A Novel Dictionary Generation Methodology for Contextual-Based Password Cracking

Authors: Kanta, Aikaterini; Coisel, Iwen and Scanlon, Mark

Publication Date: June 2022

Publication Name: IEEE Access, Volume 10,, Pages 59178-59188,

Abstract:

It has been more than 50 years since the concept of passwords was introduced and adopted in our society as a digital authentication method. Despite alternative authentication methods being developed later, it is reasonable to assume that this prevailing authentication method will not fall out of popularity anytime soon. Naturally, each password is closely connected to its creator. This connection has given rise to advanced techniques aimed at exploiting user habits for password cracking. Such techniques are often generic approaches that leverage large datasets of human-created passwords. Recent research has underlined the influence that context can have during password selection for a user. This information could be of significant added value when digital investigators need to target a specific user or group of users during a criminal investigation. There are no automated approaches that can extract and utilize contextual information during the password cracking processes. In this paper, a methodology and framework for creating custom dictionary word lists for dictionary-based password cracking attacks are introduced, with a specific focus on leveraging contextual information encountered during an investigation. Furthermore, a detailed explanation of the framework’s implementation is provided, and the benefits of the approach are demonstrated with the use of test cases.

Download:

Download Paper as PDF

BibTeX Entry:

@article{kanta2022dictionarygeneration,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{A Novel Dictionary Generation Methodology for Contextual-Based Password Cracking}",
journal="{IEEE Access}",
year=2022,
month=06,
volume=10,
pages={59178-59188},
doi={10.1109/ACCESS.2022.3179701},
abstract={It has been more than 50 years since the concept of passwords was introduced and adopted in our society as a digital authentication method. Despite alternative authentication methods being developed later, it is reasonable to assume that this prevailing authentication method will not fall out of popularity anytime soon. Naturally, each password is closely connected to its creator. This connection has given rise to advanced techniques aimed at exploiting user habits for password cracking. Such techniques are often generic approaches that leverage large datasets of human-created passwords. Recent research has underlined the influence that context can have during password selection for a user. This information could be of significant added value when digital investigators need to target a specific user or group of users during a criminal investigation. There are no automated approaches that can extract and utilize contextual information during the password cracking processes. In this paper, a methodology and framework for creating custom dictionary word lists for dictionary-based password cracking attacks are introduced, with a specific focus on leveraging contextual information encountered during an investigation. Furthermore, a detailed explanation of the framework’s implementation is provided, and the benefits of the approach are demonstrated with the use of test cases.}
}