Abstract
Text-based passwords are a fundamental and popular means of authentication. Password authentication can be simply implemented because it does not require any equipment, unlike biometric authentication, and it relies only on the users’ memory. This reliance on memory is a weakness of passwords, and people therefore usually use easy-to-remember passwords, such as “iloveyou1234”. However, these sample passwords are not difficult to crack. The default passwords of IoT also are text-based passwords and are easy to crack. This weakness enables free password cracking tools such as Hashcat and JtR to execute millions of cracking attempts per second. Finally, this weakness creates a security hole in networks by giving hackers access to an IoT device easily. Research has been conducted to better exploit weak passwords to improve password-cracking performance. The Markov model and probabilistic context-free-grammar (PCFG) are representative research results, and PassGAN, which uses generative adversarial networks (GANs), was recently introduced. These advanced password cracking techniques contribute to the development of better password strength checkers. We studied some methods of improving the performance of PassGAN, and developed two approaches for better password cracking: the first was changing the convolutional neural network (CNN)-based improved Wasserstein GAN (IWGAN) cost function to an RNN-based cost function; the second was employing the dual-discriminator GAN structure. In the password cracking performance experiments, our models showed 10–15% better performance than PassGAN. Through additional performance experiments with PCFG, we identified the cracking performance advantages of PassGAN and our models over PCFG. Finally, we prove that our models enhanced password strength estimation through a comparison with zxcvbn.
Highlights
As the computing power of IoT devices such as drones and smartwatches have improved, they have been utilized for entertainment purposes and in various fields, such as military services and delivery services
To avoid any degradation of the password cracking performance, the duplicated passwords generated by the model needed to be minimized as much as possible
In terms of N-grams, the recurrent neural network (RNN)-based models exhibited a higher resemblance to that human-generated password distribution than PassGAN
Summary
As the computing power of IoT devices such as drones and smartwatches have improved, they have been utilized for entertainment purposes and in various fields, such as military services and delivery services. Such enhanced computing ability allows the devices to operate on a modern operating system (OS) such as Linux that contains various applications, including a file transfer protocol (FTP), which is susceptible to massive network-based attacks such as a distributed denial of service (DDoS) attack [1]. The text-based password is a basic and fundamental authentication method, and it often plays a crucial role in system security.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.