User Password Intelligence Enhancement by Dynamic Generation Based on Markov Model

  • Zhendong WuEmail author
  • Yihang Xia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11337)


The use of passwords in daily life has become more and more widespread, which has become an indispensable part of life. However, there are still some security risks when using passwords. These security risks occupy a large part due to users using low strength password because of the very limited memory ability of human beings. It makes verbal guessing based on human memory habits achieve good attack effectiveness. In order to improve the security of network password system, this paper proposes a password enhancement method combining Markov model intelligent prediction and dynamic password enhanced technology. This method can greatly increase the password strength by more than 80% without increasing the memory burden of the user. At the same time, it does not need to store complex keys in the system, which can significantly improve the security of the network password system.


Password security enhancement Markov model Dynamical password-generation 


  1. 1.
    Dell Amico, M., Michiardi, P., Roudier, Y.F.: Password strength: an empirical analysis. In: 2010 Proceedings IEEE INFOCOM, San Diego, CA, USA, pp. 1–9 (2010)Google Scholar
  2. 2.
    Wang, P., Wang, D., Huang, X.: Advances in password security. J. Comput. Res. Dev. 53(10), 2173–2188 (2016)Google Scholar
  3. 3.
    Vu, K.P.L., Proctor, R.W., Bhargav-Spantzel, A., et al.: Improving password security and memorability to protect personal and organi-zational information. Int. J. Hum.-Comput. Stud. 65(8), 744–757 (2007)CrossRefGoogle Scholar
  4. 4.
    Castelluccia, C., Chaabane, A., Dürmuth, M., et al.: When privacy meets security: leveraging personal information for password cracking. Computer Science (2013)Google Scholar
  5. 5.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 538–552. IEEE (2012)Google Scholar
  6. 6.
    Ma, J., Yang, W., Luo, M., et al.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 689–704. IEEE (2014)Google Scholar
  7. 7.
    Kelley, P.G., Komanduri, S., Mazurek, M.L., et al.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 523–537. IEEE (2012)Google Scholar
  8. 8.
    Komanduri, S., Shay, R., Kelley, P.G., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM (2011)Google Scholar
  9. 9.
    Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364–372. ACM (2005)Google Scholar
  10. 10.
    Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, pp. 391–405. IEEE (2009)Google Scholar
  11. 11.
    Weir, M., Aggarwal, S., Collins, M., et al.: Testing metrics for password creation policies by attacking large sets of re-vealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 162–175. ACM (2010)Google Scholar
  12. 12.
    Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from markov models. In: The Network and Distributed System Security Symposium (NDSS 2012) (2012)Google Scholar
  13. 13.
    de Carnavalet, X.D.C., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: The Network and Distributed System Security Symposium (NDSS 2014) (2014)Google Scholar
  14. 14.
    Dürmuth, M., Angelstorf, F., Castelluccia, C., Perito, D., Chaabane, A.: OMEN: faster password guessing using an ordered markov enumerator. In: International Symposium on Engineering Secure Software and Systems, Mar 2015, Milan, Italy (2015)Google Scholar
  15. 15.
    Batagelj, V., Brandes, U.: Efficient generation of large random networks. Phys. Rev. E 71(3), 036113 (2005)CrossRefGoogle Scholar
  16. 16.
    Zhendong, W., Liang, B., You, L., Jian, Z., Li, J.: High-dimension space projection-based biometric encryption for fingerprint with fuzzy minutia. Soft Comput. 20(12), 4907–4918 (2016)CrossRefGoogle Scholar
  17. 17.
    Zhendong, W., Tian, L., Li, P., Ting, W., Jiang, M., Wu, C.: Generating stable biometric keys for flexible cloud computing authentication using finger vein. Inf. Sci. 433, 431–447 (2018)Google Scholar
  18. 18.
    Li, J., Sun, L., Yan, Q., Li, Z., Witawas, S., Ye, H.: Significant permission identification for machine learning based android mal-waredetection. IEEE Trans. Ind. Inform. 1–12 (2018). Scholar
  19. 19.
    Liu, Z., Wu, Z., Li, T., Li, J., Shen, C.: GMM and CNN hybrid method for short utterance speaker recognition. IEEE Trans. Ind. Inform. 1–10 (2018). Scholar
  20. 20.
    Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: Proceedings of the 25th USENIX Security Symposium, 10–12 August, Austin, TX (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of CyberspaceHangzhou Dianzi UniversityZhejiangChina

Personalised recommendations