Publikace UTB
Repozitář publikační činnosti UTB

User-side password authentication: A study

Repozitář DSpace/Manakin

Zobrazit minimální záznam


dc.title User-side password authentication: A study en
dc.contributor.author Sarga, Libor
dc.contributor.author Jašek, Roman
dc.relation.ispartof Proceedings of the 11th European Conference on Information Warfare and Security 2012, ECIW 2012
dc.identifier.isbn 978-1-908272-56-0
dc.identifier.isbn 9781622765379
dc.date.issued 2012
dc.citation.spage 237
dc.citation.epage 243
dc.event.title 11th European Conference on Information Warfare and Security (ECIW)
dc.event.location Laval
utb.event.state-en France
utb.event.state-cs Francie
dc.event.sdate 2012-07-05
dc.event.edate 2012-07-06
dc.type conferenceObject
dc.language.iso en
dc.publisher Academic Conferences and Publishing International (ACPI) en
dc.subject authentication en
dc.subject security en
dc.subject hash en
dc.subject password en
dc.subject mnemonic en
dc.subject visual en
dc.subject multi en
dc.subject factor en
dc.subject social en
dc.subject brute-force en
dc.subject attack en
dc.subject engineering en
dc.subject passphrase en
dc.subject side-channel en
dc.description.abstract Researchers have for a time been struggling to change inert mindset of users regarding passwords as a response to advances in processing power, emergence of highly-scalable computing models, and attackers prioritizing human element for attacks. Recommendations regarding security are ignored as documented by recent corporate database breaches and releases of unencrypted password caches which corroborated lacking security awareness in vast majority of Internet users. In order to educate users about computer security, terms such as hashing, cipher systems and their weaknesses, brute-force attacks, social engineering, multi-factor authentication, and balance between usability and ease of use must be clearly explained. However, academia tend to focus on areas requiring deep mathematical or programmatic background, clear communication of these security elements while minimizing scientific rigor thus remains challenging. The article aims to provide a concise, comprehensive research overview and outline of authentication, including information entropy, hashing algorithms, reverse password engineering, importance of complexity and length in passwords, general-purpose attacks such as brute-force and social engineering as well as specialized ones, namely side-channel interception. Novel ways of increasing security by utilizing two- and multi-factor authentication, visual passwords, pass phrases, mnemonic-based strings will be considered as well along with their advantages over the traditional textual password model and pitfalls for their widespread propagation. In particular, we hypothesize that technological developments allow vendors to offer solutions which limit unauthorized third parties from gaining windows of opportunity to exploit weaknesses in the authentication schemes. However, as infrastructure becomes more resilient, attackers shift their focus towards human-based attacks (social engineering, social networking). Due to largely unchanging short-term behavior patterns, institutions need to lecture employees over extended periods about being vigilant to leaks of procedural and organizational information which may help attackers bypass perimeter-level security measures. We conclude the article by listing emerging threats in the field, specifically social networks-distributed malware and mobile devices targeting. en
utb.faculty Faculty of Management and Economics
utb.faculty Faculty of Applied Informatics
dc.identifier.uri http://hdl.handle.net/10563/1003008
utb.identifier.rivid RIV/70883521:28120/12:43865274!RIV13-MSM-28120___
utb.identifier.rivid RIV/70883521:28140/12:43865274!RIV13-MSM-28140___
utb.identifier.obdid 43865276
utb.identifier.scopus 2-s2.0-84873190927
utb.identifier.wok 000308223300029
utb.source d-wok
dc.date.accessioned 2012-11-07T00:56:20Z
dc.date.available 2012-11-07T00:56:20Z
utb.contributor.internalauthor Sarga, Libor
utb.contributor.internalauthor Jašek, Roman
utb.fulltext.affiliation Libor Sarga and Roman Jašek Tomas Bata University in Zlín, Zlín, Czech Republic sarga@fame.utb.cz jasek@fai.utb.cz
utb.fulltext.dates -
utb.fulltext.sponsorship -
utb.fulltext.projects -
utb.fulltext.faculty -
utb.fulltext.ou -
Find Full text

Soubory tohoto záznamu

Zobrazit minimální záznam