Attacking and Protecting Passwords

Verified

Added on 2019/11/19

AI Summary

This report comprehensively examines password security, covering various attack vectors and countermeasures. It begins by defining passwords and their importance in securing online information. The report then delves into different types of password attacks, including brute force, dictionary attacks, keyloggers, rainbow table attacks, phishing, social engineering, SQL injection, and password guessing. Each attack type is explained in detail, highlighting its mechanisms and vulnerabilities. The report also explores various countermeasures and prevention techniques, such as creating strong passwords using password policies, employing multi-factor authentication, and utilizing virtual keyboards. Different authentication methods, including passphrases, public key infrastructure, keystroke dynamics, click patterns, graphical passwords, one-time passwords, biometrics, authentication panels, and digital signatures, are discussed as ways to enhance password security. The report concludes by emphasizing the importance of strong password practices and the need for a multi-layered approach to protect against password-based attacks. The report cites numerous research papers and articles to support its findings and recommendations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Assignment on IT security
9/8/2017

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Attacking and protecting password
Title: Attacking and Protecting Password
Submitted By
1

Attacking and protecting password
Contents
Abstract:................................................................................................................................................2
Introduction:..........................................................................................................................................2
Objective:..............................................................................................................................................2
What is Password?.................................................................................................................................3
Type of Password attacks:.....................................................................................................................3
Countermeasures:..................................................................................................................................6
Prevention of password with cracking attacks:......................................................................................7
Authentication methods used for preserving Passwords:.......................................................................8
Conclusion:..........................................................................................................................................10
References:..........................................................................................................................................10
2

Attacking and protecting password
Abstract:
The increasing growth of web services raises the concern of using strong password to keep
the information secured on the internet. The growth in innovation in the field of new tools
and technologies associated with the flow of web services raises the concern of password
attacks. In this paper is to focus on the password, attacks associated with the password,
different methods used for password attacks, and others.
Introduction:
The deployment of the web services makes use of login credential for securely transmission
of information to provide the relevant information to the authorised person only. “The
password is created by the user according to their choice which they can remind easily”
(Garg, 2013). It helps in increasing the efficiency between users and security provided. The
knowledge based authentication schemes are used for increasing the effectiveness of the
information and the usability program. The development of the password is categorised into
two types that are strong passwords and weak passwords. The strong passwords are those
passwords which are not easily cracks down by the hackers and the weak passwords are those
passwords which can be easily cracked by the hackers. “The authentication system is used for
providing information to the authorised person only” (Melicher, 2016). The authorization will
be granted on filling the login credentials details correctly without the expiry of the session.
Objective:
The objective of this paper is to focus on the password, attacks associated with the password,
different methods used for password attacks, and others. The focus is also given on the
countermeasures which should be taken to prevent the password from hacking. The
discussion will be done on the different authentication methods which are used for preserving
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Attacking and protecting password
the confidentiality of the password. The analysis of the countermeasures helps in identifying
the positive effects of authentication system.
What is Password?
The password is the word which is used for representing the collection of different phases
which are used for securing the confidential information available on the internet. The
password rules, policies, and guidelines should be used for generating it. It should be
remembered by the user for carrying over the accessing of the confidential information. The
strong passwords are those passwords which are not easily cracked down by the hackers and
the weak passwords are those passwords which can be easily cracked by the hackers. The
short length password is easy to remember but not secure while working on the internet.
Type of Password attacks:
The password attacks are classified into login details which are used for accessing the
resources and gaining control over the network. The growth in innovation in the field of new
tools and technologies associated with the flow of web services raises the concern of
password attacks. It opens the door for the hacker to access the login details of the user. The
loss of credit card information, bank account details, and other confidential information can
affect the life of the user. The attacker can steal information from the databases if no
preventive measures are proactively taken.
 Brute Force Attack: The brute force attack is used by the hackers to steal the
information of the user from the databases. It is most reliable method with is used for
attacking the confidential information. The possible comibnation of characters are
tried by the attacker to login into the account of the user. The computer program can
be used for guessing the string used by the user as password. The string of password
4

Attacking and protecting password
is tested to get the access of the user account. The increase in length of the password
increases the complexity to hack the password by the hackers. The short password can
be easily accessed by the hackers but the passwords of longer length are difficult to
crack down.
 Reverse Brute force attacks: The reverse brute force attack is the technique which is
used for testing the single password string with multiple user IDs. The repetition of
the process involves the collection of some chosen password. The deployment of
password policy should be used for mitigating the reverse brute force attacks.
 Dictionary attacks: “Sometimes user thought that the single word can be used as a
password by the user so he go through testing of each word of the dictionary to match
up with the user ID” (Owens, 2008). The most common password which are used by
the users are the words from dictionary, phone numbers, date of birth, and others. The
problem of dictionary attack can be resolved by creating the password by
amalgamating different words of dictionary instead of using a single word from it.
The amalgamation should be done in such a way which is easy to memorise.
 Key logger attack or malware attack: “The keystroke of the user is tracked and
monitored by the hackers by making use of a computer program” (Contini, 2015). The
login ID and the password of the user can be recorded. It is the screen scraper
program which is installed with the help of malware and viruses attached with the file.
The multifactor authentication protocol is used for preserving the confidentiality of
the credentials against the key logger attack.
 Rainbow table attack: The pre-computed hashes and the encrypted passwords are
comes under the category of rainbow table. “The hash value is the numerical value
which is calculated by making use of hashing algorithm on the encrypted password”
(Towhidi, 2011). This attack required minimum time to crack the password because
5

Attacking and protecting password
the time wasted in looking through the list is resolved by developing the rainbow
table. It is difficult to practice in the real situation.
 Phishing attack: The user accounts are easily hacked by the phasing attacks. The
password is directly given by the user to the hackers. No action required to crack the
password. The phishing attack is the most common attack used by the hacker to get
the online credentials of the user. The request of credential information is sent to their
account by making the user frightened about that their account will be closed, extra
security techniques have to be laid down, fill the following form, and many more. The
user provides their PIN number, password, account details in the hand of the hackers
with their own will.
 Social Engineering: The sensitive and confidential information of the user is accessed
by suing some tricks or fraud. The social engineering method is used for asking the
confidential information in the real world. The social engineering task performed by
the hacker in the time of failure which may result into the loss of confidential
information databases.
 Offline cracking of the password: The blocking of the system due to wrong entry of
the password. The hash value of the password is used for converting it into plain text.
The rainbow table is required for generating the plaintext to get the desired password.
 Shoulder spearing and surfing: The monitoring the password entered by the user can
cause the leakage of the credentials.
 SQL injection attacks: This attack is mainly equipped with the websites which are
poorly designed and constructed. The code injection technique is used for getting the
password of the user.
 Guessing of the password: The possible combinations of characters are tried by the
attacker to login into the account of the user. The computer program can be used for
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Attacking and protecting password
guessing the string used by the user as password. The string of password is tested to
get the access of the user account.
 Resetting of the password: The resetting of the password enables the hacker to get the
access of the password.
Countermeasures:
There are various prevention methods which are used to secure password from hacking. The
creation of strong password makes use of password policies to be undertaken while creating
the password for web services. The use of password policies ensures that the password should
be composed of 7 characters which include capital and small alphabets along with some
special characters. The use of dictionary words and logical sequence should be omitted to
design the password. “The problem of dictionary attack can be resolved by creating the
password by amalgamating different words of dictionary instead of using a single word from
it” (Gasti, 2014). The amalgamation should be done in such a way which is easy to
memorise. The techniques which are used to maintain the confidentiality of the passwords are
depicted in the table below:
Serial
No.
Description
1. The reversing of the dictionary word can help in developing secure password.
2. The addition of number before and after the reversed string
3. The use of one special character helps in preventing the password from hacking.
4. The amalgamation of small and capital alphabets increases the security of the
password.
5. Some of the alphabets should be replaced with the numbers
6. “The password should not be generated by using numbers or alphabets only. They
7

Attacking and protecting password
can be easily hacked by the hackers” (Pinkas, 2015).
7. Use of quotations and long sentences with the use of punctuation marks is not easy to
track.
8. Use of Misspelling words
9. The password should be changed periodically
10. Every account or web services should make use of different passwords
11. The lengthy password should be created
12. Password protected screen savers should be used
13. Th password should not be shared with anyone
14. The password should not be written on the central location of data gathering.
15. Security auditing tools should be used to keep track of password security.
Prevention of password with cracking attacks:
Prevention method used for Brute force cracking method: The system can be secured with the
brute force attack with the creation of strong password. The strong password can be created
by making use of password policies and above discussed methods.
Prevention methods for dictionary cracking attacks: “The problem of dictionary attack can be
resolved by creating the password by amalgamating different words of dictionary instead of
using a single word from it” (Wu, 2012). The amalgamation should be done in such a way
which is easy to memorise.
Prevention method for Key logger attack: “The key logger attack can be prevented by making
use of virtual keyboard for filling the confidential details to access the web services” (Silver,
2016). The one time password generation method is the most successful method to carry out
the transaction securely.
8

Attacking and protecting password
Prevention method for rainbow attack: “The rainbow table should not be created for the
password. The creation of table requires lot of time and resources so it is not used in real
situation” (Wang, 2013).
Prevention methods for Phishing attacks: The clicking of unknown links should be avoided.
The credentials should not be provided to the unknown person. The emotion should be
controlled with the distribution of fake messages.
Prevention methods for social engineering attacks: “The unknown person should not be
given authority to access the database of the organization in the critical situation also” (Gaw,
2006). The legal obligations should be used for providing authorization of confidential
information to the unknown person.
Authentication methods used for preserving Passwords:
The authentication methods are summarised in the table below:
Authentication method Description
Pass Phrases method It is used for generating the private key for
remembering the strong password
Conventional method The authentication credential of the user
checks with the detail of the user presented in
the database.
Deployment of public key infrastructure “This method is used for avoiding
eavesdropping attacks on the user account.
The public key is used for exchanging
information among the participating unit”
(Kulkarni, 2013).
9

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Attacking and protecting password
Keystroke Dynamic method This method is used for analysing the time
taken to press the keys and the time taken in
pressing the two consecutive keys.
Click pattern “This method is used for generating stronger
passwords by making use of clicking
patterns” (Charathsandran, 2015)
Graphical password The selected objects are used as a password
One time password Generation of one time password is the most
secure method used for carrying the
transaction securely.
Use of Biometrics Biometrics are used for providing
authentication by making use of image of
finger prints, face, retina of the eyes, and
others.
Authentication panels The authentication panel is used for
rectifying the vulnerabilities associated with
the components which are regularly used.
Digital Signature The hash value is created for the digital
signal which is used for accessing the
information.
Conclusion:
The authentication system is used for providing information to the authorised person only.
The analysis of the attack should be carried out before adopting the password prevention
technique for securing the user password which helps in maintaining the confidentiality of the
10

Attacking and protecting password
information which is available on the internet. It should be considered that the short length
password is easy to remember but not secure while working on the internet.
References:
Charathsandran, G. (2015). Text password survey: Transition from first generation to second
generation. Retrieved from http://blogs.ubc.ca/computersecurity/files/2012/04/Text-
Password-Survey_GAYA.pdf
Contini, S. (2015). Methods to protect passwords in databases for web application. Retrieved
from https://eprint.iacr.org/2015/387.pdf
Garg, N. (2013). Revisiting defence against large scale online password guessing attacks.
Retrieved from http://www.ijsrp.org/research-paper-0413/ijsrp-p1627.pdf
Gasti, P. (2014). On the security of password manager database formats. Retrieved from
https://www.cs.ox.ac.uk/files/6487/pwvault.pdf
Gaw, S. (2006). Password management strategies for online account. Retrieved from
https://cups.cs.cmu.edu/soups/2006/proceedings/p44_gaw.pdf
Kulkarni, S. (2015). A survey of password attacks, countermeasures and comparative
analysis of secure authentication methods. Retrieved from
http://www.ijarcsms.com/docs/paper/volume3/issue11/V3I11-0046.pdf
Melicher, W. (2016). Usability and security of text passwords on mobile devices. Retrieved
from https://www.ece.cmu.edu/~lbauer/papers/2016/chi2016-mobile-pwds.pdf
Owens, J. (2008). A study of password and methods used in Brute force attacks. Retrieved
from http://people.clarkson.edu/~owensjp/pubs/leet08.pdf
11

Attacking and protecting password
Pinkas, B. (2015). Security password against dictionary attacks. Retrieved from
http://www.pinkas.net/PAPERS/pwdweb.pdf
Silver, D. (2016). Password manager attack and defence. Retrieved from
https://crypto.stanford.edu/~dabo/papers/pwdmgrBrowser.pdf
Towhidi, F. (2011). The knowledge based authentication attacks. Retrieved from
http://weblidi.info.unlp.edu.ar/worldcomp2011-mirror/SAM8123.pdf
Wang, P. (2013). Strengthening password based authentication protocols against online
dictionary attacks. Retrieved from
https://www.dtc.umn.edu/publications/reports/2005_05.pdf
Wu, T. (2012). A real world analysis of Kerberos password security. Retrieved from
http://www.gnu.org/software/shishi/wu99realworld.pdf
12