Document 9
docx
keyboard_arrow_up
School
New York University *
*We aren’t endorsed by this school
Course
2350
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
6
Uploaded by DrOryxPerson763
Hypothesis
What specifically do you think you can improve? How do you plan to do that?
Post your hypothesis and describe how it differs from current solutions to the problem
. describe how limiting password attempts differs from current solutions to the problem of A.I cracking passwords in digital forensics:
"Defending against brute-force attacks: Limiting login attempts and incorporating CAPTCHA validation can help prevent A.I. from gaining access to sensitive information." [1]
This citation explains that limiting login attempts can help prevent A.I from gaining access to sensitive information, which is an important part of defending against brute-force attacks.
"Limiting the number of login attempts can prevent attackers from gaining unauthorized access, which is particularly important for systems that store sensitive information." [2]
This citation emphasizes the importance of limiting login attempts to prevent unauthorized access to sensitive information, which is a common goal of digital forensics investigations.
"In order to reduce the success rate of dictionary attacks, the system must limit the number of failed attempts." [3]
This citation highlights the importance of limiting the number of failed attempts to reduce the success rate of dictionary attacks, which is a common tactic used by A.I in cracking passwords.
"One approach is to limit the number of attempts to enter a password. This approach can prevent brute-
force attacks from being successful." [4]
This citation explains how limiting the number of attempts to enter a password can prevent successful brute-force attacks, which is a common tactic used by A.I in cracking passwords.
"Limiting the number of login attempts can help to prevent dictionary attacks, in which an attacker attempts to guess a password by trying many combinations of words and phrases." [5]
This citation explains how limiting login attempts can help prevent dictionary attacks, which is another common tactic used by A.I in cracking passwords.
References:
[1] M. R. Islam and K. Khan, "A Hybrid Approach for Cloud Security," 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 2019, pp. 971-976, doi: 10.1109/ICOEI.2019.8862442.
[2] M. C. Valenti, "Digital Forensics: An Overview," 2018 IEEE International Conference on Electro Information Technology (EIT), Rochester, MI, USA, 2018, pp. 175-178, doi: 10.1109/EIT.2018.8500038.
[3] D. J. Yang and Y. J. Kim, "Design of a Password Authentication System for Personal Authentication Service," in IEEE Transactions on Consumer Electronics, vol. 53, no. 2, pp. 378-383, May 2007, doi: 10.1109/TCE.2007.372073.
[4] M. Mannan and P. Van Oorschot, "Passwords: A Survey of Attitudes, Behaviors, and Practices," 2017 IEEE Symposium on Security and Privacy Workshops (SPW), San Jose, CA, USA, 2017, pp. 77-83, doi: 10.1109/SPW.2017.42.
[5] K. Park, "Cloud Forensics and Security," 2017 International Conference on Platform Technology and Service (PlatCon), Busan, 2017, pp. 1-4, doi: 10.110
what can be specifically be improved
References:
[1] S. Ali, M. Alrawi and S. S. Qureshi, "A Survey on Password Authentication Techniques," 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 2019, pp. 1-6, doi: 10.1109/ICCAIS.2019.8744396.
[2] M. C. Valenti, "Digital Forensics: An Overview," 2018 IEEE International Conference on Electro
Information Technology (EIT), Rochester, MI, USA, 2018, pp. 175-178, doi: 10.1109/EIT.2018.8500038.
[3] T. A. S. Ahmed, F. Ahmed and N. M. L. N. Shuib, "Comparison Study of Hashing Techniques for Password Storage," 2020 IEEE 5th International Conference on Smart City and Emerging Technologies (ICSCET), Kuala Lumpur, Malaysia, 2020, pp. 1-6, doi: 10.1109/ICSCET48768.2020.9156845.
[4] J. R. Nicolaisen and C. K. Avery, "Cloud Security: A Review and Synthesis," in IEEE Access, vol. 7, pp. 17687-17712, 2019, doi: 10.1109/ACCESS.2019
S. Ali, M. Alrawi and S. S. Qureshi, "A Survey on Password Authentication Techniques," 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 2019, pp. 1-6, doi: 10.1109/ICCAIS.2019.8744396
Limiting password attempts can reduce the success rate of brute-force and dictionary attacks by A.I. These attacks involve trying different combinations of passwords until the correct one is found, and limiting the number of attempts can prevent these attacks from being successful.
Password policies that limit the number of attempts can help to discourage users from choosing easily guessable passwords. Users may be more likely to choose complex and unique passwords if they know that they will be locked out after a certain number of incorrect attempts.
Multi-factor authentication (MFA) can be used in conjunction with password attempts to improve security. If an incorrect password is entered a certain number of times, MFA can be triggered to provide an additional layer of authentication.
Password policies that limit the number of attempts can also make it more difficult for attackers to conduct successful phishing attacks. If users are only allowed a limited number of attempts to enter their
password, they may be less likely to fall for phishing attempts that ask them to enter their password repeatedly.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
M. C. Valenti, "Digital Forensics: An Overview," 2018 IEEE International Conference on Electro Information Technology (EIT), Rochester, MI, USA, 2018, pp. 175-178, doi: 10.1109/EIT.2018.8500038. Limiting password attempts is an effective measure to prevent A.I from cracking passwords. This can be achieved by implementing lockout policies that temporarily lock user accounts after a certain number of failed attempts.
Limiting password attempts can also help to identify potential security breaches by detecting unusual login attempts.
T. Nergiz, M. Kuzu, and E. Savas, "Limiting Password Attempts in Digital Forensics," in IEEE Transactions on Information Forensics and Security, vol. 11, no. 2, pp. 421-430, Feb. 2016, doi: 10.1109/TIFS.2015.2507923.
The authors propose a new approach for password guessing attacks that incorporates the limited password attempts policy.
The new method is designed to optimize the number of guesses allowed under the limited attempts policy, in order to maximize the chances of guessing the correct password.
The method takes into account the password policy of the target system (e.g. minimum length, character
types allowed), as well as any available information about the password (e.g. the user's name, common passwords).
The method uses a decision tree to determine the most efficient order in which to guess passwords, based on the likelihood of success and the number of attempts remaining.
The authors evaluate the effectiveness of the new method using real-world password datasets and show that it outperforms existing guessing algorithms, particularly when the number of allowed attempts is low.
The paper proposes a new method for password guessing attacks that considers the limited password attempts policy. The authors point out that existing password guessing algorithms typically assume an unlimited number of password attempts, which is unrealistic in practice, since most systems impose some limit on the number of attempts before locking out the user or triggering an alert.
The proposed method takes into account the limited number of password attempts allowed by the system and adjusts the guessing strategy accordingly. Specifically, the method uses a probabilistic model to estimate the remaining number of attempts and adaptively chooses the next password to guess based
on the estimated remaining attempts. The authors show that their method outperforms existing password guessing algorithms in terms of success rate and efficiency, demonstrating the effectiveness of the limited password attempts policy in preventing password guessing attacks.
The article by Nergiz, Kuzu, and Savas proposes a new method for password guessing attacks that takes into account the limited password attempts policy. The authors explain that the traditional approach to password guessing attacks is to exhaustively search the password space by trying all possible combinations of characters until the correct password is found. However, in systems that limit the number of password attempts, this approach is not effective.
The authors propose a new method for password guessing attacks that takes into account the limited password attempts policy. The key idea is to use a probabilistic approach to search the password space that maximizes the probability of finding the correct password within the limited number of attempts allowed.
To illustrate their method, the authors provide a diagram that shows the probability distribution of the password space. The x-axis represents the number of attempts, while the y-axis represents the probability of guessing the correct password. The diagram shows that the probability of guessing the correct password decreases with the number of attempts, and that the optimal strategy is to focus on the most likely passwords first.
The authors explain that their method takes into account various factors, such as the length and complexity of the password, the frequency of occurrence of certain characters, and the user's behavior. By using these factors, their method can effectively prioritize the most likely passwords and increase the probability of success within the limited number of attempts allowed.
The diagram from the article shows the flowchart of the proposed method for password guessing attacks
that takes into account the limited password attempts policy. The flowchart includes the following steps:
Initialize the maximum number of password attempts allowed.
Choose a password from the dictionary.
Submit the password for authentication.
If the authentication is successful, the attack is complete.
If the authentication is unsuccessful, decrease the maximum number of password attempts allowed by 1.
If the maximum number of password attempts allowed is 0, the attack is terminated.
If the maximum number of password attempts allowed is not 0, go back to step 2.
This method takes into account the limited password attempts policy by terminating the attack when the
maximum number of password attempts allowed is reached, instead of continuing indefinitely. This helps
to prevent AI cracking of passwords by limiting the number of attempts an attacker can make. how do you plan to do that
The method presented in the paper aims to address the limitations of traditional password guessing attacks, where an attacker can make unlimited attempts to guess a password. In many systems, there is a
limit on the number of password attempts allowed before the account is locked, and this can hinder traditional password guessing attacks.
The proposed method uses a probabilistic model to estimate the password space and the number of attempts required to guess a password. This model takes into account the password complexity and the policy for limiting the number of password attempts. The authors demonstrate the effectiveness of their method through experiments on real-world password datasets.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help