| Passwords are one of the main ways to protect users' personal information in the Internet world,and password authentication is still the most important authentication method.With the large-scale leakage of user passwords at home and abroad in recent years,users have attached great importance to information security.In the academic world,password research has gradually become a new hotspot,and a large number of research results have emerged in research fields such as password guessing attack algorithms and password strength meter design.Statistical analysis shows that users often use personal information to create passwords,but in the current research of guessing attack algorithms,the influence of user personal information on password creation rules has been ignored;how to conduct guessing attacks against specific users,and how to design targeted password strength meter is the current research focus.This mainly studies the role of personal information in password guessing attacks,and proposes a directional guessing attack algorithm based on PCFG-GAN to generate tags.Based on the directional guessing attack algorithm,a directional password strength meter algorithm is proposed to complete the target password strength meter.The design,and finally the design and implementation of a PSM system that can be used in an enterprise authentication system.The specific work is as follows:1.Perform statistical analysis on large-scale password sets,and study the basic characteristics of Chinese passwords and the behavior of real user passwords,such as using personal information to construct passwords.Based on large-scale real-password analysis,we use probabilistic context-free grammar(PCFG)that perceives personal information to parse and convert user passwords into sequence tags.As a training set for the PCFG-GAN deep learning model,we use the text generation characteristics of the GAN model.The simulated data set has a high degree of similarity to the original data set,and contains a password rule structure that does not exist in the original data.The simulated data set is used as the password construction sequence label for the target guessing attack.The real password set is trained and guessed to generate experiments.The results show that our guessing attack algorithm is effective.2.Based on the target guessing attack algorithm,we research and design a target password strength meter,and analyze the similarity between the user password and the weak password string and the use of the keyboard mode in the password.At the same time,Shannon entropy is selected as the password strength.Based on the evaluation index,a password strength meter algorithm is proposed,and the design of the password strength evaluator is completed.3.Design and implement a PSM system that can be applied in the authentication system in the enterprise.Based on the design of the target password strength meter,a PSM system is implemented,which can be used in an enterprise's authentication system,and provides users with a target password strength meter function.At the same time,we provide online strength meter function,users can enter personal information and passwords,check password strength,the system provides background management functions,and can manage weak password lists online.The design of our system architecture is in line with the current enterprise development process and can meet the requirements of the password strength meter function of the authentication system. |
PDF Full Text Request