Article
A Novel Dictionary Generation Methodology for Contextual-Based Password Cracking
Contribution Summary
A novel dictionary generation methodology for contextual-based password cracking is proposed, focusing on leveraging contextual information encountered during an investigation. The approach enables the creation of custom dictionary word lists for dictionary-based password cracking attacks, targeting specific users or groups of users. By incorporating user habits and personal information, the methodology generates targeted password candidates, potentially expediting password cracking processes in law enforcement investigations. The proposed approach is demonstrated through a prototype implementation and evaluation, showcasing its viability and impact on password cracking.
Keywords: Contextual-based password cracking; Dictionary generation methodology; Password cracking attacks; Law enforcement investigations; Custom dictionary word lists; User habits and personal information; Targeted password candidates; Password guessing
Abstract
It has been more than 50 years since the concept of passwords was introduced and adopted in our society as a digital authentication method. Despite alternative authentication methods being developed later, it is reasonable to assume that this prevailing authentication method will not fall out of popularity anytime soon. Naturally, each password is closely connected to its creator. This connection has given rise to advanced techniques aimed at exploiting user habits for password cracking. Such techniques are often generic approaches that leverage large datasets of human-created passwords. Recent research has underlined the influence that context can have during password selection for a user. This information could be of significant added value when digital investigators need to target a specific user or group of users during a criminal investigation. There are no automated approaches that can extract and utilize contextual information during the password cracking processes. In this paper, a methodology and framework for creating custom dictionary word lists for dictionary-based password cracking attacks are introduced, with a specific focus on leveraging contextual information encountered during an investigation. Furthermore, a detailed explanation of the framework’s implementation is provided, and the benefits of the approach are demonstrated with the use of test cases.
BibTeX
@article{kanta2022dictionarygeneration,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{A Novel Dictionary Generation Methodology for Contextual-Based Password Cracking}",
journal="{IEEE Access}",
year=2022,
month=06,
volume=10,
pages={59178-59188},
doi={10.1109/ACCESS.2022.3179701},
abstract={It has been more than 50 years since the concept of passwords was introduced and adopted in our society as a digital authentication method. Despite alternative authentication methods being developed later, it is reasonable to assume that this prevailing authentication method will not fall out of popularity anytime soon. Naturally, each password is closely connected to its creator. This connection has given rise to advanced techniques aimed at exploiting user habits for password cracking. Such techniques are often generic approaches that leverage large datasets of human-created passwords. Recent research has underlined the influence that context can have during password selection for a user. This information could be of significant added value when digital investigators need to target a specific user or group of users during a criminal investigation. There are no automated approaches that can extract and utilize contextual information during the password cracking processes. In this paper, a methodology and framework for creating custom dictionary word lists for dictionary-based password cracking attacks are introduced, with a specific focus on leveraging contextual information encountered during an investigation. Furthermore, a detailed explanation of the framework’s implementation is provided, and the benefits of the approach are demonstrated with the use of test cases.}
}