http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
RISS 인기검색어
- 검색키워드
- 주제어 : Password Cracking (검색결과 2 건)
-
남성엽 Graduate School of Cybersecurity, Korea University 2021 국내박사
Text-based passwords are a fundamental and popular means of authentication. Password authentication is simple to implement because it does not require any equipment, unlike biometric authentication, and it relies only on the user’s memory. Therefore, people often use easy-to-remember passwords, such as ”iloveyou1234.” This reliance on memory, however, is an inherent weakness of passwords, mainly because these easy-to-remember passwords can also be cracked easily. Despite this well-known weakness, passwords are still the de-facto authentication method for most online systems. Owing to this importance, password cracking has been researched extensively, both for offensive and defensive purposes. Hashcat and John the Ripper are the most popular cracking tools, allowing users to crack millions of passwords in a short time, based on password- cracking dictionaries and rule-sets. However, rule-based cracking has an explicit limitation of depending on password-cracking experts to come up with creative rules. To overcome this limitation, a recent trend has been to apply machine learning techniques to conduct research on password cracking. For instance, state-of-the-art password guessing studies such as PassGAN adopted a Generative Adversarial Network (GAN) and used it to generate highquality password guesses without knowledge of password structures. However, compared to the probabilistic context-free grammar (PCFG), PassGAN showed inferior passwordcracking performance in all experimental cases. In addition, PassGAN could not prove its cracking performance under practical cases (long-length and complicated passwords). In this thesis, I propose new methods for achieving improved password-cracking performance, which are based on both the generator and discriminator modules of a GAN. With respect to the generator of GAN, I describe new techniques for improving the passwordcracking performance of PassGAN. Interestingly, changing both basic neural networks and the hyper-parameter configuration of GANs outperforms the cracking performance of PassGAN. In addition, transforming to dual-discriminator architecture has a beneficial effect on improving the password-cracking performance. These new approaches are denoted as rPassGAN, rPassD2CGAN, and rPassD2SGAN. In some experimental cases, the rPassGAN series surpasses PCFG as well. Through several experiments with rPassGAN, I observed that each password guessing model has its own cracking space that does not overlap with other models. This observation led me to realize that an optimized candidate dictionary can be made by combining the password candidates generated by multiple password generation models. The second technique I suggest is a deep learning-based approach called REDPACK that addresses the weakness of the cutting-edge GAN-based password-cracking tools. To this end, REDPACK combines multiple password generator models in an effective way. This approach uses the discriminator of the rPassGAN as the password-candidate selector. Then, by collecting passwords selectively, REDPACK achieves a more realistic password candidate dictionary. Also, REDPACK improves password cracking performance by incorporating both the generator and the discriminator in a GAN framework. I evaluated this model on various datasets with password candidates composed of symbols, digits, upper, and lowercase letters. The results clearly show that my approach outperforms all existing approaches, including rule-based Hashcat, GAN-based PassGAN, and probability-based PCFG. Another advantage of the proposed model is that REDPACK can reduce the number of password candidates by up to one-third or one-fourth, with small cracking performance loss compared to the union set of passwords cracked by multiple-generation models. Finally, I propose iREDPACK, which is the first heterogeneously-structured GAN model in the password-cracking domain and adopts the concept of Google Inception. iREDPACK is designed for handling passphrase-structured passwords. iREDPACK selects more password candidates of PCFG than REDPACK in all experiments.
-
장수희 Graduate School of Information Security, Korea Uni 2015 국내석사
디지털 도어락 시스템은 전세계에서 널리 사용되는 물리적 보안 시스템 중 하나이다. 이 장치는 비인가자의 접근을 제한하고 사용자의 자산이나 특정 영역을 보호하는 기능을 제공한다. 그러나 비인가자에게 디지털 도어락의 비밀번호가 노출된다며, 이 장치의 기능을 무용지물이 된다. 따라서 본 논문에서는 사용자가 어떠한 수상한 낌새를 알아차리지 못한 채, 디지털 도어락 비밀번호를 알아낼 수 있는 새로운 공격방법에 대해 말해보고자 한다. 우리들은 도어락 사용자가 비밀번호를 입력을 위한 버튼을 누를 때 필연적으로 발생하는 진동신호에 주목하였다. 이는 매우 자연적인 현상으로 이를 이용하여 디지털도어락 비밀번호 해독을 시도하였다. 이 공격은 부채널 공격 혹은 APT 공격과 유사한 특성을 가진 공격 형태로 간주할 수 있다. 또한 실험을 통해 흥미로운 점은 사람들이 보안 영역에서 일반적인 생각하는 가설이 우리의 공격 모델에 적용 할 수 없었다는 것이다. 여기서 말하는 가설이란 비밀번호가 길수록 더 높은 보안 수준을 보장할 것이라는 것이다. 그러나, 우리의 공격 모델에서 비밀번호 유추는 비밀번호의 길이보다 버튼의 숫자에 더 많은 영향을 받는 것으로 나타났다. 본 논문에서 제시하는 공격에 대한 대응방안으로 랜덤 노이즈 발생기를 사용할 것을 제시하며, 이외에 ID card, 지문 등과 같은 추가 인증절차를 추가할 것을 권장한다. Digital door lock system is one of the widely used physical security systems around the world. It restricts unauthorized access and protects assets or personal space. However, once the password is exposed to unauthorized people, its function becomes useless. In this paper, we propose a novel attack model, which enables to crack digital door lock password without giving any notice. We noted that when people press button, no matter he or she is intentional or not, most of them generate different vibrations depending on the place of the pressed button. The natural phenomenon, vibration, is applied to our model to infer password. This noble attack model might be regarded as side channel or APT as they share similar characteristics. During the experiment, we found that one of common ideas in security area is not applicable to our attack model. We believe that longer password guarantees higher security level. However, under our attack model, inferring the password depends on the number of distinguishable button rather than the length of password. To mitigate the risk we verified, we suggest using random noise generator to avoid the proposed attack only. More commonly, setting additional authentication method can be the solution such as the system using ID card or fingerprint identification. However this is a little bit different concept as it accepts the risk caused by our attack model, but restricts the risk with other authentication method.
연관 검색어 추천
이 검색어로 많이 본 자료
활용도 높은 자료
