Detecting Password File Theft using Predefined Time-Delays between Certain Password Characters
DOI:
https://doi.org/10.26636/jtit.2017.112517Keywords:
access control, intrusion detection systems, network security, password protectionAbstract
This paper presents novel mechanisms that effectively detect password file thefts and at the same time prevent uncovering passwords. The proposed mechanism uses delay between consecutive keystrokes of the password characters. In presented case, a user should not only enter his password correctly during the sign-up process, but also needs to introduce relatively large time gaps between certain password characters. The proposed novel approaches disguise stored passwords by adding a suffix value that helps in detecting password file theft at the first sign-in attempt by an adversary who steals and cracks the hashed password file. Any attempt to login using a real password without adding the time delays in the correct positions may considered as an impersonation attack, i.e. the password file has been stolen and cracked.
Downloads
Downloads
Published
Issue
Section
License
Copyright (c) 2017 Journal of Telecommunications and Information Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.