Research On Password Security Technology

Password-based authentication has become the most widely used authentication method because of its low cost and convenience.Because of its simplicity,passwords have always had serious security issues:(1)Password sets from different languages have significantly different letter distributions.Most password generation methods simply classify all password sets into one category without distinguishing their features,and use the same method to evaluate the password sets that may contain different features.Moreover,there is no research on the analysis of Chinese Syllables in Chinese password sets;(2)Most users take easy-to-remember personal information or common character combinations as passwords,resulting in weak password and vulnerable to dictionary attacks.Mnemonic strategy is used to help users to generate secure and memorable passwords;this topic has attracted extensive interests from worldwide researchers in recent years.Many existing mnemonic strategies have problems such as low security and low usability.Aiming at the problem 1,a new approach to the Chinese password set security evaluation that is named CSNN(i.e.,Chinese Syllables and Neural Network-based password generation)is proposed in this thesis.In CSNN,each Chinese Syllable is treated as an integral element,and the spelling rules of Chinese Syllable can be used to parse and process the passwords.The processed passwords are then trained in the neural network model of Long Short-Term Memory(LSTM),which is used to generate password dictionaries(guessing sets).To evaluate the performance of CSNN,the hit rates of guessing sets generated by CSNN is compared with the two classical approaches(i.e.,Probability Context-Free Grammar(PCFG)and 5th-order Markov Chain Model).In the hit rate experiment,guessing sets of different scales were selected;the results show that the comprehensive performance of guessing sets generated by CSNN is better than PCFG and 5th-order Markov Chain Model.Compared with PCFG,different scales of CSNN guessing sets can improve 5.1%~7.4% in hit rate on some test sets by 710 guesses(average 6.3%);compared with 5th-order Markov Chain Model,the CSNN guessing sets increased its hit rate by 2.8% to 12%(with an average of 8.2%)by 58?10 guesses.Aiming at the problem 2,a Chinese sentence-based password mnemonic strategy is proposed in this thesis.The user selects a memorable sentence as a mnemonic sentence,and then converts it into a password based on predefined rules or the user's choice,and we evaluate its performance by a control experiment.To evaluate the security and usability of the mnemonic strategy,we use performance assessment tools such as the Markov chain model,to compare the generated passwords with a large number of real-world passwords.In terms of usability,NASA-TLX shows that although the workloads required in our mnemonic strategy are higher than those from non-strategy in password generation phase,whether to use mnemonic strategies has no significant difference in short-term memory and long-term memory.In addition,in terms of security,all password strength assessment tools show that the passwords generated by our mnemonic strategy are stronger than the real-world passwords.While converting the mnemonic sentence into a password,this strategy hides personal sensitive information,so it reduces the risk of password leakage due to personal information leakage,and improves the security of the strategy.