Defending Against Password Guessing Attacks on Web Applications
P. Dayaker1, Chandrakant K. Daf2
1P. Dayaker, Department of Computer Science and Engineering, Jawaharlal Nehru Technological University, Hyderabad, (Telangana), India.
2Mr. Chandrakant K. Daf, PG Student, Department of Computer Science and Engineering, Jawaharlal Nehru Technological University, Hyderabad, (Telangana), India.
Manuscript received on 20 November 2015 | Revised Manuscript received on 30 November 2015 | Manuscript published on 30 November 2015 | PP: 1-2 | Volume-4 Issue-5, November 2015 | Retrieval Number: E1498114515©BEIESP
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Brute force and dictionary attacks on password protected remote login services are increasing rapidly. Letting legitimate user’s login conveniently while preventing such attacks is difficult. Automated Turing Tests (ATTs) are effective and easy to implement but cause reasonable amount of inconvenience to the user. We discuss the existing and proposed login protocols designed to prevent large scale online dictionary attacks. We propose Password Guessing Resistant Protocol (PGRP), which is derived upon revisiting prior proposals designed to restrict such attacks. PGRP reduces the total number of login attempts from an unknown remote host while trusted or legitimate users can make several failed login attempts before being challenged by ATT.
Keyword: Brute force, Attacks, CAPTCHA, PGRP.
Scope of the Article: Internet and Web Applications