Next Article in Journal
Validation of Trade-Off in Human–Automation Interaction: An Empirical Study of Contrasting Office Automation Effects on Task Performance and Workload
Next Article in Special Issue
Graph Convolutional Networks for Privacy Metrics in Online Social Networks
Previous Article in Journal
Posture Recognition Using Ensemble Deep Models under Various Home Environments
Previous Article in Special Issue
Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation
Open AccessArticle

Cybersecurity Threats Based on Machine Learning-Based Offensive Technique for Password Authentication

by Kyungroul Lee 1 and Kangbin Yim 2,*
1
R&BD Center for Security and Safety Industries (SSI), Soonchunhyang University, Asan-si 31538, Korea
2
Department of Information Security Engineering, Soonchunhyang University, Asan-si 31538, Korea
*
Author to whom correspondence should be addressed.
Appl. Sci. 2020, 10(4), 1286; https://doi.org/10.3390/app10041286
Received: 10 January 2020 / Revised: 6 February 2020 / Accepted: 11 February 2020 / Published: 14 February 2020
Due to the emergence of online society, a representative user authentication method that is password authentication has been a key topic. However, in this authentication method, various attack techniques have emerged to steal passwords input from the keyboard, hence, the keyboard data does not ensure security. To detect and prevent such an attack, a keyboard data protection technique using random keyboard data generation has been presented. This technique protects keyboard data by generating dummy keyboard data while the attacker obtains the keyboard data. In this study, we demonstrate the feasibility of keyboard data exposure under the keyboard data protection technique. To prove the proposed attack technique, we gathered all the dummy keyboard data generated by the defense tool, and the real keyboard data input by the user, and evaluated the cybersecurity threat of keyboard data based on the machine learning-based offensive technique. We verified that an adversary obtains the keyboard data with 96.2% accuracy even if the attack technique that makes it impossible to attack keyboard data exposure is used. Namely, the proposed method in this study obviously differentiates the keyboard data input by the user from dummy keyboard data. Therefore, the contributions of this paper are that we derived and verified a new security threat and a new vulnerability of password authentication. Furthermore, a new cybersecurity threat derived from this study will have advantages over the security assessment of password authentication and all types of authentication technology and application services input from the keyboard. View Full-Text
Keywords: vulnerability analysis; password authentication; machine learning; user authentication vulnerability analysis; password authentication; machine learning; user authentication
Show Figures

Figure 1

MDPI and ACS Style

Lee, K.; Yim, K. Cybersecurity Threats Based on Machine Learning-Based Offensive Technique for Password Authentication. Appl. Sci. 2020, 10, 1286.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop