Password Based Shadow Attack: Quantitative Testing Analysis

A.Poorna Chandra Reddy

Password Based Shadow Attack: Quantitative Testing Analysis
Author(s):
A.Poorna Chandra Reddy
Keywords:
Shadow Attack, Testing, Quantitative
Abstract
With the proliferation of websites, the security level of password-protected accounts is no longer purely determined by individual ones. Users may register multiple accounts on the same site or across multiple sites, and these passwords from the same users are likely to be the same or similar. As a result, an adversary can compromise the account of a user on a web forum, and then guess the accounts of the same user in sensitive accounts, e.g., online banking services, whose accounts could have the same or even stronger passwords. We name this attack as the shadow attack on passwords. To understand the situation, we examined the state of- the-art Intra-Site Password Reuses (ISPR) and Cross-Site Password Reuses (CSPR) based on the leaked passwords from the biggest Internet user group. With a collection of about 70 million real-world web passwords across four large websites in China, we obtained around 4.6 million distinct users who have multiple accounts on the same site or across different sites. We found that for the users with multiple accounts in a single website reused their passwords and for the users with multiple accounts on multiple websites reused their passwords across websites. For the users that have multiple accounts but different passwords, the set of passwords of the same user exhibits patterns that can help password guessing: a leaked weak password reveals partial information of a strong one, which degrades the strength of the strong one. Given the aforementioned findings, we conducted an experiment and achieved an improvement of guessing success rate with John the Ripper guessing tool. To the best of our knowledge, we are the first to provide a large-scale, empirical, and quantitative measurement of web password reuses, especially ISPR, and shed light on the severity of such threat in the real world.
Article Details
Unique Paper ID: 145310 Publication Volume & Issue: Volume 4, Issue 9 Page(s): 15 - 18
Article Preview & Download

Share This Article

Join our RMS

Conference Alert

NCSEM 2024

National Conference on Sustainable Engineering and Management - 2024

Last Date: 15th March 2024

Latest Publication

Study of Synthesis, Structural and electrical natu...
Paper ID : IJIRT163556
Effect Of Varying Molarity And Tempreture On Geopo...
Paper ID : IJIRT163555
Hotel Sentiments Explored: A Deep Dive into Custom...
Paper ID : IJIRT163551
IOT Based Solar Panel Cleaning Robot...
Paper ID : IJIRT163550
Innovative energy theft detection: Centralized obs...
Paper ID : IJIRT163546

( An International Open Access , Peer-reviewed, Refereed Journal )

( An International Open Access Journal & and ISSN Approved )

Call For Paper April 2024 Last Date 25 - April 2024

Impact Factor 7.376 (Year 2021)

Join our RMS

Conference Alert

NCSEM 2024

Latest Publication

Call For Paper

Volume 10 Issue 10

Last Date for paper submitting for March Issue is 25 June 2024

About Us

Social Media

Google Verified Reviews

Contact Details

Policies

Important Links

Browse Rsearch papers