Title:
A diversity-based framework for dynamic password policy generation
A diversity-based framework for dynamic password policy generation
Authors
Yang, Shukun
Authors
Advisors
Beyah, Raheem A.
Advisors
Person
Associated Organizations
Organizational Unit
Organizational Unit
Series
Collections
Supplementary to
Permanent Link
Abstract
To keep password users from creating simple and common passwords, major
websites and applications provide a password-strength measure, namely a password
checker that displays instant password strength ratings in levels e.g., “strong”, “moderate”, and “weak”. While critical requirements for a password checker to be stringent have prevailed in the study of password security, we find that regardless of the stringency, such static checkers can leak information and actually help the adversary enhance the performance of their attacks. To address this weakness, we propose and devise the Dynamic Password Policy Generator, namely DPPG, to be an effective and
usable alternative to the existing password strength checker. DPPG aims to enforce
an evenly-distributed password space and generate dynamic policies for users to create passwords that are diverse and contribute to the overall security of the password database. Since DPPG is modular and can function with different underlying metrics for policy generation, we further introduce a diversity-based password security metric that evaluates the security of a password database in terms of password space and distribution. The metric is useful as a countermeasure to well-crafted offline cracking
algorithms and theoretically illustrates why DPPG works well.
Sponsor
Date Issued
2016-04-27
Extent
Resource Type
Text
Resource Subtype
Thesis