Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots

2021-8-19
Aydın, Kıvanç
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion of ICT for the past several decades. Recently, almost 70% percent of cyber attacks target user credentials. This study investigates password attacks from the attacker's perspective by using ten honeypot systems that run mock SSH services. The focus of the analysis is the efficiency of the blacklisting approach against password attacks, and the analysis of the attitudes of attackers as recorded in log files. The relationship between the passwords used in the attacks and the local language of the target country was also investigated using a language identification model.

Suggestions

Graphical Passwords as Browser Extension: Implementation and Usability Study
BIÇAKCI, KEMAL; Yuceel, Mustafa; Erdeniz, Burak; Gurbaslar, Hakan; ATALAY, NART BEDİN (2009-06-19)
Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user-friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical pas...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
The role of visual coherence in graphical passwords
Özge, Alaçam; Christopher, Habel; Acartürk, Cengiz (null; 2013-08-31)
Graphical password is an alternative method of authentication to alphanumerical passwords. From theperspectiveof research on human memory, it is yet another novel technology that introduces challenges on human memory components. In this study, we aim to investigatethe previousfindings in human visual memory in the domain ofgraphical passwords by analyzingthe role ofvisual coherence in passwords. The results of an experimental studyreveal that in terms of memorability, co...
Uses of PKI for process authorization
Taşkazan, Feyza; Özgit, Attila; Erten, Murat; Department of Computer Engineering (2003)
Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authoriz...
Security of certificate-based protocols: focus on server authentication
Baran, Selim; Özbudak, Ferruh; Selçuk, Ali Aydın; Department of Cryptography (2015)
Today, secure communication channels are mostly set up via certificate-based protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Although they have been used for years and in so many areas, from e-commerce and internet banking to secure channel needs in military, there have been several attacks on their security model, which forced researchers to make studies on them. In this thesis, we will explain their security model, the vulnerabilities discovered so far, the precautions fo...
Citation Formats
K. Aydın, “Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots,” M.S. - Master of Science, Middle East Technical University, 2021.