Detecting Password File Theft using Predefined Time-Delays between Certain Password Characters

Authors

  • Khaled Walid Mahmoud
  • Khalid Mansour
  • Alaa Makableh

DOI:

https://doi.org/10.26636/jtit.2017.112517

Keywords:

access control, intrusion detection systems, network security, password protection

Abstract

This paper presents novel mechanisms that effectively detect password file thefts and at the same time prevent uncovering passwords. The proposed mechanism uses delay between consecutive keystrokes of the password characters. In presented case, a user should not only enter his password correctly during the sign-up process, but also needs to introduce relatively large time gaps between certain password characters. The proposed novel approaches disguise stored passwords by adding a suffix value that helps in detecting password file theft at the first sign-in attempt by an adversary who steals and cracks the hashed password file. Any attempt to login using a real password without adding the time delays in the correct positions may considered as an impersonation attack, i.e. the password file has been stolen and cracked.

Downloads

Download data is not yet available.

Downloads

Published

2017-12-30

Issue

Section

ARTICLES FROM THIS ISSUE

How to Cite

[1]
K. W. Mahmoud, K. Mansour, and A. Makableh, “Detecting Password File Theft using Predefined Time-Delays between Certain Password Characters”, JTIT, vol. 70, no. 4, pp. 101–108, Dec. 2017, doi: 10.26636/jtit.2017.112517.