or not. And hence when the hacker has the password database, he might get confused with the real and fake passwords. Here we make the hacker to fall into our trap by confusing him. Once he tries to enter a false password the administrator will get a notification and the hacker gets identified.
TL;DR: Artificial Bee Colony (ABC) algorithm is one of the popular swarm based algorithm inspired by intelligent foraging behaviour of honeybees that helps to minimize these shortcomings.
Abstract: Abstract Data clustering is an important data mining technique being widely used in numerous applications. It is a method of creating groups (clusters) of objects, in such a way that objects in one cluster are very similar and objects in different clusters are quite distinct, i.e. intra-cluster distance is minimized and inter-cluster distance is maximized. However, the popular conventional clustering algorithms have shortcomings such as dependency on center initialization, slow convergence rate, local optima trap, etc. Artificial Bee Colony (ABC) algorithm is one of the popular swarm based algorithm inspired by intelligent foraging behaviour of honeybees that helps to minimize these shortcomings. In the past, many swarm intelligence based techniques for clustering were introduced and proved their performance. This paper provides a literature survey on ABC, its variants and its applications in data clustering.
TL;DR: A new modified-UI based honeyword generation approach, identified as Paired Distance Protocol (PDP), is proposed, which overcomes most of the drawbacks of previously proposed honeywords generation approaches and reduces the storage overhead to a great extent.
Related Papers (5)
01 Jun 2009