Research Of Password Strength Meter And Password Strengthening Based On Probabilistic Language Model

Identity authentication is the primary means of protecting user information security.Password-based authentication,has become the most widely used identity authentication in the Internet due to the convenience in deployment process and the flexibility in use.However,there are many security and usability problems in passwordbased authentication systems.Due to the limited memory of the human brain,people tend to use simple passwords and can hardly remembering the secure passwords which has the complex structure.That fact leads to the vulnerability of password authentication systems.Based on the purpose of protecting the security of the password-based authentication system,we investigated the existing password strength meter and password strengthening method.We find that these mainstream password security technologies are hard to cope with the threat of increasingly intelligent password guessing attacks.Therefore,we try to improve the security of the password authentication system by increasing the accuracy of password strength meter and enhancing the strength of weak passwords.Our main contributions are as follows:1.We did statistical analysis of large-scale leaked password datasets to study the basic characteristics of each password dataset which including password length distribution characteristic and character composition distribution characteristic.We integrating personal information and the corresponding passwords which are used by the same user in different websites service through email matching.According to the above mentioned information,we also analyze users' vulnerable password generation behaviors such as the passwords reuse and the use of personal information in passwords.2.Based on the integrated password data and personal information data,we analyze the similarity between passwords under the single service provider scenario and the cross-service provider scenario.After that,we propose a password strength meter based on weak password deduction.Our proposed password strength meter uses the weak password set to construct a BK-tree and use the generated BK-tree to describe the similarity between passwords.Then,we expands the probabilistic context-free grammar tag to describe user's behavior of weak passwords reuse.It can effectively identify the similarity of weak passwords and improve the accuracy of password strength meter.We verified the efficiency of our password strength meter through a series of experiments.3.We proposed a password strengthening method based on semantic transformation.A password lexical database is established to analyze the semantics of the password,and then combined with the existing password strength meter method.The weak password is modified through the transformation of the password semantics,and the weak password is strengthen under the premise of guaranteeing the usability of the password.We solve the problem of the existing password strengthening methods that cannot resist composite password guessing attacks.The efficiency of our password strengthening method is verified through a series of experiments.