Visible to the public Biblio

Filters: Keyword is Brute force  [Clear All Filters]
2023-04-14
Alcaraz-Velasco, Francisco, Palomares, José M., Olivares, Joaquín.  2022.  Analysis of the random shuffling of message blocks as a low-cost integrity and security measure. 2022 17th Iberian Conference on Information Systems and Technologies (CISTI). :1–6.
Recently, a mechanism that randomly shuffles the data sent and allows securing the communication without the need to encrypt all the information has been proposed. This proposal is ideal for IoT systems with low computational capacity. In this work, we analyze the strength of this proposal from a brute-force attack approach to obtain the original message without knowledge of the applied disordering. It is demonstrated that for a set of 10x10 16-bit data, the processing time and the required memory are unfeasible with current technology. Therefore, it is safe.
ISSN: 2166-0727
Faircloth, Christopher, Hartzell, Gavin, Callahan, Nathan, Bhunia, Suman.  2022.  A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft. 2022 IEEE World AI IoT Congress (AIIoT). :501–507.
The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.
2021-03-09
Ramesh, K., Kumar, B. A., Renjith, P. N..  2020.  Treats based Revisiting Defences Against Password Guessing Attacks and Phishing Data Over Different Online Records. 2020 International Conference on Inventive Computation Technologies (ICICT). :824—827.

Password Guessing Attacks, for instance, Brute Force and word reference ambushes on online records are directly wide spread. Guarding the ambushes and giving the accommodating login the genuine customers together is a problematic endeavour. The present structures are lacking to give both the security and solace together. Phishing is a digital assault that targets credulous online clients fooling into uncovering delicate data, for example, username, secret key, standardized savings number or charge card number and so forth. Assailants fool the Internet clients by concealing site page as a dependable or real page to recover individual data. Password Guessing Attacks Resistance Protocol (PGARP) limits the full-scale number of logins attempts from darken remote hosts to as low as a single undertaking for each username, genuine customers all around (e.g., when tries are created utilizing known, occasionally used machines) can make a couple failed login tries before being tried with an ATT. A specific most distant point will be made to oblige the number of failed attempts with the ATT in order to keep the attacks. After the failed login attempt with ATT limit accomplished, an admonition will be sent to the customer concerning the failed login tries have accomplished the best measurement. This admonition will caution the customer and the customer will be urged to change the mystery expression and security question.

2020-09-04
Nursetyo, Arif, Ignatius Moses Setiadi, De Rosal, Rachmawanto, Eko Hari, Sari, Christy Atika.  2019.  Website and Network Security Techniques against Brute Force Attacks using Honeypot. 2019 Fourth International Conference on Informatics and Computing (ICIC). :1—6.
The development of the internet and the web makes human activities more practical, comfortable, and inexpensive. So that the use of the internet and websites is increasing in various ways. Public networks make the security of websites vulnerable to attack. This research proposes a Honeypot for server security against attackers who want to steal data by carrying out a brute force attack. In this research, Honeypot is integrated on the server to protect the server by creating a shadow server. This server is responsible for tricking the attacker into not being able to enter the original server. Brute force attacks tested using Medusa tools. With the application of Honeypot on the server, it is proven that the server can be secured from the attacker. Even the log of activities carried out by the attacker in the shadow server is stored in the Kippo log activities.
Mahmood, Riyadh Zaghlool, Fathil, Ahmed Fehr.  2019.  High Speed Parallel RC4 Key Searching Brute Force Attack Based on FPGA. 2019 International Conference on Advanced Science and Engineering (ICOASE). :129—134.

A parallel brute force attack on RC4 algorithm based on FPGA (Field Programmable Gate Array) with an efficient style has been presented. The main idea of this design is to use number of forecast keying methods to reduce the overall clock pulses required depended to key searching operation by utilizes on-chip BRAMs (block RAMs) of FPGA for maximizing the total number of key searching unit with taking into account the highest clock rate. Depending on scheme, 32 key searching units and main controller will be used in one Xilinx XC3S1600E-4 FPGA device, all these units working in parallel and each unit will be searching in a specific range of keys, by comparing the current result with the well-known cipher text if its match the found flag signal will change from 0 to 1 and the main controller will receive this signal and stop the searching operation. This scheme operating at 128-MHz clock frequency and gives us key searching speed of 7.7 × 106 keys/sec. Testing all possible keys (40-bits length), requires only around 39.5h.

2018-02-21
Patil, A., Laturkar, A., Athawale, S. V., Takale, R., Tathawade, P..  2017.  A multilevel system to mitigate DDOS, brute force and SQL injection attack for cloud security. 2017 International Conference on Information, Communication, Instrumentation and Control (ICICIC). :1–7.

Use of internet increases day by day so securing network and data is a big issue. So, it is very important to maintain security to ensure safe and trusted communication of information between different organizations. Because of these IDS is a very useful component of computer and network security. IDS system is used by many organizations or industries to detect the weakness in their security, documenting previous attacks and threats and preventing all of this from violating security policies. Because of these advantages, this system is important in system security. In this paper, we find a multilevel solution for different approaches (attacks) based on intrusion detection system. In this paper, we identify different attacks and find the solutions for different type of attacks such as DDOS, SQL injection and Brute force attack. In this case, we use client-server architecture. To implement this we maintain profile of user and base on this we find normal user or attacker when system find that attack is present then it directly block the attack.