Monday, 8 February 2016

Abertay Ethical Hacking Society: 5th annual Security Conference: Securi-Tay V

Securi-Tay [1] is an Information Security conference held by the Abertay Ethical Hacking Society [2], and supported by the Abertay University in Dundee. The aim of the conference is to provide an opportunity to industry professionals, students and information security enthusiasts to attend and share knowledge and information. This year will be the fifth year the conference is taking place (hence the V) and it will be held on February 26th - 27th, 2016. Personally, I believe this conference offers a fantastic opportunity to students to meet and network with experts in the area of security, share information and have a first glance on how their future in the security industry can be like. 

I was very pleased to get accepted to speak at the conference again this year and I am already looking forward to it. The talk is about passwords and more specifically on how to train your brain to "regenerate" different passwords for different accounts, instead of remembering them. I know that this is not very clear at the moment, but I promise you that everything will be explained during the presentation. This is something I started working more than 10 years ago. I actually published two papers on the subject, one paper describing the thought process and one paper on how to reverse the password generation process during a computer forensics investigation based on an individual's profile. 

The title and the abstract of my talk for Securi-Tay V can be found at the conference's website under the talks section. For future reference the talk's title and abstract will be also available below

I really hope I have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi. :D

Teach your brain to regenerate passwords instead of remembering them!
Despite the existence of a number of advanced authentication mechanisms such as Single Sign-On (SSO), different types of Biometrics, the use of multi-factor authentication, etc., the use of passwords is still the most popular means of authenticating users. The need to generate and hopefully to remember these passwords has become even more demanding due to the rapid increase in the number of systems and online accounts being used. Best practice is that these passwords need to be as strong as the assets they protect, and password management applications are supposed to be the most straightforward solution for storing them safely. 

Strong passwords can either be a completely randomly generated set of alphanumerics and symbols, but they can also follow a particular logic. The latter can act as a unique factor, based on the fact that everyone has its own thought patterns, which are based on different experiences, which build up a person’s character, and represent a unique personality.

This particular side research started almost ten years ago, as an alternative way of approaching the password memorizing concerns, and since then it has offered a cognitive model for regenerating a particular password instead of remembering it. More specifically, the thought process of regenerating a particular password is tied to the individual’s unique personality, that allows him/her to use not only different passwords in each case but also have an automated risk assessment process that further contributes to the password’s threat classification.

All this might sound a bit complicated when trying to describe an overview of the thought process in a few lines. Rest assured that during the presentation the participants will not only have the chance to see the use of passwords from a different perspective, but by the end of the session they will also be trained to use this regeneration method, based upon their own unique personality .


No comments:

Post a Comment