A Comparative Study Between Two Cybersecurity Attacks: Brute Force and Dictionary Attacks

Nabaa Alaa; Farah Al-Shareefi

doi:10.31642/JoKMC/2018/110216

Authors

Nabaa Alaa Babylon university college of science for girls
Farah Babylon University https://orcid.org/0000-0003-4086-9985

DOI:

https://doi.org/10.31642/JoKMC/2018/110216

Keywords:

Brute Force Attack, Dictionary Attack, Password Based Encryption, Secure Hash Algorithm

Abstract

In today's world, information drives not only business but nearly every aspect of human life. Therefore, safeguarding valuable information from malicious activities like attacks has become essential. Brute force search and dictionary attacks are prevalent cybersecurity threats, in which an attacker systematically attempts all possible passwords and passphrases to gain access to a user's account. These types of attacks are common due to the widespread reuse of simple password variations. The goal of this study is to discover as many passwords as possible and demonstrate their predictability and susceptibility. Our focus was on comparing two cracking methods, such as brute force search attacks and dictionary attacks, assessing their effectiveness and time requirements.

Downloads

Download data is not yet available.

Author Biographies

Nabaa Alaa, Babylon university college of science for girls

In today's world, information drives not only business but nearly every aspect of human life. Therefore, safeguarding valuable information from malicious activities like attacks has become essential. Brute force search and dictionary attacks are prevalent cybersecurity threats, in which an attacker systematically attempts all possible passwords and passphrases to gain access to a user's account. These types of attacks are common due to the widespread reuse of simple password variations. The goal of this study is to discover as many passwords as possible and demonstrate their predictability and susceptibility. Our focus was on comparing two cracking methods, such as brute force search attacks and dictionary attacks, assessing their effectiveness and time requirements.
Farah, Babylon University

In today's world, information drives not only business but nearly every aspect of human life. Therefore, safeguarding valuable information from malicious activities like attacks has become essential. Brute force search and dictionary attacks are prevalent cybersecurity threats, in which an attacker systematically attempts all possible passwords and passphrases to gain access to a user's account. These types of attacks are common due to the widespread reuse of simple password variations. The goal of this study is to discover as many passwords as possible and demonstrate their predictability and susceptibility. Our focus was on comparing two cracking methods, such as brute force search attacks and dictionary attacks, assessing their effectiveness and time requirements.

References

Sharma, Anand, et al. “Password Based Authentication: Philosophical Survey.” 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems, IEEE, 2010. DOI: https://doi.org/10.1109/ICICISYS.2010.5658405

Martinez-Diaz, M., et al. “A Comparative Evaluation of Finger-Drawn Graphical Password Verification Methods.” 2010 12th International Conference on Frontiers in Handwriting Recognition, IEEE, 2010. DOI: https://doi.org/10.1109/ICFHR.2010.65

Klein, D. “Foiling the Cracker: A Survey of, and Improvements to, Password Security.” Proceedings of the 2nd USENIX Security Workshop, 1990, pp. 5–14.

Gautam, Tanvi, and Anurag Jain. “Analysis of Brute Force Attack Using TG-Dataset.” SAI Intelligent Systems Conference (IntelliSys), IEEE, 2015. DOI: https://doi.org/10.1109/IntelliSys.2015.7361263

Dave, Konark Truptiben. "Brute-force attack ‘seeking

but distressing’." Int. J. Innov. Eng

Technol Brute-force 2.3 (2013): 75-78.

A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography.CRCPress,October1996.

Ayankoya, Folasade, and Blaise Ohwo. “Brute-Force Attack Prevention in Cloud Computing Using One-Time Password and Cryptographic Hash Function.” International Journal of Computer Science and Information Security, vol. 17, 2019, pp. 7–19.

L. Bosnjak, J. Sres and B. Brumen, "Brute-force and dictionary attack on hashed real-world passwords", Proc. 41st Int. Conv. Inf. Commun. Technol. Electron. Microelectron. (MIPRO), pp. 1161-1166, Feb. 2018. DOI: https://doi.org/10.23919/MIPRO.2018.8400211

Ayankoya, Folasade, and Blaise Ohwo. “Brute-Force Attack Prevention in Cloud Computing Using One-Time Password and Cryptographic Hash Function.” International Journal of Computer Science and Information Security, vol. 17, 2019, pp. 7–19.

Stiawan, Deris, et al. “Investigating Brute Force Attack Patterns in IoT Network.” Journal of Electrical and Computer Engineering, vol. 2019, 2019, pp. 1–13, doi:10.1155/2019/4568368. DOI: https://doi.org/10.1155/2019/4568368

Verma, Rajat, et al. “Enhancing Security with In-Depth Analysis of Brute-Force Attack on Secure Hashing Algorithms.” Proceedings of Trends in Electronics and Health Informatics, Springer Nature Singapore, 2022, pp. 513–522. DOI: https://doi.org/10.1007/978-981-16-8826-3_44

A. Juels and J. Brainard. Client puzzles: A cryptographic defense against connection depletion attacks. In Network and Distributed System Security Symposium, 1999.

Johnson, Leighton. “Security Component Fundamentals for Assessment.” Security Controls Evaluation, Testing, and Assessment Handbook, Elsevier, 2016, pp. 531–627. DOI: https://doi.org/10.1016/B978-0-12-802324-2.00011-7

Jallouli, O. “Chaos-Based Security under Real-Time and Energy To Cite This Version: Thèse de Doctorat Ons J ALLOULI.” Univ. Nantes, 2017.

M. Marras, “Dictionary attacks on speaker verification,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 773–788, 2022. DOI: https://doi.org/10.1109/TIFS.2022.3229583

Easttom, W. Modern cryptography: applied mathematics for encryption and information security. Springer Nature, 2022. DOI: https://doi.org/10.1007/978-3-031-12304-7