Download - Method of Password Security Evaluation
Method of Password Security Evaluation
Miloslav Hub, Jan Capek Institut od System Engineering and
Informatics Faculty of Economics and AdministrationUniversity of
PardubiceCzech Republic
Method of Password Security Evaluation
Access Control Concept
Access control - it is a security feature that controls how users
and systems communicate and interact with other systems and
resources. Identification and authentication - this combination
determines who can or not access/logging in.Authorization
determines what a subject can do.Accounting identifies what a
subject did.
Factors of Password Security
Human factors:Type of passwordsMode the user guards a
password
Evaluation of Passwords Security
Decisions about authentification implementation.Surveys on
long-time trends in passwords selection.Surveys in passwords
selection by different types of users.Studies on the effect of
different modes on training in passwords selection.
Current approaches:Expert opinions (weak versus strong passwords).Breaking passwords as a proof of passwords weakness.
Currently there is not exact number that represents the security
level of some password.
Attack Simulation Model
Sorted set of reduced dictionaries that the attacker can use in the
event he wants to break a password in the most effective way.
We can think a brute force attack is like a special kind of a
dictionary attack.
Password Security Evaluation
Security of a password is defined as the expected value of number
of attempts the impostor has to carry out to break a
password.
Empirical Password Survey
Czech First Names (490 words), Common Czech Words (382 words),
Common Passwords (239 words), Czech First Names - the first
character uppercase (490 words), Years 1900 2029 (114 words),
Common Logins (2,131 words), The Most Commonly Used English Words
(391 words), Czech and American Word Combinations (496 words),
Word, Personages (437 words), American Women Names (4,414
words),
Correlation of Password Characters
Result of our study
Pearson correlation coefficient between expecxted and actual
frequency of passwords equals 0.94.
Keystroke dynamics
Our results
Thank you for your attenction.
[email protected]@upce.cz