High dictionary compression for proactive password checking

Authors:
Francesco Bergadano;Bruno Crispo;Giancarlo Ruffo
Affiliations:
Univ. di Torino, Turin, Italy;Univ. di Torino, Turin, Italy;Univ. di Torino, Turin, Italy
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
1998

Citing 10
Cited 12

Simplifying decision trees

International Journal of Man-Machine Studies - Special Issue: Knowledge Acquisition for Knowledge-based Systems. Part 5
Inferring decision trees using the minimum description length principle

Information and Computation
OPUS: preventing weak password choices

Computers and Security
C4.5: programs for machine learning

C4.5: programs for machine learning
Learning Sat-k-DNF formulas from membership queries

STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Authentication via keystroke dynamics

Proceedings of the 4th ACM conference on Computer and communications security
Proactive password checking with decision trees

Proceedings of the 4th ACM conference on Computer and communications security
Optimizing decision trees through heuristically guided search

Communications of the ACM
Induction of Decision Trees

Machine Learning
Estimation of Dependences Based on Empirical Data: Springer Series in Statistics (Springer Series in Statistics)

Estimation of Dependences Based on Empirical Data: Springer Series in Statistics (Springer Series in Statistics)

A note on proactive password checking

Proceedings of the 2001 workshop on New security paradigms
A Novel Approach to Proactive Password Checking

InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Intrusion Detection through Behavioral Data

IDA '99 Proceedings of the Third International Symposium on Advances in Intelligent Data Analysis
Hyppocrates

ISC '01 Proceedings of the 4th International Conference on Information Security
HYPPOCRATES: a new proactive password checker

Journal of Systems and Software
State based authentication

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Neural Network Techniques for Proactive Password Checking

IEEE Transactions on Dependable and Secure Computing
Improving password security and memorability to protect personal and organizational information

International Journal of Human-Computer Studies
Human-seeded attacks and exploiting hot-spots in graphical passwords

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
The weak and the strong password preferences: a case study on turkish users

Proceedings of the 3rd international conference on Security of information and networks
EnFilter: a password enforcement and filter tool based on pattern recognition techniques

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

The important problem of user password selection is addressed and a new proactive password-checking technique is presented. In a training phase, a decision tree is generated based on a given dictionary of weak passwords. Then, the decision tree is used to determine whether a user password should be accepted. Experimental results described here show that the method leads to a very high dictionary compression (up to 1000 to 1) with low error rates (of the order of 1%). A prototype implementation, called ProCheck, is made available online. We survey previous approaches to proactive password checking, and provide an in-depth comparison.