Honeyword-based Authentication Techniques for Protecting Passwords: A Survey-Reference-Cited by-同舟云学术

Honeyword-based Authentication Techniques for Protecting Passwords: A Survey

Published:2022-12-28 Issue:8 Volume:55 Page:1-37
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Chakraborty Nilesh¹^ORCID,Li Jianqiang¹^ORCID,Leung Victor C. M.¹^ORCID,Mondal Samrat²^ORCID,Pan Yi³^ORCID,Luo Chengwen¹^ORCID,Mukherjee Mithun⁴^ORCID

Affiliation:

1. College of Computer Science and Software Engineering, Shenzhen University, Nanshan, Shenzhen, Guangdong, China

2. Department of Computer Science, Indian Institute of Technology Patna, Dist. Bhita, Patna, India

3. Department of Computer Science, Georgia State University, Georgia, Atlanta, USA

4. School of Artificial Intelligence, Nanjing University of Information Science and Technology, Nanjing, China

Abstract

Honeyword (or decoy password) based authentication, first introduced by Juels and Rivest in 2013, has emerged as a security mechanism that can provide security against server-side threats on the password-files. From the theoretical perspective, this security mechanism reduces attackers’ efficiency to a great extent as it detects the threat on a password-file so that the system administrator can be notified almost immediately as an attacker tries to take advantage of the compromised file. This paper aims to present a comprehensive survey of the relevant research and technological developments in honeyword-based authentication techniques. We cover twenty-three techniques related to honeyword, reported under different research articles since 2013. This survey paper helps the readers to (i) understand how honeyword based security mechanism works in practice, (ii) get a comparative view on the existing honeyword based techniques, and (iii) identify the existing gaps that have yet to be filled and the emergent research opportunities.

Funder

National Science Foundation of China

Natural Science Foundation of Guangdong Province

Stable Support Plan for Higher Education Institutions in Shenzhen

Technology Planning Project of Shenzhen City

Guangdong Pearl River Talent Recruitment Program

Guangdong Pearl River Talent Plan

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3552431

Reference85 articles.

1. Oleg Afonin. 2016. Building a Distributed Network in the Cloud: Using Amazon EC2 to Break Passwords. https://blog.elcomsoft.com/2016/07/building-a-distributed-network-in-the-cloud-using-amazon-ec2-to-break-passwords. (2016). Last Accessed: 2022-03-18.

2. Generation of Secure and Reliable Honeywords, Preventing False Detection

3. ErsatzPasswords

4. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock

5. Lorenzo Franceschi Bicchierai. 2016. Hacker Tries To Sell 427 Million Stolen MySpace Passwords For $2 800. https://www.vice.com/en_us/article/pgkk8v/427-million-myspace-passwords-emails-data-breach. (2016). Last Accessed: 2019-09-04.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. NESec: A Modified-UI Honeyword Generation Strategy for Mitigating Targeted Guessing Attacks;2023 7th Cyber Security in Networking Conference (CSNet);2023-10-16

2. The Tables Have Turned: GPT-3 Distinguishing Passwords from Honeywords;2023 IEEE Conference on Communications and Network Security (CNS);2023-10-02