Neural Network Techniques for Proactive Password Checking

This paper deals with the access control problem. We assume that valuable resources need to be protected against unauthorised users and that, to this aim, a password-based access control scheme is employed. Such an abstract scenario captures many applicative settings. The issue we focus our attention on is the following: passwordbased schemes provide a certain level of security as long as users choose good passwords, i.e., passwords hard to guess in a reasonable amount of time. In order to force the users to good choices, a proactive password checker can be implemented as a submodule of the access control scheme. Such a checker, any time the user chooses/changes his own password, decides on the fly whether to accept or refuse the new password, depending on its guessability. Hence, the question is: How can we get an effective and efficient proactive password checker? By means of neural networks and statistical related techniques, we answer the above question developing proactive password checkers. Through a series of experiments, we show that these checkers have very good performance: error rates are comparable to the ones of the best existing checkers, implemented on different principles and by using other methodologies, and memory requirements are better in several cases. It is the first time that the neural network technology is fully and successfully applied to designing proactive password checkers.