A Novel Approach to Proactive Password Checking
In this paper we propose a novel approach to strength password-based access control strategies. We describe a proactive password checker which uses a perceptron to decide whether a user’s password is easy-to-guess. The checker is simple and efficient, and it works since easy and hard-to-guess passwords seem to be linearly separable. Experimental results show that the error rates in many cases are close to zero, memory requirements can be quantified in few bytes, and the answers to classification queries are almost immediate. This research opens new directions to investigate on the applicability of neural network techniques to data security environments.
KeywordsData Security Access Control Proactive Password Checking Perceptron Neural Network
Unable to display preview. Download preview PDF.
- 2.R. Beale and T. Jackson, Neural Computing: An Introduction, IOP Publishing Ltd, Institute of Physics, 1990.Google Scholar
- 3.M. Bishop, Proactive Password Checking, in Proceedings of 4thWorkshop on Computer Security Incident Handling, 1992.Google Scholar
- 5.B. Bloom, Space/Time Trade-offs in Hash Coding with Allowable Errors, Communications of ACM, July 1970.Google Scholar
- 6.C. Blundo, P. D’Arco, A. De Santis, and C. Galdi, Hyppocrates: A new Proactive Password Checker, Proocedings of ISC01, Springer-Verlag, LNCS, Vol. 2200, Malaga, October 1–3, 2001.Google Scholar
- 7.C. Davies, and R. Ganesan, Bapasswd: A new proactive password checker. In Proceedings of the 16th National Conference on Computer Security (Baltimore, MD, Sept. 20–23).Google Scholar
- 8.D. Klein, Foiling the Cracker: A Survey of, and Improvements to, Password Security. Proceedings of the Fifth Data Communications Symposium, September 1977.Google Scholar
- 9.A. Muffett, Crack 5.0, USENETNews.Google Scholar
- 10.J. B. Nagle, An obvious password detector. USENETNews.Google Scholar
- 11.E. Spafford, OPUS: Preventing Weak Password Choices in Computers and Security, No. 3, 1992.Google Scholar