Go to WICOMM 2020 homepageModified Password Guessing Methods Based on TarGuess-I
Abstract: svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.3499298pt" id="M1" height="9.10327pt" version="1.1" viewBox="-0.0498162 -8.75334 66.4307 9.10327" width="66.4307pt"><g transform="matrix(.013,0,0,-0.013,0,0)"><path id="g190-85" d="M592 498C586 556 582 629 581 675H560C545 656 537 650 510 650H115C87 650 74 652 60 675H40C38 620 33 555 28 495H57C69 539 77 568 89 585C102 607 122 616 205 616H267V123C267 44 259 34 168 28V0H454V28C360 34 352 44 352 123V616H422C498 616 514 608 531 584C542 568 552 543 562 495L592 498Z"/></g><g transform="matrix(.013,0,0,-0.013,6.821,0)"><path id="g190-98" d="M433 39L423 65C413 59 399 54 387 54C370 54 352 69 352 114V299C352 352 342 392 307 422C285 440 255 449 225 449C168 437 102 399 75 379C56 365 44 353 44 339C44 315 69 296 87 296C101 296 111 303 116 319C124 349 133 371 145 385C156 397 171 404 190 404C241 404 275 364 275 291V274C253 256 180 229 120 209C65 190 39 159 39 110C39 47 88 -12 159 -12C189 -12 237 25 277 52C282 35 288 21 301 8C312 -3 333 -12 348 -12L433 39ZM275 84C256 65 221 48 195 48C164 48 124 73 124 124C124 161 146 180 185 198C206 208 254 229 275 240V84Z"/></g><g transform="matrix(.013,0,0,-0.013,12.41,0)"><path id="g190-115" d="M181 342V451C133 431 89 419 40 411V388C98 381 102 377 102 311V104C102 38 95 32 33 26V0H263V26C186 32 181 38 181 104V287C203 343 235 372 261 372C277 372 289 366 304 352C310 346 318 345 330 350C349 359 362 379 362 399C362 422 338 449 304 449C256 449 213 393 183 342H181Z"/></g><g transform="matrix(.013,0,0,-0.013,17.233,0)"><path id="g190-72" d="M692 302H438V274C537 267 543 260 543 188V103C543 61 531 48 511 37C489 26 458 20 424 20C231 20 146 188 146 333C146 517 258 630 411 630C507 630 582 597 606 474L634 480C627 546 622 601 619 636C586 643 510 665 426 665C230 665 44 552 44 321C44 122 191 -15 411 -15C491 -15 573 7 635 21C629 49 628 81 628 116V202C628 261 632 266 692 274V302Z"/></g><g transform="matrix(.013,0,0,-0.013,26.319,0)"><path id="g190-118" d="M518 50L491 51C452 54 444 60 444 110V444C429 441 405 437 377 434C348 430 314 427 287 426V403L323 397C356 392 365 386 365 333V99C331 66 293 51 257 51C212 51 169 75 169 164V299C169 366 169 413 172 444C156 441 128 437 101 433C75 430 50 427 29 426V403L57 397C82 391 90 386 90 333V137C90 29 147 -12 214 -12C241 -12 262 -4 291 13S342 48 365 65V-6L371 -12C390 -7 415 1 441 8C468 15 496 21 518 24V50Z"/></g><g transform="matrix(.013,0,0,-0.013,33.222,0)"><path id="g190-102" d="M380 106C343 72 306 56 265 56C195 56 116 112 115 248C235 252 361 262 377 265C396 269 400 277 400 297C400 374 333 449 250 449H249C198 449 144 421 103 376S37 269 37 201C37 88 109 -12 232 -12C263 -12 332 6 395 84L380 106ZM225 412C281 412 315 364 314 312C314 297 308 292 290 292C232 290 176 289 120 289C135 370 180 412 225 412Z"/></g><g transform="matrix(.013,0,0,-0.013,38.747,0)"><path id="g190-116" d="M319 325C317 349 306 409 297 431C277 440 250 449 209 449C117 449 57 389 57 319C57 243 122 209 182 182C232 159 261 135 261 91C261 48 227 21 190 21C130 21 85 79 68 145L41 140C41 104 51 36 58 22C75 7 121 -12 172 -12C252 -12 337 35 337 126C337 195 286 231 210 262C166 281 126 304 126 348C126 388 152 417 191 417C240 417 274 378 294 318L319 325Z"/></g><g transform="matrix(.013,0,0,-0.013,43.453,0)"><use xlink:href="#g190-116"/></g><g transform="matrix(.013,0,0,-0.013,51.316,0)"><path id="g117-33" d="M535 230V280H52V230H535Z"/></g><g transform="matrix(.013,0,0,-0.013,61.853,0)"><path id="g190-74" d="M303 0V28C221 34 213 39 213 125V525C213 610 221 616 303 622V650H38V622C120 616 128 610 128 525V125C128 40 120 34 38 28V0H303Z"/></g></svg> is a leading online targeted password guessing model using users’ personally identifiable information (PII) proposed at ACM CCS 2016 by Wang et al. It has attracted widespread attention in password security owing to its superior guessing performance. Yet, after analyzing the users’ vulnerable behaviors of using popular passwords and constructing passwords with users’ PII, we find that this model does not take into account popular passwords, keyboard patterns, and the special strings. The special strings are the strings related to users but do not appear in the users’ demographic information. Thus, we propose <span class="nowrap"><svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.3498993pt" id="M2" height="12.124pt" version="1.1" viewBox="-0.0498162 -11.7741 91.2985 12.124" width="91.2985pt"><g transform="matrix(.013,0,0,-0.013,0,0)"><use xlink:href="#g190-85"/></g><g transform="matrix(.013,0,0,-0.013,6.821,0)"><use xlink:href="#g190-98"/></g><g transform="matrix(.013,0,0,-0.013,12.41,0)"><use xlink:href="#g190-115"/></g><g transform="matrix(.013,0,0,-0.013,17.233,0)"><use xlink:href="#g190-72"/></g><g transform="matrix(.013,0,0,-0.013,26.319,0)"><use xlink:href="#g190-118"/></g><g transform="matrix(.013,0,0,-0.013,33.222,0)"><use xlink:href="#g190-102"/></g><g transform="matrix(.013,0,0,-0.013,38.747,0)"><use xlink:href="#g190-116"/></g><g transform="matrix(.013,0,0,-0.013,43.453,0)"><use xlink:href="#g190-116"/></g><g transform="matrix(.013,0,0,-0.013,51.316,0)"><use xlink:href="#g117-33"/></g><g transform="matrix(.013,0,0,-0.013,61.853,0)"><use xlink:href="#g190-74"/></g><g transform="matrix(.0091,0,0,-0.0091,66.302,-5.741)"><path id="g54-36" d="M556 236V289H337V504H275V289H56V236H275V-4H337V236H556Z"/></g><g transform="matrix(.0091,0,0,-0.0091,71.862,-5.741)"><path id="g50-76" d="M771 650H519L511 619L537 615C578 610 579 600 539 564C444 476 379 428 336 396C312 378 281 357 252 347L283 514C300 605 304 610 388 619L395 650H134L127 619C212 610 216 605 199 514L130 140C112 41 103 38 28 31L18 0H281L288 31C201 40 198 41 216 140L246 311C274 328 289 324 315 284C393 167 458 86 528 0H686L695 31C635 37 612 45 570 97C521 156 420 285 361 367L596 549C663 601 684 609 764 620L771 650Z"/></g><g transform="matrix(.0091,0,0,-0.0091,78.552,-5.741)"><path id="g50-81" d="M622 479C622 589 545 650 400 650H146L140 618C229 609 230 602 215 527L135 132C117 43 112 41 27 32L18 0H305L313 32C213 40 205 44 222 132L251 284L324 262H365C484 269 622 333 622 479ZM528 477C528 356 420 305 344 305C300 305 276 314 259 321L303 554C311 597 313 600 331 606C345 611 361 614 379 614C463 614 528 580 528 477Z"/></g><g transform="matrix(.0091,0,0,-0.0091,83.548,-5.741)"><path id="g50-89" d="M782 650H541L536 618L564 614C597 609 604 600 584 574C535 508 486 451 437 395C394 473 361 533 343 575C331 605 335 610 375 615L400 618L407 650H156L147 618C222 612 230 608 267 537L375 330C277 214 186 117 163 96C108 43 97 38 27 32L18 0H265L274 32L251 35C204 41 202 47 224 80C264 138 327 213 397 293L504 80C520 48 516 42 472 36L440 32L433 0H707L716 32C627 38 622 43 581 121L455 361L629 548C685 606 696 610 775 618L782 650Z"/></g></svg>,</span> a modified password guessing model with three semantic methods, including (1) identifying popular passwords by generating top-300 lists from similar websites, (2) recognizing keyboard patterns by relative position, and (3) catching the special strings by extracting continuous characters from user-generated PII. We conduct a series of evaluations on six large-scale real-world leaked password datasets. The experimental results show that our modified model outperforms <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.3499298pt" id="M3" height="9.10327pt" version="1.1" viewBox="-0.0498162 -8.75334 66.4307 9.10327" width="66.4307pt"><g transform="matrix(.013,0,0,-0.013,0,0)"><use xlink:href="#g190-85"/></g><g transform="matrix(.013,0,0,-0.013,6.821,0)"><use xlink:href="#g190-98"/></g><g transform="matrix(.013,0,0,-0.013,12.41,0)"><use xlink:href="#g190-115"/></g><g transform="matrix(.013,0,0,-0.013,17.233,0)"><use xlink:href="#g190-72"/></g><g transform="matrix(.013,0,0,-0.013,26.319,0)"><use xlink:href="#g190-118"/></g><g transform="matrix(.013,0,0,-0.013,33.222,0)"><use xlink:href="#g190-102"/></g><g transform="matrix(.013,0,0,-0.013,38.747,0)"><use xlink:href="#g190-116"/></g><g transform="matrix(.013,0,0,-0.013,43.453,0)"><use xlink:href="#g190-116"/></g><g transform="matrix(.013,0,0,-0.013,51.316,0)"><use xlink:href="#g117-33"/></g><g transform="matrix(.013,0,0,-0.013,61.853,0)"><use xlink:href="#g190-74"/></g></svg> by 2.62% within <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.2063904pt" id="M4" height="8.55521pt" version="1.1" viewBox="-0.0498162 -8.34882 18.8898 8.55521" width="18.8898pt"><g transform="matrix(.013,0,0,-0.013,0,0)"><path id="g113-50" d="M384 0V27C293 34 287 42 287 114V635C232 613 172 594 109 583V559L157 557C201 555 205 550 205 499V114C205 42 199 34 109 27V0H384Z"/></g><g transform="matrix(.013,0,0,-0.013,6.24,0)"><path id="g113-49" d="M241 635C89 635 35 457 35 312C35 153 89 -12 240 -12C390 -12 443 166 443 312C443 466 390 635 241 635ZM238 602C329 602 354 454 354 312C354 172 330 22 240 22C152 22 124 173 124 313S148 602 238 602Z"/></g><g transform="matrix(.013,0,0,-0.013,12.48,0)"><use xlink:href="#g113-49"/></g></svg> guesses.
0 Replies
Loading