Password-Based Authentication: Preventing Dictionary Attacks

Saikat Chakrabarti; Mukesh Singhal

doi:10.1109/mc.2007.216

Strengthening Password-Based Authentication Protocols Against Online Dictionary Attacks

Applied Cryptography and Network Security - Lecture Notes in Computer Science ◽

10.1007/11496137_2 ◽

2005 ◽

pp. 17-32 ◽

Cited By ~ 3

Author(s):

Peng Wang ◽

Yongdae Kim ◽

Vishal Kher ◽

Taekyoung Kwon

Keyword(s):

Authentication Protocols ◽

Password Based Authentication ◽

Dictionary Attacks

Download Full-text

Chaos Between Password-Based Authentication Protocol and Dictionary Attacks

Advanced Science Letters ◽

10.1166/asl.2013.4864 ◽

2013 ◽

Vol 19 (3) ◽

pp. 1048-1051 ◽

Cited By ~ 2

Author(s):

Kuo-Hui Yeh ◽

N. W. Lo ◽

Tien-Ruey Hsiang ◽

Yi-Chun Wei ◽

Hung-Yi Hsieh

Keyword(s):

Authentication Protocol ◽

Password Based Authentication ◽

Dictionary Attacks

Download Full-text

Password-Based Authentication Protocol for Secret-Sharing-Based Multiparty Computation

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e101.a.51 ◽

2018 ◽

Vol E101.A (1) ◽

pp. 51-63 ◽

Cited By ~ 1

Author(s):

Ryo KIKUCHI ◽

Koji CHIDA ◽

Dai IKARASHI ◽

Koki HAMADA

Keyword(s):

Secret Sharing ◽

Authentication Protocol ◽

Multiparty Computation ◽

Password Based Authentication

Download Full-text

An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards

International Journal of Communication Systems ◽

10.1002/dac.2848 ◽

2014 ◽

Vol 29 (13) ◽

pp. 1956-1967 ◽

Cited By ~ 21

Author(s):

Mohammad Sabzinejad Farash ◽

Mahmoud Ahmadian Attari

Keyword(s):

Session Initiation Protocol ◽

Smart Cards ◽

Authentication Scheme ◽

Password Based Authentication

Download Full-text

Password-Based Authentication

Authentication and Access Control ◽

10.1007/978-1-4842-6570-3_4 ◽

2020 ◽

pp. 71-105

Author(s):

Sirapat Boonkrong

Keyword(s):

Password Based Authentication

Download Full-text

SSID Oracle Attack on Undisclosed Wi-Fi Preferred Network Lists

Wireless Communications and Mobile Computing ◽

10.1155/2018/5153265 ◽

2018 ◽

Vol 2018 ◽

pp. 1-15 ◽

Cited By ~ 2

Author(s):

Ante Dagelić ◽

Toni Perković ◽

Bojan Vujatović ◽

Mario Čagalj

Keyword(s):

Location Privacy ◽

Real Life ◽

User Mobility ◽

Window Of Opportunity ◽

Privacy Concerns ◽

Private Location ◽

Life Tests ◽

Active Attacks ◽

Recommender Algorithm ◽

Dictionary Attacks

User’s location privacy concerns have been further raised by today’s Wi-Fi technology omnipresence. Preferred Network Lists (PNLs) are a particularly interesting source of private location information, as devices are storing a list of previously used hotspots. Privacy implications of a disclosed PNL have been covered by numerous papers, mostly focusing on passive monitoring attacks. Nowadays, however, more and more devices no longer transmit their PNL in clear, thus mitigating passive attacks. Hidden PNLs are still vulnerable against active attacks whereby an attacker mounts a fake SSID hotspot set to one likely contained within targeted PNL. If the targeted device has this SSID in the corresponding PNL, it will automatically initiate a connection with the fake hotspot thus disclosing this information to the attacker. By iterating through different SSIDs (from a predefined dictionary) the attacker can eventually reveal a big part of the hidden PNL. Considering user mobility, executing active attacks usually has to be done within a short opportunity window, while targeting nontrivial SSIDs from user’s PNL. The existing work on active attacks against hidden PNLs often neglects both of these challenges. In this paper we propose a simple mathematical model for analyzing active SSID dictionary attacks, allowing us to optimize the effectiveness of the attack under the above constraints (limited window of opportunity and targeting nontrivial SSIDs). Additionally, we showcase an example method for building an effective SSID dictionary using top-N recommender algorithm and validate our model through simulations and extensive real-life tests.

Download Full-text