This website requires JavaScript.

Bernoulli honeywords

Ke Coby WangMichael K. Reiter
Dec 2022
摘要
Decoy passwords, or ``honeywords,'' planted in a credential database canalert a site to its breach if ever submitted in a login attempt. To beeffective, some honeywords must appear at least as likely to be user-chosenpasswords as the real ones, and honeywords must be very difficult to guesswithout having breached the database, to prevent false breach alarms. Thesegoals have proved elusive, however, for heuristic honeyword generationalgorithms. In this paper we explore an alternative strategy in which thedefender treats honeyword selection as a Bernoulli process in which eachpossible password (except the user-chosen one) is selected as a honeywordindependently with some fixed probability. We show how Bernoulli honeywords canbe integrated into two existing system designs for leveraging honeywords: onebased on a honeychecker that stores the secret index of the user-chosenpassword in the list of account passwords, and another that does not leveragesecret state at all. We show that Bernoulli honeywords enable analyticderivation of false breach-detection probabilities irrespective of whatinformation the attacker gathers about the sites' users; that their true andfalse breach-detection probabilities demonstrate compelling efficacy; and thatBernoulli honeywords can even enable performance improvements in modernhoneyword system designs.
展开全部
图表提取

暂无人提供速读十问回答

论文十问由沈向洋博士提出,鼓励大家带着这十个问题去阅读论文,用有用的信息构建认知模型。写出自己的十问回答,还有机会在当前页面展示哦。

Q1论文试图解决什么问题?
Q2这是否是一个新的问题?
Q3这篇文章要验证一个什么科学假设?
0
被引用
笔记
问答