User Password Research Articles

PROBLEMATIC ASPECTS OF DEVELOPING APPLICATIONS FOR GENERATING AND STORING USER PASSWORDS

In today’s digital world, the security of personal data is becoming an increasingly pressing issue. Apps for storing user passwords are an important tool in ensuring the security of online accounts, but their development is not without problematic aspects. This article discusses the key challenges developers face when building these applications. Particular attention is paid to storage security, authentication mechanisms, as well as usability and integration with other services. By analyzing these issues, you can identify the main challenges and find ways to solve them, contributing to the creation of more reliable and user- friendly applications for storing user passwords. This article provides an overview of the challenges that arise when developing applications to store user passwords and provides recommendations for solving them. The article discusses such important aspects as data protection, prevention of cyberattacks, compliance with security standards, and usability for the end user. Understanding these challenges and being able to solve them plays a key role in creating trustworthy and effective applications that can provide a high level of security and convenience for users in their everyday online experience. The article describes the practical development of an application for generating complex passwords, as well as their further secure storage in an encrypted database with subsequent integration with third-party applications for more secure storage. The article is of great practical significance. Keywords: generating passwords, storing passwords, cryptography, safety, encryption.

Enhancing Cloud Data Security using Artificial Neural Networks for Users’ Account Hijacking Security Threats

Objectives: To ensure the security of passwords of cloud users' accounts that cannot be decrypted easily by any software or hackers. Methods: In this manuscript, we have designed an experimental setup using a feed-forward back-propagation algorithm of Artificial Neural Networks techniques to ensure cloud data security. For this purpose, we have utilized password-based datasets created by us. 70% of the datasets are allocated for training and 30% for testing and validation purposes. In this training, TRAINLM training function, LEARNGDM adaptive function, performance function is MSE, and PURELIN and TANSIG transfer function to transfer the neurons from input to hidden layer and hidden to the output layer has been used. The minimum learning rate is set to 0.001. Findings: A username and password are required to access cloud services. A cloud-based storage system is used to store login credentials. Due to inadequate security, attackers use hacking techniques to gain access to users’ accounts. Attackers steal data, resources, or services from these accounts. To ensure the security of passwords of cloud users' accounts, we have designed an experimental setup using a feed-forward back-propagation algorithm of neural network techniques. Through this approach, the passwords are stored in a weight matrix, which is a multi-dimensional structure. Novelty: The dimensions of the weight matrix are obscured, making it impossible for the hackers to determine its structure. As a result, we conclude that cloud data is effectively secured on the cloud server. Keywords: Artificial Neural Networks, Cloud Computing, Data Security, Feed-Forward Back-Propagation Algorithm, Machine Learning

Deep learning-based authentication for insider threat detection in critical infrastructure

In today’s cyber environment, threats such as data breaches, cyberattacks, and unauthorized access threaten national security, critical infrastructure, and financial stability. This research addresses the challenging task of protecting critical infrastructure from insider threats because of the high level of trust and access these individuals typically receive. Insiders may obtain a system administrator’s password through close observation or by deploying software to gather the information. To solve this issue, an innovative artificial intelligence-based methodology is proposed to identify a user by their password’s keystroke dynamics. This paper also introduces a new Gabor Filter Matrix Transformation method to transform numerical values into images by revealing the behavioral pattern of password typing. A siamese neural network (SNN) with the branches of convolutional neural networks is utilized for image comparison, aiming to detect unauthorized attempts to access critical infrastructure systems. The network analyzes the unique features of a user’s password timestamps transformed into images and compares them with previously submitted user passwords. The obtained results indicate that transforming the numerical values of keystroke dynamics into images and training an SNN leads to a lower equal error rate (EER) and higher user authentication accuracy than those previously reported in other studies. The methodology is validated on publicly available keystroke dynamics collections, the CMU and GREYC-NISLAB datasets, which collectively comprise over 30,000 password samples. It achieves the lowest EER value of 0.04545 compared to state-of-the-art methods for transforming non-image data into images. The paper concludes with a discussion of findings and potential future directions.

IMPLEMENTATION OF AES AND SHA-3 CRYPTOGRAPHY ALGORITHMS IN SECURING USER SENSITIVE DATA ON THE ARTESIAN WATER BILL PAYMENT TRANSACTION WEBSITE

Transacting online is something that is familiar to almost everyone in the digital era. The presence of digital transactions brings convenience in carrying out trading activities, but the use of the internet in creating easy transactions with several challenges in the form of hacking. In order to realize secure transactions, the level of protection on digital transaction service provider sites must be made as strong as possible to prevent digital attacks. Therefore, a protection system for user payment data on one of the transaction websites was created by applying the AES and SHA-3 cryptographic algorithm methods. The AES algorithm method was chosen because its implementation is not complicated but has proven its security, while SHA-3 is used to create unique keys from user passwords with the latest hash technology, so that the data encryption and decryption process becomes more protected because it uses the secret key of each user but not directly. The application of cryptographic algorithms will provide additional protection for the security of nominal user transaction data from cyber attacks so that the data. This research will produce a cryptography program flow with the Python programming language and examples of encryption and hash process results during program execution.

Flexible wide-range multidimensional force sensors inspired by bones embedded in muscle

AbstractFlexible sensors have been widely studied for use in motion monitoring, human‒machine interactions (HMIs), personalized medicine, and soft intelligent robots. However, their practical application is limited by their low output performance, narrow measuring range, and unidirectional force detection. Here, to achieve flexibility and high performance simultaneously, we developed a flexible wide-range multidimensional force sensor (FWMFS) similar to bones embedded in muscle structures. The adjustable magnetic field endows the FWMFS with multidimensional perception for detecting forces in different directions. The multilayer stacked coils significantly improved the output from the μV to the mV level while ensuring FWMFS miniaturization. The optimized FWMFS exhibited a high voltage sensitivity of 0.227 mV/N (0.5–8.4 N) and 0.047 mV/N (8.4–60 N) in response to normal forces ranging from 0.5 N to 60 N and could detect lateral forces ranging from 0.2–1.1 N and voltage sensitivities of 1.039 mV/N (0.2–0.5 N) and 0.194 mV/N (0.5–1.1 N). In terms of normal force measurements, the FWMFS can monitor finger pressure and sliding trajectories in response to finger taps, as well as measure plantar pressure for assessing human movement. The plantar pressure signals of five human movements collected by the FWMFS were analyzed using the k-nearest neighbors classification algorithm, which achieved a recognition accuracy of 92%. Additionally, an artificial intelligence biometric authentication system is being developed that classifies and recognizes user passwords. Based on the lateral force measurement ability of the FWMFS, the direction of ball movement can be distinguished, and communication systems such as Morse Code can be expanded. This research has significant potential in intelligent sensing and personalized spatial recognition.

Windows 11 and the dawn of the TPM - a forensically sound way to beat it

ABSTRACT As technology evolves so do challenges faced by the digital forensic examiner. An increasingly frequent obstacle appearing now is the BitLocker encryption in conjunction with the Trusted Platform Module (TPM). The roll out of Windows 11 made having an initialised TPM (2.0) a mandatory prerequisite before being able to install Windows 11. Tackling the TPM is going to be one of the major issues encountered by the digital forensic computer examiner in the future as Windows 10 support ends in 2025 (Microsoft, 2024). This paper describes a method for accessing the BitLocker protected partition of a windows computer in a short time using minimal equipment in a forensically sound manner. As a result BitLocker encrypted partitions of physical images can be decrypted using recovery keys obtained via compliance or brute force of the users password or pin.

Finger Print Voting System

The field of biometrics, or the identification of people based on physiological or behavioral characteristics [6], has recently received a significant amount of attention in current research as a result of its applicability in the fields of information technology and security. With the increased usage of PIN numbers and passwords in everyday life, the vulnerabilities of these two technologies are becoming more apparent (e.g. password-cracking). Biometric authorization’s strengths are that it requires the user to be present and that it eliminates the hassles of passwords and PIN’s (or can be used in parallel with these for added security). Specifically, online identity verification, ATM machines, and building entrance authorization, are all areas where it is very useful to implement an automatic identification system.

Validation of cyber security behaviour among adolescents at Malaysia university: Revisiting gender as a role

Cyber-attacks and crimes are still a problem in Malaysia. COVID-19 has pushed Malaysians into the digital world more quickly. These cyberattacks may rise and affect more people. Thus, the aim of this study is to find out if there is a significant difference in the level of cyber security behaviour between males and females in the aspects of malware, password usage, phishing, social engineering and online scamming in Malaysia. An online questionnaire survey was used to gather data from Malaysia and received 207 total responses. Cronbach's alpha is used to measure questionnaire items' reliability. A t-test is used to determine the differences between male and female cyber security behaviour. The results show that there is no significant difference between males and females in four aspects out of five, which are malware, password usage, phishing and social engineering. There is a significant difference between males and females in the aspect of online scams. This research helps those who formulate education policies by determining that there is no noticeable gender difference. Men should get the same level of education and training as women. The findings also demonstrate that women's awareness of technology is increasing.

Cost-asymmetric memory hard password hashing

In the past decade billions of user passwords have been exposed to the dangerous threat of offline password cracking attacks. An offline attacker who has stolen the cryptographic hash of a user's password can check as many password guesses as s/he likes limited only by the resources that s/he is willing to invest to crack the password. Pepper and key-stretching are two techniques that have been proposed to deter an offline attacker by increasing guessing costs. Pepper ensures that the cost of rejecting an incorrect password guess is higher than the (expected) cost of verifying a correct password guess. This is useful because most of the offline attacker's guesses will be incorrect. Unfortunately, as we observe the traditional peppering defense seems to be incompatible with modern memory hard key-stretching algorithms such as Argon2 or Scrypt. We introduce an alternative to pepper which we call Cost-Asymmetric Memory Hard Password Authentication which benefits from the same cost-asymmetry as the classical peppering defense i.e., the cost of rejecting an incorrect password guess is larger than the expected cost to authenticate a correct password guess. When configured properly we prove that our mechanism can only reduce the percentage of user passwords that are cracked by a rational offline attacker whose goal is to maximize (expected) profit i.e., the total value of cracked passwords minus the total guessing costs. We evaluate the effectiveness of our mechanism on empirical password datasets against a rational offline attacker. Our empirical analysis shows that our mechanism can reduce the percentage of user passwords that are cracked by a rational attacker by up to 10%.

Remote-Controlled Affordable Solenoid Valve Design and a Web-Based Approach to Its Implementation

Irrigating agricultural lands remotely using automated irrigation systems can mitigate water and energy wastage, reducing it to a minimum. This study aims to design an agricultural irrigation system that operates by remotely opening and closing solenoid valves. The envisioned solenoid valve comprises a wireless microcontroller, a power circuit, and a basic valve mechanism. The remote and automated irrigation system can monitor and receive commands for the connected solenoid valves through web services and a web interface. After every operation executed by the system, interfaces displaying the real-time status or historical operational states of the controlled solenoid valves are presented to the users. This system is orchestrated using a web server operating on a cloud server, serving as the system control center. Solenoid valves positioned at ten different points are integrated, facilitating real-time and programmable use based on user requests. The system uses a secured website, accessed via user passwords, as a communication interface to receive irrigation control requests. It offers the capability for multiple users to control the system simultaneously through the same interface. Ultimately, this research seeks to establish a secure, remote, and automated irrigation system based on the control and scheduling of low-cost solenoid valves via a web page.

Efficient and anonymous password-hardened encryption services

Password-based authentication and encryption schemes are commonly employed to ensure data privacy. Nevertheless, these schemes are vulnerable to brute-force attacks, as user passwords have low-entropy. Password-hardened encryption (PHE) was proposed to combat brute-force attacks by introducing an external crypto service to enforce rate limiting for user requests. However, existing PHE schemes fail to provide user anonymity and need to rely on computationally expensive cryptographic primitives (e.g. zero-knowledge proofs and exponentiations). In this paper, we introduce cross-epoch anonymity in PHE to trade off rate limiting and per-user anonymity. The user requests within the same epoch can be linked by the external crypto service to enforce rate limiting and defend against brute-force attacks, while the requests from different epochs cannot be linked to specific users, ensuring per-user anonymity. Subsequently, we propose an anonymous PHE (APHE) scheme that leverages the trusted execution environment provided by Intel SGX to achieve cross-epoch anonymity. Our scheme achieves both soundness and strong soundness without using zero-knowledge proofs and exponentiations. Sensitive operations are executed within the trusted execution environment, leading to significant performance improvements. The evaluation results demonstrate that our scheme outperforms the state-of-the-art PHE scheme with more than 12/9 times lower latencies for encryption/decryption.

A Novel Security Model for Password Encryption Using Aadhaar and Amicable Number

In this day and age, data hacking has become a major source of fear. In order to avoid any further theft of data, we must stop this criminal hacking. Backups, encryption, access control, and other techniques are just a few that may be used to ensure data integrity. We did not combine the existing approaches when we announced our encryption process. The secret to encrypting user passwords is to utilize a mathematical calculation equation that is well-defined and a number conversion mechanism. Users must provide their password and Aadhaar number in order to register. Encrypted password has been recorded in the database. Every industry uses encryption to secure data, and there are many potential applications for it in the future.

ANALYZING USER PASSWORDS WORLDWIDE IN TERMS OF CYBER THREATS

Analysing user passwords used around the world is a very broad topic and involves a variety of factors. Password analysis is usually based on detailed studies by security experts, cyber security researchers and encryption experts. Weak passwords, repeated passwords, simple patterns, short passwords, personal information are critical contents that create vulnerabilities and are ignored by users. Attackers or attack tools working for password interception can easily intercept passwords that contain security measures below a certain level, that is, passwords that are not complex. The purpose of this study is to analyse global password usage, to increase users' awareness about password security and to encourage users to use stronger passwords. Small program snippets and new tools have been coded to achieve this goal. In future studies, it is aimed to improve the current application by automating the control of the distance of the texts from each other as a new password suggestion method and hybridising machine learning methods.

A Secure and Efficient Biometric Template Protection Scheme for Palmprint Recognition System

The accuracy and security of a biometric system are the two sides of a coin. A biometric system must be simple, flexible, efficient, and secure enough from unauthorized access. Concerning these requirements, this paper presents an enhanced palmprint recognition system with superior performance and improved biometric template protection schemes. This method comprises five components: image preprocessing, feature extraction, cancelable biometrics, classification, and Bio-cryptosystem. The palm texture region is extracted from the input hand image during preprocessing. A feature representation technique is then used to extract discriminant features from the palmprint texture patterns. The extracted features are then analyzed using an information coding scheme to compute a user-specific token. Here, the user-specific tokens along with the original palmprint features are used to calculate the feature vectors for the cancelable biometric system. A novel Bio-Cryptosystem has been proposed to protect templates with high security where there is no need to remember the users&#x2019; tokens. Cancelable feature vectors are kept online in encrypted form using the proposed Bio-Cryptosystem, which is used to identify or verify the subjects after decryption. The original feature vectors are kept offline to prevent these from external attacks and misuse. Finally, the multi-class linear support vector machine has been used for user classification. For experimental purposes, two benchmark hand image databases: BOSPHORUS and CASIA-Palmprint, are employed, and the proposed system has achieved nearly 100&#x0025; correct recognition rate in cancelable domain for both the employed databases. Finally, the performance comparison in terms of both verification and identification for the palmprint and the cancelable palmprint recognition systems with the existing state-of-the-art methods shows the superiority of the proposed system. <i>Impact Statement</i> &#x2014;We have improved the biometric template protection scheme by modifying the cancelable biometric technique with two security levels capable of protecting the biometric information from the dictionary, brute-force, database, channel, replay, and spoofing attacks. To avoid the difficulty of remembering long user passwords/tokens, an automatic key generation technique of user passwords has been proposed. Two different keys are generated: the first one used for cancelable biometrics and the second for encryption-decryption processes. Both these keys are not needed to store or remember and are helpful for a multi-factor authentication system. A novel Bio-cryptographic algorithm instead of traditional Bio-Cryptographic algorithms have been introduced within the proposed system. Several attacks and challenging issues of biometric recognition systems have been considered with maintaining outstanding performance in terms of accuracy and security.

Novel Dynamic S-Box Based on Password Key and Circle Map

Many cryptosystems and security techniques use substitution boxes to ensure the data’s secure communication. A new technique is presented for generating a robust S-box to fulfill security requirements. The AES algorithm represents a block cipher cryptographic algorithm. It was selected by the National Institute of Science and Technology as the optimal cryptographic algorithm in 2011. Through the study of the properties of original S-BOX, this algorithm has been subjected to a number of attacks (linear, differential, statistical, and interpolation), and original S-BOX has been static, which makes the attack strong and shows a weakness in the algorithm. It is necessary to make this algorithm more efficient and powerful through the improvement of the dynamic generation of the steps for the protection of textual data security. This paper proposes a dynamic S-Box based on the user's password key (8 chars), shifting, and a 1D circle map. The results in this work indicated that the suggested approach presents a secure S-BOX, which is considered to have 255 differences identified when 1 bit of the key is changed; therefore, about 99% of the S-Box has been changed. Also, an inverse table of S-Box (16*16) is generated via the S-Box output created from the above-mentioned suggestions for returning the values regarding the union of the column and the row for all the S-Box generated values. We examine the quality of our S-Box through various well-known performance parameters. All of the analysis yields very encouraging results, certifying that the generated S-box meets all criteria that are required for reliable and secure encryption. Just a few milliseconds are needed to implement it.

Adjusting counting-based secret-sharing via personalized passwords and email-authentic reliability

Counting-based secret-sharing (CBSS) is a current cybersecurity technique that provide applicable authentication for multi-participants collaborative trust access control utilization. The CBSS originally assigns its main confidential target key as secret random automatically selected to generate all participants private shares fulfilling trap-door function. CBSS is normally not allowing to entertain user preference in personalizing the passwords causing severe remembrance reliability difficulty. This research addressed this retention personalized challenge by adjusting the CBSS procedure commencing its process by user password selection choice, as for secret shares extraction to generate the target-key, securing the cybersecurity collaborative system. We proposed several algorithms for user-preference secret shares combination based on text and images alternatives, further verified by personal email convenience authentication. The proposals tested this adjusted CBSS reliability comparing overall security, systems number of shares possibilities, and variations functional time complexity as well as PSNR comparing to others for proper validation, noting its novel relevance attraction. The analysis remarked very interesting contribution comparison commented highest randomization secrecy of 95% for proposed model A passwords followed by 39%, 21%, 19% and 5%, for other different images-based passwords models B, C, D, and E, respectively. The work remarked attractive contribution compared to other works providing applicable CBSS real-life current utilization, opening door for promising progressive advancements to come.

An Enhanced Blockchain Based Security and Attack Detection Using Transformer In IOT-Cloud Network

The IoT (Internet of Things) encompasses numerous networks and connected devices. One of the primary concerns surrounding IoT, according to researchers and security experts, is the potential risks to privacy and cybersecurity. Deep learning offers significant capabilities for self-adjustment, self-organization, and generalization. Recognizing this, advanced deep learning algorithms are employed in this research to address the privacy and security issues plaguing the IoT landscape. To address these concerns, a novel model called BC-Trans Network is proposed, leveraging the strengths of both Blockchain technology and a transformer component. The transformer plays a vital role in identifying abnormal data, enabling the system to take proactive measures against potential threats. In addition Hash-2 is introduced for the verification of IoT users, adding an extra layer of security to the authentication process. The Blockchain model is utilized to securely store user passwords and details, ensuring a robust and tamper-proof authentication mechanism. To validate the proposed model, a publicly available dataset CSE-CIC-IDS2018 is employed. Pre-processing techniques, including feature selection using the chi-square method, are applied to refine the dataset. The transformer module then classifies the data as normal or abnormal, allowing for accurate identification of potential security breaches. To further safeguard the data and protect the privacy of users, a Fully Homomorphic Encryption (FHE) method is employed. This advanced encryption enables the encryption of categorized normal data, ensuring its confidentiality even during transmission and storage. The study's findings support IoT-cloud server security and privacy by demonstrating the effectiveness of the suggested paradigm in identifying and thwarting network threats. With detection times of 225.3 seconds, an accuracy of 99.25%, a precision of 99.53%, a recall of 99.32%, and an F1 score of 99.59%, the proposed system exhibits impressive performance. Furthermore, as the output numbers increase, the system's metrics improve, suggesting its scalability and flexibility.

Machine-Learning-Based Password-Strength-Estimation Approach for Passwords of Lithuanian Context

In an information-security-assurance system, humans are usually the weakest link. It is partly related to insufficient cybersecurity knowledge and the ignorance of standard security recommendations. Consequently, the required password-strength requirements in information systems are the minimum of what can be done to ensure system security. Therefore, it is important to use up-to-date and context-sensitive password-strength-estimation systems. However, minor languages are ignored, and password strength is usually estimated using English-only dictionaries. To change the situation, a machine learning approach was proposed in this article to support a more realistic model to estimate the strength of Lithuanian user passwords. A newly compiled dataset of password strength was produced. It integrated both international- and Lithuanian-language-specific passwords, including 6 commonly used password features and 36 similarity metrics for each item (4 similarity metrics for 9 different dictionaries). The proposed solution predicts the password strength of five classes with 77% accuracy. Taking into account the complexity of the accuracy of the Lithuanian language, the achieved result is adequate, as the availability of intelligent Lithuanian-language-specific password-cracking tools is not widely available yet.

Creating Password Protector Application for Preventing Unauthorised Hackers Using Java

Password managers utilise the master password or security key to safeguard user passwords. The security of Master Password users gets compromised when they use a weak Master Password. Because users always require a token to log in, the advantages of using security keys are minimal. In this article, we present an entirely novel password administration platform that uses secret sharing and a user's server to offer excellent security and convenience of use. Password protection systems are still vulnerable to various attacks ten years after their inception. SECRYPT is an all-in-one encrypted password manager that takes care of your security and privacy. Protects the user's web service password in the cloud service password file. The fact that the application works as SaaS in the cloud increases the usability and reliability of the application. All passwords stored in our app are encrypted and stored in a cloud database. Your passwords and encrypted keys are stored in multiple databases for added security. To address this issue, we attempted to create a safe password manager that can recover multiple user accounts and passwords locally, relieving users of the stress of remembering many accounts and passwords. The data is encrypted with the AES encryption algorithm for maximum user security and the password manager is integrated into the browser to provide many important functions to the end users

Evaluating the effectiveness of Discriminator network in GAN architecture for phishing URL classification

Phishing attack by illegitimate URLs is of the most common security challenges for both individuals and companies in ensuring the security of their information resources. The user passwords, credit card information, or other sensitive information can be stolen by clicking on the malicious URL links. Recently, machine learning based approach is being popularly applied to detect phishing URLs. The classifiers, such as SVM, Random Forest, LSTM, etc., are built on the standard datasets to make a prediction about a URL sample is malign or benign one. Some recent researches focus on using GAN network for enrichment of malicious URL samples utilized in classifier training based on deep learning models. In this work, we explore the ability of training a standard GAN architecture which consists of two adversarial networks of Discriminator and Generator. The URL samples are generated by the Generator network will be refined and feed backed to the Generator by the Discriminator. This helps the Generator generate URL samples that are more and more similar to the real ones. Accordingly, the Discriminant network also learns the malicious and clean characteristics of the URL patterns. In order to evaluate the effectiveness of this learning, the experiments are conducted on completely new testing datasets beyond the training datasets. The experimental results are promising with the classification accuracy of both malign and benign URLs are about 97%.