scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Proposed Harmony Search Algorithm for Honeyword Generation

25 Mar 2022-Vol. 2022, pp 9607550:1-9607550:10
TL;DR: The harmony search algorithm (HSA), a metaheuristic intelligence algorithm inspired by music, is used in this article to offer a novel method for generating honeyword that will enhance the generating process, enhance honeyword characteristics, and address prior approaches’ shortcomings.
Abstract: The honeyword system is a password cracking detection technique that aims to improve the security of hashed passwords by making password cracking simpler to detect. Many honeywords (false passwords) accompany the sugarword (true password) to form the sweetwords (false and true passwords) for every user. If the attacker signs in using a honeyword, a silent alarm trigger shows that the honeyword system might be compromised. Many honeyword generation techniques are presented; each one has a flaw in the generating process, a lack of support for all honeyword characteristics, and a slew of honeyword problems. The harmony search algorithm (HSA), a metaheuristic intelligence algorithm inspired by music, is used in this article to offer a novel method for generating honeyword. The suggested honeyword generation technique will enhance the generating process, enhance honeyword characteristics, and address prior approaches’ shortcomings. This paper will show several previous honeyword generation techniques, explain the suggested one, discuss the experimental findings, and compare the new honeyword generation method with the previous ones.
References
More filters
Journal ArticleDOI
01 Feb 2001
TL;DR: A new heuristic algorithm, mimicking the improvisation of music players, has been developed and named Harmony Search (HS), which is illustrated with a traveling salesman problem (TSP), a specific academic optimization problem, and a least-cost pipe network design problem.
Abstract: Many optimization problems in various fields have been solved using diverse optimization al gorithms. Traditional optimization techniques such as linear programming (LP), non-linear programming (NL...

5,136 citations

Journal ArticleDOI
TL;DR: A new harmony search (HS) meta-heuristic algorithm-based approach for engineering optimization problems with continuous design variables conceptualized using the musical process of searching for a perfect state of harmony using a stochastic random search instead of a gradient search.

1,714 citations

Proceedings ArticleDOI
04 Nov 2013
TL;DR: It is proposed that an auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
Abstract: We propose a simple method for improving the security of hashed passwords: the maintenance of additional ``honeywords'' (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.

264 citations

Journal ArticleDOI
TL;DR: An alternative approach is suggested that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords-a perfectly flat honeyword generation method-and also to reduce storage cost of the honeyword scheme.
Abstract: Recently, Juels and Rivest proposed honeywords (decoy passwords) to detect attacks against hashed password databases. For each user account, the legitimate password is stored with several honeywords in order to sense impersonation. If honeywords are selected properly, a cyber-attacker who steals a file of hashed passwords cannot be sure if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 20 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinize the honeyword system and present some remarks to highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords—a perfectly flat honeyword generation method—and also to reduce storage cost of the honeyword scheme.

74 citations

Book ChapterDOI
19 Dec 2018
TL;DR: This work intended to produce a safer system by creating an authentication using the honey words in the password database, which contains a combination of both the imitated passwords and the original passwords in order to detect whether the attack is happened or not.
Abstract: The purpose of the password is to protect the user account from unauthorized usage by the hacker. But in the current situation the field of security also realizes lot of threat to the password even in case if it is hashed. With the rise of hacking technology even the hashed password doesn’t provide the required security and also provides the hacker to misuse or exploit the user account without being noticed. The most vulnerable part in this is the misuse of account can be realized only after the user logs and sees the changes in their account usage. And so, the system doesn’t yet been improved in safeguarding or detecting the attacks against the database of password which are hashed. Ari Juels and et al. in 2013 [10] discovered the method using honeywords for detecting the password cracking. Honey words are the imitated passwords which are connected with the account of each user. We intended to produce a safer system by creating an authentication using the honey words in the password database. The newly created database contains a combination of both the imitated ones and the original passwords in order to detect whether the attack is happened or not. And hence when the hacker has the password database, he might get confused with the real and fake passwords. Here we make the hacker to fall into our trap by confusing him. Once he tries to enter a false password the administrator will get a notification and the hacker gets identified.

60 citations

Trending Questions (1)
IS there qny paper say that harmony search i not a novel algorithm?

The provided paper does not mention any other paper stating that the harmony search algorithm is not a novel algorithm.