Journal ArticleDOI
Zipf’s Law in Passwords
TLDR
Li et al. as discussed by the authors proposed two Zipf-like models (i.e., PDF-Zipf and CDF-ZipF) to characterize the distribution of passwords and proposed a new metric for measuring the strength of password data sets.Abstract:
Despite three decades of intensive research efforts, it remains an open question as to what is the underlying distribution of user-generated passwords. In this paper, we make a substantial step forward toward understanding this foundational question. By introducing a number of computational statistical techniques and based on 14 large-scale data sets, which consist of 113.3 million real-world passwords, we, for the first time, propose two Zipf-like models (i.e., PDF-Zipf and CDF-Zipf) to characterize the distribution of passwords. More specifically, our PDF-Zipf model can well fit the popular passwords and obtain a coefficient of determination larger than 0.97; our CDF-Zipf model can well fit the entire password data set, with the maximum cumulative distribution function (CDF) deviation between the empirical distribution and the fitted theoretical model being 0.49%~4.59% (on an average 1.85%). With the concrete knowledge of password distributions, we suggest a new metric for measuring the strength of password data sets. Extensive experimental results show the effectiveness and general applicability of the proposed Zipf-like models and security metric.read more
Citations
More filters
Journal ArticleDOI
Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound
Ding Wang,Ping Wang +1 more
TL;DR: In this paper, a security model that can accurately capture the practical capabilities of an adversary is defined and a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum.
Journal ArticleDOI
Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks
TL;DR: It is shown that the proposed scheme ensures security even if a sensor node is captured by an adversary, and the proposed protocol uses the lightweight cryptographic primitives, such as one way cryptographic hash function, physically unclonable function, and bitwise exclusive operations.
Journal ArticleDOI
Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks
Ding Wang,Wenting Li,Ping Wang +2 more
TL;DR: An attempt toward breaking this undesirable cycle by proposing a systematical evaluation framework for schemes to be assessed objectively, revisiting two foremost schemes and conducting a measurement of 44 representative schemes under this evaluation framework, thereby providing the missing evaluation for two-factor schemes in industrial WSNs.
Journal ArticleDOI
TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment
TL;DR: A novel temporal credential based anonymous lightweight user authentication mechanism for IoD environment, called TCALAS, which has the capability to resist various known attacks against passive/active adversary and lower costs in both computation and communication as compared to existing schemes.
Journal ArticleDOI
BPAS: Blockchain-Assisted Privacy-Preserving Authentication System for Vehicular Ad Hoc Networks
TL;DR: An in-depth security analysis and a comprehensive performance evaluation are conducted for the proposed blockchain-assisted privacy-preserving authentication system (BPAS) that provides authentication automatically in VANETs and preserves vehicle privacy at the same time.
References
More filters
Journal ArticleDOI
Power-Law Distributions in Empirical Data
TL;DR: This work proposes a principled statistical framework for discerning and quantifying power-law behavior in empirical data by combining maximum-likelihood fitting methods with goodness-of-fit tests based on the Kolmogorov-Smirnov (KS) statistic and likelihood ratios.
Journal ArticleDOI
Error and attack tolerance of complex networks
TL;DR: It is found that scale-free networks, which include the World-Wide Web, the Internet, social networks and cells, display an unexpected degree of robustness, the ability of their nodes to communicate being unaffected even by unrealistically high failure rates.
Proceedings ArticleDOI
On power-law relationships of the Internet topology
TL;DR: These power-laws hold for three snapshots of the Internet, between November 1997 and December 1998, despite a 45% growth of its size during that period, and can be used to generate and select realistic topologies for simulation purposes.
Journal ArticleDOI
Power laws, Pareto distributions and Zipf's law
TL;DR: Some of the empirical evidence for the existence of power-law forms and the theories proposed to explain them are reviewed.
Journal ArticleDOI
Error and attack tolerance of complex networks
TL;DR: This work represents communication/transportation systems as networks and studies their ability to resist failures simulated as the breakdown of a group of nodes of the network chosen at random (chosen accordingly to degree or load).