Open AccessTowards incorporating honeywords in n‐session recording attack resilient unaided authentication services
Author(s) -
Chakraborty Nilesh,
Mondal Samrat
Publication year - 2019
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2017.0538
Subject(s) - password , computer security , computer science , session (web analytics) , authentication (law) , login , countermeasure , client side , flexibility (engineering) , server side , session key , cryptographic nonce , world wide web , encryption , engineering , mathematics , statistics , aerospace engineering
Unaided authentication services provide the flexibility to login without being dependent on any external hardware. n‐Session recording attack resilient unaided authentication services (n‐SRRUASs) are known for setting high security standards against different client side threats. However, because of their authentication procedure, the authors have identified that these services cope poorly with handling the server side issues. Though modern days’ research heavily depends on the honeywords (or fake passwords) as a countermeasure of server side threats, they have shown that the honeywords cannot be directly applied to n‐SRRUAS. The authors’ analysis shows that the idea of incorporating the honeywords directly into an n‐SRRUAS is particularly difficult as it prevents the system from storing passwords after applying password‐based key derivation function or in the form of a hashed string. In this study, they have proposed few generic principles for incorporating the honeywords into n‐SRRUAS and show that the proposed principles are sufficient for incorporating the honeywords into any n‐SRRUAS. Furthermore, with the help of an existing n‐SRRUAS, they have shown that the proposed idea is truly implementable in practice to fill the existing gap.