CFP last date
22 April 2024
Call for Paper
May Edition
IJCA solicits high quality original research papers for the upcoming May edition of the journal. The last date of research paper submission is 22 April 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Achieving Security using Honeyword

by Shubham Kute, Vrushali Thite, Sharmila Chopade
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 180 - Number 49
Year of Publication: 2018
Authors: Shubham Kute, Vrushali Thite, Sharmila Chopade
10.5120/ijca2018917333

Shubham Kute, Vrushali Thite, Sharmila Chopade . Achieving Security using Honeyword. International Journal of Computer Applications. 180, 49 ( Jun 2018), 43-47. DOI=10.5120/ijca2018917333

@article{ 10.5120/ijca2018917333,
author = { Shubham Kute, Vrushali Thite, Sharmila Chopade },
title = { Achieving Security using Honeyword },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2018 },
volume = { 180 },
number = { 49 },
month = { Jun },
year = { 2018 },
issn = { 0975-8887 },
pages = { 43-47 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume180/number49/29572-2018917333/ },
doi = { 10.5120/ijca2018917333 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:04:04.052726+05:30
%A Shubham Kute
%A Vrushali Thite
%A Sharmila Chopade
%T Achieving Security using Honeyword
%J International Journal of Computer Applications
%@ 0975-8887
%V 180
%N 49
%P 43-47
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

An expose of the password file is a serious security problem. The research shows that system uses encrypted form to store the original password. Jewels and Rivest proposed “Honeyword” to detect attacks against the hashed password database. Authorized password is stored with several honeywords for every user. The attacker who has stolen hash password file cannot be sure whether it is the real password or a Honeyword for an account, even if honeyword is selected properly. Entering a Honeyword to login will notify the administrator by sending the message about the breach of the password file. As the admin receives the message of the breach, the IP gets blocked for a particular time and also tries to find the location of the IP address. For the generation and encryption of the Honeyword, two encryption techniques are used such as the Salt method for encryption and “sha256” algorithm. Although the approach selects the honeywords from existing user passwords in the system.

References
  1. D. Florencio and C. Herley, 2007, "A large-scale study of web password habits”, pp. 657–666.
  2. C. Herley and D. Florencio, 2008, ,"Protection financial institutions from brute-force attacks", in Proc.23rd Int. Inform. Security Conf., pp. 681-685.
  3. M. Weir, S. Aggarwal, B. de Mederios and B. Glodek, 2009, "Password cracking using probabilistic context-free grammars", in Proc. 30th IEEE symp. Security Privacy, pp. 391-405.
  4. P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, and J. Lopez, 2012, “Guess again (and gain and again): Measuring password strength by simulating Password-cracking algorithms”, in Proc. IEEE Symp. Security, Privacy, pp. 523–537.
  5. A. Juels and R. L. Rivests, 2013, “Honeywords: Making password cracking detectable”, in Proc. ACM SIGSAC Conf. Comput. Commun. Security, pp. 145–160.
  6. K. Brown, 22,Nov.2013, “The dangers of weak hashes”, SANS Institute InfoSec Reading Room, Maryland US,pp.1–22,Nov.2013 [Online].Available:http://www.sans.org/reading room/whitepapers/authentication/dangers-weak-hashes-34412.
  7. M. H. Almeshekah, E. H. Spafford, and M. J. Atallah, 2013, "Improving security using deception”, Center for Education and Research Information Assurance and Security, Purdue Univ., West Lafayette, IN, USA: Tech. Rep. CERIAS Tech. Rep. 2013-13, 2013.
  8. Z. A. Genc, S. Kardas, and M. S. Kiraz, 2013 , “Examination of a new defense mechanism: Honeywords”, IACR Cryptology ePrint Archive, Report 2013/696, 2013.
  9. A. Pathak, , 2014, "An analysis of various tools, methods and systems to generate fake account for social media", Ph. D. dissertation, Northeastern University Boston, Boston, MA, USA, 2014.
  10. Imran Ergular, 2016, "Achiving Flatness: Selecting the Honeywords from Existing User Passwords", IEEE TRANSACTION ON DEPENDABLE AND SECURE COMPUTING, VOL.13, NO.2, MARCH/APRIL 2016.
  11. Prof. S.P.Khedkar, Bhavana Bachhav, Pratiksha Parsewar, Rakshanda Tirmal, 2016, " Achieving Flatness by Selecting the Honey words from Existing User Passwords", International Journal of Engineering Science and Computing, May 2016.
Index Terms

Computer Science
Information Sciences

Keywords

Authentication Cryptography Honeypot Password-cracking.

Powered by PhDFocusTM