TG-SPSR: A Systematic Targeted Password Attacking Model |
Zhang, Mengli
(State Key Laboratory of Mathematical Engineering and Advanced Computing)
Zhang, Qihui (State Key Laboratory of Mathematical Engineering and Advanced Computing) Liu, Wenfen (School of Computer Science and Information Security, Guangxi Key Laboratory of Cryptogpraphy and Information Security, Guilin University of Electronic Technology) Hu, Xuexian (State Key Laboratory of Mathematical Engineering and Advanced Computing) Wei, Jianghong (State Key Laboratory of Mathematical Engineering and Advanced Computing) |
1 | Y. Li, H. Wang, and K. Sun, "A study of personal informationin human-chosen passwords and its security implications," in Proc. of IEEE Inform, pp. 1-9, April 10-14, 2016. |
2 | Nearly 80 percent of Internet users suffer identity leaks, July, 2015. |
3 | Four Years Later, Anthem breached again: hackers stole credentials, Feb. 2015. |
4 | A. Grimes. Roger, "Password size does matter[EB/OL]," July 2006. |
5 | R. Shay, S. Komanduri, A. Durity, et al., "Designing password policies for strength and usability," ACM Transactions on Information and System Security, vol. 18, no. 4, pp. 1-34, 2016. |
6 | J. Bonneau, C. Herley, P. C. Van Oorschot, "Passwords and the evolution of imperfect authentication," Communications of the ACM, vol. 58, no. 7, pp. 78-87, 2015. DOI |
7 | C. Castelluccia, A. Chaabane, M. Durmuth, et al., "When privacy meets security: leveraging personal information for password cracking," Computer science, 2013. |
8 | A. Singer, W. Anderson, R. Farrow, "Rethinking password policies," Usenix and Sage, vol. 38, pp. 14-18, 2013. |
9 | R. Wash, E. Rader, R. Berman, and Z. Wellmer, "Understanding password choices: how frequently entered passwords are reused across websites," in Proc. of Symposium on Usable Privacy and Security, pp. 175-188, June 22-24, 2016. |
10 | S.M. Haque, M. Wright, and S. Scielzo, "A study of user password strategy for multiple accounts," in Proc. of 3th ACM Conference on Data and Application Security and Privacy, pp. 173-176, 2013. |
11 | Y. Zhang, F. Monrose, and M. K. Reiter, "The security of modern password expiration: an algorithmic framework and empirical analysis," in Proc. of 17th ACM Conference on Computer and Communications Security, pp. 176-186, 2010. |
12 | S. Pearman, J. Thomas, P. E. Naeini, et al., "Let's go in for a closer look: observing passwords in their natural habitat," in Proc. of ACM Sigsac Conference on Computer and Communications Security, pp. 295-310, 2017. |
13 | S. Hochreiter, J. Schmidhuber, "Long short-tem memory," Neural computation, Vol. 9, no. 8, pp. 1735-1780, 1997. DOI |
14 | A. Narayanan, V. Shmatikov, "Fast dictionary attacks on passwords using time-space trade off," in Proc. of 12th ACM conference on Computer and communications security, pp. 364-372, October 16-18, 2005. |
15 | Ping Wang, Ding Wang, Xinyi Huang, "Advances in password security," Computer Research and Development, vol. 53, no. 10, pp. 2173-2188, 2016. |
16 | J. Bonneau, C. Herley, P. V. Oorschot, et al., "Passwords and the evolution of imperfect authentication," Communications of the ACM, vol. 58, no. 7, pp. 78-87, 2015. DOI |
17 | C. Herley, P. V. Oorschot, "A research agenda acknowledging the persistence of passwords," IEEE Security & Privacy, vol. 10, no. 1, pp. 28-36, 2012. DOI |
18 | D. Freeman, M. Durmuth, B. Biggio, "Who are you? a statistical approach to measuring user authenticity," in Proc. of the Network & Distributed System Security Symposium, pp. 1-15, February 21-24, 2016. |
19 | J. Yan, A. Blackwell, R. Anderson and Grant A, "password memorability and security: empirical results," IEEE Security & Privacy, vol. 2, no. 5, pp. 25-31, 2004. DOI |
20 | M. Weir, S. Aggarwal, B. D. Medeiros, et al., "Password cracking using probabilistic context-free grammars," in Proc. of 30th IEEE Symposium on Security and Privacy, pp. 391-405, May 17-20, 2009. |
21 | J. Ma, W. N. Yang, M. Luo, et al., "A study of probabilistic password models," in Proc. of 35th IEEE Symposium on Security and Privacy, pp. 689-704, May 18-21, 2014. |
22 | M. Durmuth, F. Angelstorf, C. Castelluccia, et al., "OMEN: Faster password guessing using an ordered markov enumerator," in Proc. of 7th International Symposium on Engineering Secure Software and Systems, pp. 119-132, March 4-6, 2015. |
23 | Turkey: personal data of 50 million citizens leaked online, April 2016. |
24 | S. Houshmand, S. Aggarwal, R. Flood, "Next gen PCFG password cracking," IEEE Transactions on Information Forensics & Security, vol. 10, no. 8, pp. 1776-1791, 2015. DOI |
25 | D. Wang, Z. J. Zhang, P. Wang, et al., "Targeted online password guessing: an underestimated threat," in Proc. of 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242-1254, October 24-28, 2016. |
26 | All Data Breach Sources, May, 2016. |
27 | Amid Widespread Data Breaches in China, Dec, 2011. Article(CrossRef Link) |
28 | Y. Zhang, F. Monrose, and M. Reiter, "The security of modernpassword expiration:an algorithmic framework and empirical analysis," in Proc. of ACM CCS, pp. 176-186, October 4-8, 2010. |
29 | A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang, "The tangled web of password reuse," in Proc. of NDSS, pp. 23-26, February 23-26, 2014. |
![]() |