Description

 The online Brute force and dictionary attacks on password-only remote login services are now widespread and ever increasing.  Enabling convenient login for legitimate users while preventing such attacks is a difficult problem.  Automated Turing Tests (ATTs) continue to be an effective, easy-to-deploy approach to identify automated malicious login attempts with reasonable cost of inconvenience to users.  The inadequacy of existing and proposed login protocols designed to address large-scale online dictionary attacks.  The attack packet dropping disrupts the packet from reaching the destination through malicious behaviour at an intermediate user.  The malicious user gives the impression to its neighbors that it performs the legitimate forwarding action. Moreover, a legitimate user comes under suspicion.  This leverages the open broadcast nature of wireless communication. An instantiation of this technology is local monitoring.  A popular method for detecting attacks in wireless networks is behaviour-based detection performed by normal network nodes through overhearing the communication in their neighbourhood.  A new Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed to restrict such attacks.  The total number of login attempts from unknown remote hosts to as low as a single attempt per username, legitimate users in most cases can make several failed login attempts before being challenged with an ATT.  The performances of PGRP with two real-world data set and find it more promising than existing proposals.