Password Security as a Game of Entropies
We consider a formal model of password security, in which two actors engage in a competition of optimal password choice against potential attacks. The proposed model is a multi-objective two-person game. Player 1 seeks an optimal password choice policy, optimizing matters of memorability of the pass...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2018-04-01
|
| Series: | Entropy |
| Subjects: | |
| Online Access: | http://www.mdpi.com/1099-4300/20/5/312 |
| _version_ | 1811186288149135360 |
|---|---|
| author | Stefan Rass Sandra König |
| author_facet | Stefan Rass Sandra König |
| author_sort | Stefan Rass |
| collection | DOAJ |
| description | We consider a formal model of password security, in which two actors engage in a competition of optimal password choice against potential attacks. The proposed model is a multi-objective two-person game. Player 1 seeks an optimal password choice policy, optimizing matters of memorability of the password (measured by Shannon entropy), opposed to the difficulty for player 2 of guessing it (measured by min-entropy), and the cognitive efforts of player 1 tied to changing the password (measured by relative entropy, i.e., Kullback–Leibler divergence). The model and contribution are thus twofold: (i) it applies multi-objective game theory to the password security problem; and (ii) it introduces different concepts of entropy to measure the quality of a password choice process under different angles (and not a given password itself, since this cannot be quality-assessed in terms of entropy). We illustrate our approach with an example from everyday life, namely we analyze the password choices of employees. |
| first_indexed | 2024-04-11T13:43:04Z |
| format | Article |
| id | doaj.art-7609c09450bd4eb5b1d3e805e7d2a6c8 |
| institution | Directory Open Access Journal |
| issn | 1099-4300 |
| language | English |
| last_indexed | 2024-04-11T13:43:04Z |
| publishDate | 2018-04-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Entropy |
| spelling | doaj.art-7609c09450bd4eb5b1d3e805e7d2a6c82022-12-22T04:21:10ZengMDPI AGEntropy1099-43002018-04-0120531210.3390/e20050312e20050312Password Security as a Game of EntropiesStefan Rass0Sandra König1System Security Group, Institute of Applied Informatics, Universität Klagenfurt, 9020 Klagenfurt, AustriaAustrian Institute of Technology, Center for Digital Safety & Security, 1210 Vienna, AustriaWe consider a formal model of password security, in which two actors engage in a competition of optimal password choice against potential attacks. The proposed model is a multi-objective two-person game. Player 1 seeks an optimal password choice policy, optimizing matters of memorability of the password (measured by Shannon entropy), opposed to the difficulty for player 2 of guessing it (measured by min-entropy), and the cognitive efforts of player 1 tied to changing the password (measured by relative entropy, i.e., Kullback–Leibler divergence). The model and contribution are thus twofold: (i) it applies multi-objective game theory to the password security problem; and (ii) it introduces different concepts of entropy to measure the quality of a password choice process under different angles (and not a given password itself, since this cannot be quality-assessed in terms of entropy). We illustrate our approach with an example from everyday life, namely we analyze the password choices of employees.http://www.mdpi.com/1099-4300/20/5/312game theorysecurityentropypasswords |
| spellingShingle | Stefan Rass Sandra König Password Security as a Game of Entropies Entropy game theory security entropy passwords |
| title | Password Security as a Game of Entropies |
| title_full | Password Security as a Game of Entropies |
| title_fullStr | Password Security as a Game of Entropies |
| title_full_unstemmed | Password Security as a Game of Entropies |
| title_short | Password Security as a Game of Entropies |
| title_sort | password security as a game of entropies |
| topic | game theory security entropy passwords |
| url | http://www.mdpi.com/1099-4300/20/5/312 |
| work_keys_str_mv | AT stefanrass passwordsecurityasagameofentropies AT sandrakonig passwordsecurityasagameofentropies |