-
CS Colloquium: Raheem Beyah (Georgia Tech) - Password Security, Measurement, and Correlation Quantification
Thu, Oct 01, 2015 @ 04:00 PM - 05:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Raheem Beyah, Georgia Tech
Talk Title: Password Security, Measurement, and Correlation Quantification
Series: CS Colloquium
Abstract: In this talk, results from a large-scale study on the crackability, correlation, and security of over 115 million real world passwords that were leaked from several popular Internet services and applications will be presented. Additionally, I will discuss a prototype system that provides a uniform comprehensive research platform for password security, measurement, and correlation quantification. Using this system, we analyze and evaluate 11 state-of-the-art password cracking algorithms, systematically and comprehensively evaluate these algorithms in multiple scenarios and identify their advantages and disadvantages. The system further consists of the implementation of 8 academic password meters, and 15 commercial password checkers/meters (both online and offline versions) from the top 150 websites. We identify that some commercial meters do little to guide users to select strong passwords, and often lead users to select vulnerable passwords. Additionally, a password correlation quantification framework will be presented, which is used to provide the correlation of different password datasets. Experimental results demonstrate that our quantification is consistent with the cracking results and existing observations. Finally, I will summarize and discuss future research directions (e.g., hybrid password cracking, social profile-aware/hybrid password meters) and challenges of password research.
The lecture will be available to stream HERE
Biography: Raheem Beyah, a native of Atlanta, Ga., is an Associate Professor in the School of Electrical and Computer Engineering at Georgia Tech where he leads the Communications Assurance and Performance Group (CAP) and is a member of the Institute for Information Security & Privacy (GTIISP) and the Communications Systems Center (CSC). Prior to returning to Georgia Tech, Dr. Beyah was an Assistant Professor in the Department of Computer Science at Georgia State University, a research faculty member with the Georgia Tech CSC, and a consultant in Andersen Consulting's (now Accenture) Network Solutions Group. He received his Bachelor of Science in Electrical Engineering from North Carolina A&T State University in 1998. He received his Masters and Ph.D. in Electrical and Computer Engineering from Georgia Tech in 1999 and 2003, respectively. Dr. Beyah has served as a Guest Editor for MONET and is currently an Associate Editor of the (Wiley) Wireless Communications and Mobile Computing Journal. His research interests include network security, wireless networks, network traffic characterization and performance, and critical infrastructure security. He received the National Science Foundation CAREER award in 2009 and was selected for DARPA's Computer Science Study Panel in 2010. He is a member of AAAS, ASEE, a lifetime member of NSBE, and a senior member of ACM and IEEE.
Host: CS Department
Webcast: https://bluejeans.com/156406552Location: Henry Salvatori Computer Science Center (SAL) - 101
WebCast Link: https://bluejeans.com/156406552
Audiences: Everyone Is Invited
Contact: Assistant to CS chair
