A CASE STUDY OF THE WEAKNESS OF FRESHMEN CHOSEN PASSWORD FOR ACADEMIC INFORMATION SYSTEM
DOI:
https://doi.org/10.11113/jt.v77.6677Keywords:
Dictionary attack, brute forced, password, academic information systemAbstract
In the last decades, some extensive research explored new algorithms and protocols how to secure data or user information using password and username. There are new methods such as biometrics. The drawback of this method is that it needs other hardware or device. On the other hand, the username and password combination to authenticate user identity has been widely used because cheap and user-friendly. The latter method has some weakness such as dictionary attack, brute force or other method. The purpose of this research to find out the weakness of freshmen chosen password to protect their identity in the Academic Information System. The experiment is done in a public university in Indonesia. This research carried on around 12 faculties and 102 departments. The freshmen at this university is around 6499 students. The sampling method is population, so that all the freshmen student account investigated. The first scenario is to find out how many students use the same password as username. The second scenario is a dictionary attack on some freshmen account that cannot be found on the first scenario. The result of this experiment about 60% to 75% of freshmen’s password in each faculty can be guessed because the students used the same username and password. Other method used in this research has been revealed more password from freshmen. Â
References
G. Stocksdale, “Glossary of Security Terms,†SANS Institute Resources, http://www.sans.org/security-resources/glossary-of-terms/
Gorman, L. O. 2003. Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE. 91(12): 2021-2040.
Morris, Robert, and Ken Thompson. 1979. Password security: A case history. Communications of the ACM. 22(11): 594-597.
Luo, Hui, and Paul Henry. 2003. A common password method for protection of multiple accounts." In Personal, Indoor and Mobile Radio Communications. PIMRC 2003. 14th IEEE Proceedings. 3: 2749-2754.
Yang, Yanjiang, Robert H. Deng, and Feng Bao. 2006. A practical password-based two-server authentication and key exchange system. Dependable and Secure Computing, IEEE Transactions on. 3(2): 105-114.
Van Der Horst, Timothy W., and Kent E. Seamons. 2008. pwdArmor: Protecting Conventional Password-Based Authentications. In Computer Security Applications Conference,. ACSAC 2008. Annual. 443-452.
M. Bishop, D. V. Klein. 1995. Improving system security via proactive password checking. Computers and Security. 143: 233-249.
Khan, Hafiz Zahid Ullah. 2010. Comparative Study Of Authentication Techniques. International Journal of Video & Image Processing and Network Security IJVIPNS 10( 04).
Narayanan, Arvind, and Vitaly Shmatikov. 2005. Fast dictionary attacks on passwords using time-space tradeoff. In Proceedings Of The 12th ACM Conference On Computer And Communications Security. 364-372. ACM.
Riley, Shannon. 2006. Password security: What users know and what they actually do. Usability News. 8 (1): 2833-2836.
Dell'Amico, Matteo, Pietro Michiardi, and Yves Roudier. 2010. Password strength: An empirical analysis. In INFOCOM, 2010 Proceedings IEEE. 1-9.
Kuo, Cynthia, Sasha Romanosky, and Lorrie Faith Cranor. 2006. Human selection of mnemonic phrase-based passwords. In Proceedings Of The Second Symposium On Usable Privacy And Security. 67-78.
Klein, Daniel V. 1990. Foiling the cracker: A survey of, and improvements to, password security. In Proceedings of the 2nd USENIX Security Workshop. 5-14.
Oechslin, Philippe. 2003. Making a faster cryptanalytic time-memory trade-off. InAdvances in Cryptology-CRYPTO. 617-630.
Hellman, Martin E. 1980. A cryptanalytic time-memory trade-off. Information Theory, IEEE Transactions on 26(4): 401-406.
Ding, Yun, and Patrick Horster. 1995. Undetectable on-line password guessing attacks." ACM SIGOPS Operating Systems Review. 29(4): 77-86.
Halevi, Shai, and Hugo Krawczyk. 1999. Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC). 2(3): 230-268.
Goyal, Vipul, Virendra Kumar, Mayank Singh, Ajith Abraham, and Sugata Sanyal. 2005. CompChall: addressing password guessing attacks. In Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on IEEE. 1: 739-744.
Pinkas, Benny and Tomas Sander. 2002. Securing passwords against dictionary attacks. In Proceedings Of The 9th ACM Conference On Computer And Communications Security. 161-170
Downloads
Published
Issue
Section
License
Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.