Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT

Authors: Kanta, Aikaterini; Coisel, Iwen and Scanlon, Mark

Publication Date: June 2020

Publication Name: 6th IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

Abstract:

In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent information about suspects in a timely manner. A significant hindrance to this is the difficulty of accessing any system a suspect uses that requires authentication via password. Password guessing techniques generally consider common user behaviour while generating their passwords, as well as the password policy in place. Such techniques can offer a modest success rate considering a large/average population. However, they tend to fail when focusing on a single target -- especially when the latter is an educated user taking precautions as a savvy criminal would be expected to do. Open Source Intelligence is being increasingly leveraged by Law Enforcement in order to gain useful information about a suspect, but very little is currently being done to integrate this knowledge in an automated way within password cracking. The purpose of this research is to delve into the techniques that enable the gathering of the necessary \textitcontext about a suspect and find ways to leverage this information within password guessing techniques.

Download:

Download Paper as PDF

BibTeX Entry:

@inproceedings{kanta2020passwordguessing,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT}",
booktitle={6th IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security)},
year=2020,
month=06,
address="Dublin, Ireland",
organization={IEEE},
abstract="In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent information about suspects in a timely manner. A significant hindrance to this is the difficulty of accessing any system a suspect uses that requires authentication via password. Password guessing techniques generally consider common user behaviour while generating their passwords, as well as the password policy in place. Such techniques can offer a modest success rate considering a large/average population. However, they tend to fail when focusing on a single target -- especially when the latter is an educated user taking precautions as a savvy criminal would be expected to do. Open Source Intelligence is being increasingly leveraged by Law Enforcement in order to gain useful information about a suspect, but very little is currently being done to integrate this knowledge in an automated way within password cracking. The purpose of this research is to delve into the techniques that enable the gathering of the necessary \textit{context} about a suspect and find ways to leverage this information within password guessing techniques."
}