• ISSN: 2349-6002
  • UGC Approved Journal No 47859
Author Login IJIRT Partner Network (IPN) Login

Password Based Shadow Attack: Quantitative Testing Analysis

  • Unique Paper ID: 145310
  • Volume: 4
  • Issue: 9
  • PageNo: 15-18
  • Abstract:
  • With the proliferation of websites, the security level of password-protected accounts is no longer purely determined by individual ones. Users may register multiple accounts on the same site or across multiple sites, and these passwords from the same users are likely to be the same or similar. As a result, an adversary can compromise the account of a user on a web forum, and then guess the accounts of the same user in sensitive accounts, e.g., online banking services, whose accounts could have the same or even stronger passwords. We name this attack as the shadow attack on passwords. To understand the situation, we examined the state of- the-art Intra-Site Password Reuses (ISPR) and Cross-Site Password Reuses (CSPR) based on the leaked passwords from the biggest Internet user group. With a collection of about 70 million real-world web passwords across four large websites in China, we obtained around 4.6 million distinct users who have multiple accounts on the same site or across different sites. We found that for the users with multiple accounts in a single website reused their passwords and for the users with multiple accounts on multiple websites reused their passwords across websites. For the users that have multiple accounts but different passwords, the set of passwords of the same user exhibits patterns that can help password guessing: a leaked weak password reveals partial information of a strong one, which degrades the strength of the strong one. Given the aforementioned findings, we conducted an experiment and achieved an improvement of guessing success rate with John the Ripper guessing tool. To the best of our knowledge, we are the first to provide a large-scale, empirical, and quantitative measurement of web password reuses, especially ISPR, and shed light on the severity of such threat in the real world.
email to a friend

Cite This Article

  • ISSN: 2349-6002
  • Volume: 4
  • Issue: 9
  • PageNo: 15-18

Password Based Shadow Attack: Quantitative Testing Analysis

Related Articles

13 Dec, 2018

A Study on Big Data Analytics and Data Sciences: Challenges, Research Issues and Platforms

Read More
13 Dec, 2018

Concept of Routing Strategy for Enhancement in Wireless Network

Read More
13 Dec, 2018

AUTHENTIFICATION OF CERTIFICATE IN NETWORK BY USING UNIQUE SIGN-ON ALGORITHM.

Read More
01 Feb, 2018

Definition of defragmentation history and monetary science can reduce the law of online backup savings

Read More
01 Feb, 2018

A multilingual reference based on cloud pattern

Read More
01 Feb, 2018

Malware test on cloud computing infrastructure

Read More
30 Nov, 2017

A STUDY ON MINING OF DATA FOR INVESTIGATING ITS METHODS, APPROACHES AND APPLICATIONS IN REAL TIME WORLD

Read More
27 Nov, 2017

Outlook Database under Keyword Common Reliable Internal Rating

Read More
28 Oct, 2017

Useful privacy promotion Keyword search mode

Read More
Impact Factor
8.01 (Year 2024)
UGC Approved
Journal no 47859

Join Our IPN

IJIRT Partner Network

Submit your research paper and those of your network (friends, colleagues, or peers) through your IPN account, and receive 800 INR for each paper that gets published.

Join Now

Latest Publication

Archive

View More

Recent Conferences

NCSEM 2024

National Conference on Sustainable Engineering and Management - 2024 Last Date: 15th March 2024

Submit inquiry