Mémoire
| Résumé : | In the dynamically changing domain of cybersecurity, password security continues to top the charts of the most controversial issues with ever-growing complexity in password-guessing attacks leveraging PII. This project addresses the challenge by proposing a new password generation tool that will work to enhance focused password guessing efforts. The goal is to enhance current tools like CUPP by using PII in password dictionary generation and utilizing probabilistic models to refine the guessing methodology.The thesis is opened with a broad literature review of all existing authentication methods, pointing out the weaknesses of knowledge-based authentication when PII is used to construct passwords.The study aims to design and implement a password generation tool, which was evaluated against CUPP with a series of metrics such as success rate, rank efficiency, and time performance. The evaluations were done on a leaked dataset.Experiments show that the new tool outperforms CUPP in terms of a higher success rate, fewer generated passwords during runtime, and more consistent ranking. These were ways in which this research established the power of targeted approaches driven by PII to inform password-guessing strategies. Significant limitations are also those constrained by the functionality of CUPP itself: the use of only one dataset and keeping dictionary sizes small due to computational restrictions. The thesis concludes with a discussion of the implications of these findings on the cybersecurity world, innovating in password security tools continuously, and articulating ways forward for future research, in particular, exploring machine learning techniques and testing on even more heterogeneous datasets. |
