Inproceedings
Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT
Contribution Summary
The paper presents a novel approach to password guessing by integrating contextual information and Open Source Intelligence (OSINT) to improve the recovery of passwords. The authors investigate the use of OSINT to gather information about a suspect's online and offline life, which can be used to make educated guesses about their password. This information can include social media profiles, browsing history, online interactions, and other contextual data. The research aims to create a bespoke, personalized dictionary list to feed into password cracking tools, which can be used by law enforcement agencies to access password-protected accounts and devices. The authors propose a methodology for collecting and analyzing contextual information, and discuss the potential benefits and challenges of this approach. The research has implications for the field of digital forensics and cybersecurity, and highlights the importance of considering the human factor in password security.
Keywords: Password Security; Password Guessing Techniques; Context-based Password Cracking; Open Source Intelligence (OSINT); Digital Forensics; Cybersecurity; Password Recovery; Contextual Information
Abstract
In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent information about suspects in a timely manner. A significant hindrance to this is the difficulty of accessing any system a suspect uses that requires authentication via password. Password guessing techniques generally consider common user behaviour while generating their passwords, as well as the password policy in place. Such techniques can offer a modest success rate considering a large/average population. However, they tend to fail when focusing on a single target - especially when the latter is an educated user taking precautions as a savvy criminal would be expected to do. Open Source Intelligence is being increasingly leveraged by Law Enforcement in order to gain useful information about a suspect, but very little is currently being done to integrate this knowledge in an automated way within password cracking. The purpose of this research is to delve into the techniques that enable the gathering of the necessary textitcontext about a suspect and find ways to leverage this information within password guessing techniques.
BibTeX
@inproceedings{kanta2020passwordguessing,
author={Kanta, Aikaterini and Coisel, Iwen and Scanlon, Mark},
title="{Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT}",
booktitle={6th IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security)},
year=2020,
month=06,
address="Dublin, Ireland",
organization={IEEE},
abstract="In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent information about suspects in a timely manner. A significant hindrance to this is the difficulty of accessing any system a suspect uses that requires authentication via password. Password guessing techniques generally consider common user behaviour while generating their passwords, as well as the password policy in place. Such techniques can offer a modest success rate considering a large/average population. However, they tend to fail when focusing on a single target -- especially when the latter is an educated user taking precautions as a savvy criminal would be expected to do. Open Source Intelligence is being increasingly leveraged by Law Enforcement in order to gain useful information about a suspect, but very little is currently being done to integrate this knowledge in an automated way within password cracking. The purpose of this research is to delve into the techniques that enable the gathering of the necessary \textit{context} about a suspect and find ways to leverage this information within password guessing techniques.",
doi={10.1109/CyberSecurity49315.2020.9138870},
}