Improving password guessing via representation learning

Dario Pasquini; Ankit Gangwal; Giuseppe Ateniese; Massimo Bernaschi; Mauro Conti

doi:10.1109/SP40001.2021.00016

Improving password guessing via representation learning

Dario Pasquini, Ankit Gangwal, Giuseppe Ateniese, Massimo Bernaschi, Mauro Conti

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

57 Scopus citations

Abstract

Learning useful representations from unstructured data is one of the core challenges, as well as a driving force, of modern data-driven approaches. Deep learning has demonstrated the broad advantages of learning and harnessing such representations.In this paper, we introduce a deep generative model representation learning approach for password guessing. We show that an abstract password representation naturally offers compelling and versatile properties that open new directions in the extensively studied, and yet presently active, password guessing field. These properties can establish novel password generation techniques that are neither feasible nor practical with the existing probabilistic and non-probabilistic approaches. Based on these properties, we introduce: (1) A general framework for conditional password guessing that can generate passwords with arbitrary biases; and (2) an Expectation Maximization-inspired framework that can dynamically adapt the estimated password distribution to match the distribution of the attacked password set.

Original language	English
Title of host publication	Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021
Pages	1382-1399
Number of pages	18
ISBN (Electronic)	9781728189345
DOIs	https://doi.org/10.1109/SP40001.2021.00016
State	Published - May 2021
Event	42nd IEEE Symposium on Security and Privacy, SP 2021 - Virtual, San Francisco, United States Duration: 24 May 2021 → 27 May 2021

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2021-May
ISSN (Print)	1081-6011

Conference

Conference	42nd IEEE Symposium on Security and Privacy, SP 2021
Country/Territory	United States
City	Virtual, San Francisco
Period	24/05/21 → 27/05/21

Keywords

Deep-learning
Password-Security

Access to Document

10.1109/SP40001.2021.00016

Cite this

@inproceedings{bbd21972f8ba42148214b02feb719277,

title = "Improving password guessing via representation learning",

abstract = "Learning useful representations from unstructured data is one of the core challenges, as well as a driving force, of modern data-driven approaches. Deep learning has demonstrated the broad advantages of learning and harnessing such representations.In this paper, we introduce a deep generative model representation learning approach for password guessing. We show that an abstract password representation naturally offers compelling and versatile properties that open new directions in the extensively studied, and yet presently active, password guessing field. These properties can establish novel password generation techniques that are neither feasible nor practical with the existing probabilistic and non-probabilistic approaches. Based on these properties, we introduce: (1) A general framework for conditional password guessing that can generate passwords with arbitrary biases; and (2) an Expectation Maximization-inspired framework that can dynamically adapt the estimated password distribution to match the distribution of the attacked password set.",

keywords = "Deep-learning, Password-Security",

author = "Dario Pasquini and Ankit Gangwal and Giuseppe Ateniese and Massimo Bernaschi and Mauro Conti",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 42nd IEEE Symposium on Security and Privacy, SP 2021 ; Conference date: 24-05-2021 Through 27-05-2021",

year = "2021",

month = may,

doi = "10.1109/SP40001.2021.00016",

language = "English",

series = "Proceedings - IEEE Symposium on Security and Privacy",

pages = "1382--1399",

booktitle = "Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021",

}

Pasquini, D, Gangwal, A, Ateniese, G, Bernaschi, M & Conti, M 2021, Improving password guessing via representation learning. in Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021. Proceedings - IEEE Symposium on Security and Privacy, vol. 2021-May, pp. 1382-1399, 42nd IEEE Symposium on Security and Privacy, SP 2021, Virtual, San Francisco, United States, 24/05/21. https://doi.org/10.1109/SP40001.2021.00016

Improving password guessing via representation learning. / Pasquini, Dario; Gangwal, Ankit; Ateniese, Giuseppe et al.
Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021. 2021. p. 1382-1399 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2021-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Improving password guessing via representation learning

AU - Pasquini, Dario

AU - Gangwal, Ankit

AU - Ateniese, Giuseppe

AU - Bernaschi, Massimo

AU - Conti, Mauro

PY - 2021/5

Y1 - 2021/5

N2 - Learning useful representations from unstructured data is one of the core challenges, as well as a driving force, of modern data-driven approaches. Deep learning has demonstrated the broad advantages of learning and harnessing such representations.In this paper, we introduce a deep generative model representation learning approach for password guessing. We show that an abstract password representation naturally offers compelling and versatile properties that open new directions in the extensively studied, and yet presently active, password guessing field. These properties can establish novel password generation techniques that are neither feasible nor practical with the existing probabilistic and non-probabilistic approaches. Based on these properties, we introduce: (1) A general framework for conditional password guessing that can generate passwords with arbitrary biases; and (2) an Expectation Maximization-inspired framework that can dynamically adapt the estimated password distribution to match the distribution of the attacked password set.

AB - Learning useful representations from unstructured data is one of the core challenges, as well as a driving force, of modern data-driven approaches. Deep learning has demonstrated the broad advantages of learning and harnessing such representations.In this paper, we introduce a deep generative model representation learning approach for password guessing. We show that an abstract password representation naturally offers compelling and versatile properties that open new directions in the extensively studied, and yet presently active, password guessing field. These properties can establish novel password generation techniques that are neither feasible nor practical with the existing probabilistic and non-probabilistic approaches. Based on these properties, we introduce: (1) A general framework for conditional password guessing that can generate passwords with arbitrary biases; and (2) an Expectation Maximization-inspired framework that can dynamically adapt the estimated password distribution to match the distribution of the attacked password set.

KW - Deep-learning

KW - Password-Security

UR - http://www.scopus.com/inward/record.url?scp=85115047580&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85115047580&partnerID=8YFLogxK

U2 - 10.1109/SP40001.2021.00016

DO - 10.1109/SP40001.2021.00016

M3 - Conference contribution

AN - SCOPUS:85115047580

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 1382

EP - 1399

BT - Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021

T2 - 42nd IEEE Symposium on Security and Privacy, SP 2021

Y2 - 24 May 2021 through 27 May 2021

ER -

Improving password guessing via representation learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this