Mémoire
| Résumé : | This thesis examines the persistent threat posed by brute force attacks on online authentication systems, despite the evolution of security measures. Through in-depth analysis, the thesis explores the different forms of brute force attacks, including simple, dictionary, hybrid and reverse brute force attacks. The effectiveness of common security measures such as strong password policies, CAPTCHA, session cookies and account or source locking is critically evaluated. The research also examines the different evasion techniques attackers use to bypass these defenses, including slow attacks, IP manipulation and tool modulation or adaptation. The experimental part of the thesis involves the development and use of Dokos, a simplified Python-based brute force tool, to simulate and analyze different attack scenarios in a controlled environment. The results provide practical insights into the performance of security measures, and reveal potential vulnerabilities in existing methods. The study concludes with recommendations for strengthening the security of online authentication, including the adoption of less conventional measures such as deceptive server responses, and the move to multi-factor authentication and authentication keys to break away from passwords. Future research directions are suggested, such as an intuitive improvement in the use of the Dokos tool and test environment, such as the integration of emerging technologies to strengthen defenses against brute force attacks. |
