The Experts below are selected from a list of 45 Experts worldwide ranked by ideXlab platform
Nevenko Zunic - One of the best experts on this subject based on the ideXlab platform.
-
Methods for Protecting Password Transmission
Computers & Security, 2000Co-Authors: Mohammad Peyravian, Nevenko ZunicAbstract:In this paper, we present a secure method for Protecting Passwords while being transmitted over untrusted networks. We also present a secure method for changing an old Password to a new Password. The proposed solutions do not require the use of any additional keys (such as symmetric keys or public/private keys) to Protect Password exchanges. Unlike existing solutions, the proposed schemes do not use any symmetric-key or public-key cryptosystems (such as DES, RC5, RSA, etc.). Our schemes only employ a collision-resistant hash function such as SHA-1.
Eugene Spafford - One of the best experts on this subject based on the ideXlab platform.
-
A Hypergame Analysis for ErsatzPasswords
2018Co-Authors: Christopher Gutierrez, Mohammed Almeshekah, Saurabh Bagchi, Eugene SpaffordAbstract:A hypergame is a game theoretic model capturing the decisions of rational players in a conflict where misperceptions, from deception or information asymmetry, are present. We demonstrate how hypergames can model an actual security mechanism: ErsatzPassword, a defense mechanism to Protect Password hashes from offline brute-force attacks. Two ErsatzPassword defensive strategies are considered: to block the attacker and trigger an alarm, or to redirect the attacker into a honeynet for attack analysis. We consider the scenario where there is information asymmetry in the system and one side under-estimates or over-estimates the risk tolerance of the other side. We analyze plausible strategies for both attacker and defender and then solve 57,600 hypergame configurations to determine the optimal 1st line defense strategies under various levels of risk tolerance and misperceptions.
-
SEC - A Hypergame Analysis for ErsatzPasswords
ICT Systems Security and Privacy Protection, 2018Co-Authors: Gutierrez Christopher, Mohammed Almeshekah, Saurabh Bagchi, Eugene SpaffordAbstract:A hypergame is a game theoretic model capturing the decisions of rational players in a conflict where misperceptions, from deception or information asymmetry, are present. We demonstrate how hypergames can model an actual security mechanism: ErsatzPassword, a defense mechanism to Protect Password hashes from offline brute-force attacks. Two ErsatzPassword defensive strategies are considered: to block the attacker and trigger an alarm, or to redirect the attacker into a honeynet for attack analysis. We consider the scenario where there is information asymmetry in the system and one side under-estimates or over-estimates the risk tolerance of the other side. We analyze plausible strategies for both attacker and defender and then solve 57,600 hypergame configurations to determine the optimal 1st line defense strategies under various levels of risk tolerance and misperceptions.
Anis Shobirin Abdullah Sani - One of the best experts on this subject based on the ideXlab platform.
-
Directional Based Graphical Authentication Method with Shoulder Surfing Resistant
2018 IEEE Conference on Systems Process and Control (ICSPC), 2018Co-Authors: Noor Ashitah Abu Othman, Muhammad Akmal Abdul Rahman, Anis Shobirin Abdullah SaniAbstract:Authentication has been advanced by implying advancement in security such as cryptography to Protect Password against data leaking and sniffing; captcha to prevent robot system; Secure Sockets Layer designed to Protect users against phishing website and many other solution invented for different types of vulnerabilities. Although there are other methods suggested for preventing shoulder surfing (i.e. exposure of Password to nearby observing-person), the techniques still have some drawback. Some of the proposed techniques also required high computational process with high range of possible answer. This paper proposed a shoulder-surfing-proof graphical based authentication with direction scheme that combines technique adapted from Passfaces scheme and a selection of direction. User is required to choose four faces and one direction to serve as the secret authentication. Besides shoulder surfing, the proposed method also caters security in data transmission storage as hashing is applied along the communication. This technique has been proven to demonstrate the robustness, security strength and the functionality advantages of the system. The result from the security testing shows that image based Passwords is more secure because the possibility of the image to be guessed is very low.
Mohammad Peyravian - One of the best experts on this subject based on the ideXlab platform.
-
Methods for Protecting Password Transmission
Computers & Security, 2000Co-Authors: Mohammad Peyravian, Nevenko ZunicAbstract:In this paper, we present a secure method for Protecting Passwords while being transmitted over untrusted networks. We also present a secure method for changing an old Password to a new Password. The proposed solutions do not require the use of any additional keys (such as symmetric keys or public/private keys) to Protect Password exchanges. Unlike existing solutions, the proposed schemes do not use any symmetric-key or public-key cryptosystems (such as DES, RC5, RSA, etc.). Our schemes only employ a collision-resistant hash function such as SHA-1.
Noor Ashitah Abu Othman - One of the best experts on this subject based on the ideXlab platform.
-
Directional Based Graphical Authentication Method with Shoulder Surfing Resistant
2018 IEEE Conference on Systems Process and Control (ICSPC), 2018Co-Authors: Noor Ashitah Abu Othman, Muhammad Akmal Abdul Rahman, Anis Shobirin Abdullah SaniAbstract:Authentication has been advanced by implying advancement in security such as cryptography to Protect Password against data leaking and sniffing; captcha to prevent robot system; Secure Sockets Layer designed to Protect users against phishing website and many other solution invented for different types of vulnerabilities. Although there are other methods suggested for preventing shoulder surfing (i.e. exposure of Password to nearby observing-person), the techniques still have some drawback. Some of the proposed techniques also required high computational process with high range of possible answer. This paper proposed a shoulder-surfing-proof graphical based authentication with direction scheme that combines technique adapted from Passfaces scheme and a selection of direction. User is required to choose four faces and one direction to serve as the secret authentication. Besides shoulder surfing, the proposed method also caters security in data transmission storage as hashing is applied along the communication. This technique has been proven to demonstrate the robustness, security strength and the functionality advantages of the system. The result from the security testing shows that image based Passwords is more secure because the possibility of the image to be guessed is very low.
