Personal Information in Passwords and Its Security

Implications
Dissect user passwords from several leaked datasets to investigate the extent to
which a user’s personal information resides in a password by metric called
Coverage to quantify the correlation between passwords and personal information.

• Methodology
Probabilistic Context-Free Grammars (PCFG) method
• Drawbacks
the effectiveness of the Coverage metric and Personal-PCFG is only validated on a
single website.
• Advantage
distortion functions are effective in defending against personal-information-related
and semantics aware attacks.
Securing Passwords from Dictionary Attack with
Character-Tree
Ensuring security for passwords against dictionary attacks by checking
strength of the user passwords using a dictionary which is stored as a
character tree.
• Methodology
pattern based dictionary attack or improved dictionary attack
• Drawbacks
the possibility for any hacker to perform an attack using an improved pattern
based dictionary file, security of these pattern based passwords can no
longer be guaranteed
• Advantage
safeguard their sensitive information from any improved dictionary attacks
Hiding Solutions in Random Satisfiability
Problems: A Statistical Mechanics Approach
random generators of hard and satisfiable instances for the 3-satisfiability
problem. The design of the hardest problem instances is based on the
existence of a first order ferromagnetic phase transition and the glassy
nature of excited states.
• Methodology
Statistical Mechanics Approach
• Drawbacks
dynamically favored and trap the system for very long times during a
stochastic local search.
• Advantage
analytical predictions are corroborated by numerical results obtained from
complete as well as stochastic local algorithms.
 Argon2: new generation of memory-hard
functions
for password hashing and other applications
Argon2, which is oriented at protection of low-entropy secrets without secret
keys and it provide ASIC- and botnet-resistance by filling the memory in 0.6
cycles per byte in the non-compressible way.
• Methodology
Argon2 is a multi-purpose of hashing schemes
Drawbacks
The instruction waits for prevoius instruction to finish and then is executed,
but meanwhile the next instructions may begin before the value is read.
Advantage
memory-hard function Argon2, which maximizes the ASIC implementation
costs for given CPU computing time.
 Passwords and the Evolution of Imperfect
Authentication
Simplistic models of user and attacker behaviors have led the research
community to emphasize the wrong threats.
• Methodology
strict password-composition policies
• Drawbacks
A random user model often further assumes every password will be
independently chosen
• Advantage
Tackling these novel challenges is important for ensuring published research
is ahead of industry practice, rather than the other way around.
Advances in Topological Vulnerability Analysis
the network vulnerabilities and potential attacker exploits attack paths that
convey the impact of individual and combined vulnerabilities on overall
security. Sophisticated attack graph visualizations, with high-level overviews
and detail drilldown.
• Methodology
Topological Vulnerability Analysis (TVA) approach
• Drawbacks
attack graph generation based on explicit enumeration of attack states,
which has serious scalability problems
• Advantage
employ efficient algorithms that scale well to larger networks.
Secure Applications of Low-Entropy Keys
notion of key stretching, a mechanism to convert short s-bit keys into longer
keys, such that the complexity required to brute-force search a s + t-bit
keyspace is the same as the time required to brute-force search a s-bit key
stretched by t bits.
• Methodology
key-stretching algorithm
• Drawbacks
Optimizations that are not available or useful to an ordinary user, but that
make an attacker's job easier.
• Advantage
• method of increasing the difficulty of trying all possible values for some
low-entropy variable.
A password stretching method using user
specific salts
password stretching algorithms, the complexity of a pre-computation attack
increases by 108 times and the storage required to store the pre-computation
result increases by 108 times.
• Methodology
• password stretching method
• Drawbacks
An attacker can obtain Klong from a faked site or a site with weak security and get a
weak password from Klong using a rainbow table, pre-computation results of all
possible weak passwords.
• Advantage
creates a strong password from a weak password and provides protection against a
pre-computation attack.
One-time password authentication scheme
based on the negative database

• Methodology
security technique called negative databases (NDBs)
• Drawbacks
the size of the compressed NDB could be much smaller than the size of
the exact complementary set of the DB.
• Advantage
NDB can be added to other authentication schemes as an extra layer to
further improve security.
Dynamic Salt Generation and Placement for
Secure Password Storing
a method that helps to generate and place a salt value into a password
dynamically, it will become more tolerant to the attack, which makes it more
difficult to compromise.
• Methodology
salt sizes algorithm
• Drawbacks
randomness was not the factor affecting the strength or the quality of the
passwords
• Advantage
generate salt values and place them at appropriate positions so that the
passwords become more tolerant to an attack via rainbow table.