scispace - formally typeset
Search or ask a question
Author

Qiying Dong

Bio: Qiying Dong is an academic researcher from Nankai University. The author has contributed to research in topics: Password & Computer security. The author has an hindex of 1, co-authored 1 publications receiving 1 citations.

Papers
More filters
Proceedings ArticleDOI
01 May 2022
TL;DR: This work proposes four theoretic models for characterizing the attacker $\mathcal{A}$’s best distinguishing strategies, and develops the corresponding honeyword-generation method for each type of attackers, by using various representative probabilistic password guessing models.
Abstract: Honeywords are decoy passwords associated with each user account to timely detect password leakage. The key issue lies in how to generate honeywords that are hard to be differentiated from real passwords. This security mechanism was first introduced by Juels and Rivest at CCS’13, and has been covered by hundreds of media and adopted in dozens of research domains. Existing research deals with honeywords primarily in an ad hoc manner, and it is challenging to develop a secure honeyword-generation method and well evaluate (attack) it. In this work, we tackle this problem in a principled approach. We first propose four theoretic models for characterizing the attacker $\mathcal{A}$’s best distinguishing strategies, with each model based on a different combination of information available to $\mathcal{A}$ (e.g., public datasets, the victim’s personal information and registration order). These theories guide us to design effective experiments with real-world password datasets to evaluate the goodness (flatness) of a given honeyword-generation method.Armed with the four best attacking theories, we develop the corresponding honeyword-generation method for each type of attackers, by using various representative probabilistic password guessing models. Through a series of exploratory investigations, we show the use of these password models is not straightforward, but requires creative and significant efforts. Both empirical experiments and user-study results demonstrate that our methods significantly outperform prior art. Besides, we manage to resolve several previously unexplored challenges that arise in the practical deployment of a honeyword method. We believe this work pushes the honeyword research towards statistical rigor.

11 citations

Journal ArticleDOI
TL;DR: It is shown that the proposed anonymous authentication scheme for smart home using elliptic curve cryptography cannot resist inside attack and offline dictionary attack and also fails to achieve forward secrecy.
Abstract: As an important application of the Internet of Things, smart home has greatly facilitated our life. Since the communication channels of smart home are insecure and the transmitted data are usually sensitive, a secure and anonymous user authentication scheme is required. Numerous attempts have been taken to design such authentication schemes. Recently, Shuai et al. (Computer & Security 86(2019):132146) designed an anonymous authentication scheme for smart home using elliptic curve cryptography. They claimed that the proposed scheme is secure against various attacks and provides ideal attributes. However, we show that their scheme cannot resist inside attack and offline dictionary attack and also fails to achieve forward secrecy. Furthermore, we give some suggestions to enhance the security of the scheme. These suggestions also apply to other user authentication schemes with similar flaws.

5 citations

TL;DR: Zhang et al. as discussed by the authors investigated the intrinsic characteristics of online and of-ine guessing scenarios and proposed a systematic evaluation framework that is composed of four different dimensioned criteria to rate PSM accuracy under these two guessing scenarios (as well as various guessing strategies).
Abstract: To help users create stronger passwords, nearly every respectable web service adopts a password strength meter (PSM) to provide real-time strength feedback upon user registration and password change. Recent research has found that PSMs that provide accurate feedback can indeed effectively nudge users toward choosing stronger passwords. Thus, it is imperative to systematically evaluate existing PSMs to facilitate the selection of accurate ones. In this paper, we highlight that there is no single silver bullet metric for measuring the accuracy of PSMs: For each given guessing scenario and strategy, a specific metric is necessary. We investigate the intrinsic characteristics of online and offline guessing scenarios, and for the first time , propose a systematic evaluation framework that is composed of four different dimensioned criteria to rate PSM accuracy under these two password guessing scenarios (as well as various guessing strategies). More specifically, for online guessing , the strength misjudgments of passwords with different popularity would have varied effects on PSM accuracy, and we suggest the weighted Spearman metric and consider two typical attackers: The general attacker who is unaware of the target password distribution, and the knowledgeable attacker aware of it. For offline guessing , since the cracked passwords are generally weaker than the uncracked ones, and they correspond to two disparate distributions, we adopt the Kullback-Leibler divergence metric and investigate the four most typical guessing strategies: brute-force, dictionary-based, probability-based, and a combination of above three strategies. In particular, we propose the Precision metric to measure PSM accuracy when non-binned strength feedback (e.g., probability) is transformed into easy-to-understand bins/scores (e.g., [weak, medium, strong]). We further introduce a reconciled Precision metric to characterize the impacts of strength misjudgments in different directions (e.g., weak → strong and strong → weak) on PSM accuracy. The effectiveness and practicality of our evaluation framework are demonstrated by rating 12 leading PSMs, leveraging 14 real-world password datasets. Finally, we provide three recommendations to help improve the accuracy of PSMs.
Book ChapterDOI
01 Jan 2023
TL;DR: Wang et al. as discussed by the authors proposed a targeted password strength evaluation in the scenario where users' personally identifiable information (PII) is available to the attacker, and evaluated the accuracy of their PII-PSM with the weighted Spearman (WSpearman) metric.
Abstract: In recent years, unending breaches of users’ personally identifiable information (PII) have become increasingly severe, making targeted password guessing using PII a practical threat. However, to our knowledge, most password strength meters (PSMs) only consider the traditional trawling password guessing threat, and no PSM has taken into account the more severe targeted guessing threat using PII (e.g., name, birthday, and phone number). To fill this gap, in this paper, we mainly focus on targeted password strength evaluation in the scenario where users’ PII is available to the attacker. First, to capture more fine-grained password structures, we introduce the high-frequency substring as a new grammar tag into leading targeted password probabilistic models TarGuess-I and TarMarkov, and propose TarGuess-I-H and TarMarkov-H. Then, we weight and combine our two improved models to devise PII-PSM, the first practical targeted PSM resistant to common PII-accessible attackers. By using the weighted Spearman (WSpearman) metric recommended at CCS’18, we evaluate the accuracy of our PII-PSM and its counterparts (i.e., our TarGuess-I-H and TarMarkov-H, as well as two benchmarks of Optimal and Min_auto). We conduct evaluation experiments on password datasets leaked from eight high-profile English and Chinese services. Results show that our PII-PSM is more accurate than TarGuess-I-H and TarMarkov-H, and is closer to Optimal and Min_auto, with WSpearman differences of only 0.014 $$\sim $$ 0.023 and 0.012 $$\sim $$ 0.031, respectively. This establishes the accuracy of PII-PSM, facilitating to nudge users to select stronger passwords.

Cited by
More filters
Journal ArticleDOI
TL;DR: A robust two-factor user authentication also for smart home based on the elliptic curve cryptography is designed and security proofs are given to demonstrate that the construction of the proposed scheme can be of user anonymity, session key forward secrecy, and resist all attacks shown in this article.
Abstract: The unprecedented proliferation of smart home together with wireless sensor networks has enriched human’s daily life. Inevitably, the smart home without the guard of authentication mechanism is bound to bring a series of security issues. Hence, a great number of authentication protocols have been designed to verify the user’s identity and ensure that the data be accessed with authorization in smart home. Recently, (M. Shuai et al., 2019) (Computers & Security, 2019) proposed a two-factor anonymous authentication scheme for smart home and presented that their scheme can be immune to various attacks. However, by careful analysis, we found that (M. Shuai et al.’s, 2019) scheme needed further improvements in session key forward secrecy and against: type-I node capture attack and node impersonation attack. As a going step to this direction, here, we first design a robust two-factor user authentication also for smart home based on the elliptic curve cryptography. Second, we give security proofs to demonstrate that the construction of the proposed scheme can be of user anonymity, session key forward secrecy, and resist all attacks shown in this article. Third, performance comparisons covered in storage/network communication/computation costs are carried out to indicate that our scheme can be comparable to those newly designed schemes, especially, the user and gateway in our scheme need only 352 and 320 bits, respectively.

9 citations

Journal ArticleDOI
TL;DR: Wang et al. as mentioned in this paper designed a robust two-factor user authentication also for smart home based on the elliptic curve cryptography and gave security proofs to demonstrate that the construction of the proposed scheme can be of user anonymity, session key forward secrecy, and resist all attacks shown in this article.
Abstract: The unprecedented proliferation of smart home together with wireless sensor networks has enriched human’s daily life. Inevitably, the smart home without the guard of authentication mechanism is bound to bring a series of security issues. Hence, a great number of authentication protocols have been designed to verify the user’s identity and ensure that the data be accessed with authorization in smart home. Recently, (M. Shuai et al., 2019) (Computers & Security, 2019) proposed a two-factor anonymous authentication scheme for smart home and presented that their scheme can be immune to various attacks. However, by careful analysis, we found that (M. Shuai et al.’s, 2019) scheme needed further improvements in session key forward secrecy and against: type-I node capture attack and node impersonation attack. As a going step to this direction, here, we first design a robust two-factor user authentication also for smart home based on the elliptic curve cryptography. Second, we give security proofs to demonstrate that the construction of the proposed scheme can be of user anonymity, session key forward secrecy, and resist all attacks shown in this article. Third, performance comparisons covered in storage/network communication/computation costs are carried out to indicate that our scheme can be comparable to those newly designed schemes, especially, the user and gateway in our scheme need only 352 and 320 bits, respectively.

9 citations

Journal ArticleDOI
TL;DR: This work investigates three anonymous multi-factor authentication schemes based on passwords for cloud environments, and shows that none of these three protocols can achieve their security goals.
Abstract: Currently, password-based remote authentication mechanism has become an essential procedure to ensure users access the resources of the cloud server securely. Dozens of password-based multi-factor authentication schemes have been successively proposed recently. Unfortunately, most of them are vulnerable to various known attacks. The key to designing a secure and privacy-preserving authentication scheme is drawing some lessons from the security failures of existing schemes. In this work, we investigate three anonymous multi-factor authentication schemes based on passwords for cloud environments (i.e., Karuppiah et al.’s scheme at MONET’19, Lin’s scheme at IEEE Syst J’19, Rajamanickam et al.’s scheme at IEEE Syst J’20), and demonstrate that these three schemes all suffer from off-line guessing attacks and are short of an important property (i.e., forward secrecy). We also propose several effective countermeasures to remedy these weaknesses. Our analysis shows that none of these three protocols can achieve their security goals. Furthermore, we make a summary of the causes of the flaws, and reveal that the vulnerabilities of these schemes are caused by violating the basic design principles for a secure protocol (e.g., Ma et al.’s principles at IJCS’14). In addition, we investigate whether dozens of recently proposed schemes follow the design principles of Ma et al..

7 citations

Journal ArticleDOI
TL;DR: In this article , the authors proposed a model inversion method that can reconstruct representative samples of the target model's training data based only on the output labels, which requires the least information to succeed and therefore has the best applicability.
Abstract: In a model inversion attack, an adversary attempts to reconstruct the training data records of a target model using only the model’s output. In launching a contemporary model inversion attack, the strategies discussed are generally based on either predicted confidence score vectors, i.e., black-box attacks, or the parameters of a target model, i.e., white-box attacks. However, in the real world, model owners usually only give out the predicted labels; the confidence score vectors and model parameters are hidden as a defense mechanism to prevent such attacks. Unfortunately, we have found a model inversion method that can reconstruct representative samples of the target model’s training data based only on the output labels. We believe this attack requires the least information to succeed and, therefore, has the best applicability. The key idea is to exploit the error rate of the target model to compute the median distance from a set of data records to the decision boundary of the target model. The distance is then used to generate confidence score vectors which are adopted to train an attack model to reconstruct the representative samples. The experimental results show that highly recognizable representative samples can be reconstructed with far less information than existing methods.

3 citations

Proceedings ArticleDOI
01 Sep 2022
TL;DR: A new Password hardening (PH) service called PW-Hero is proposed that equips its PH service with an option to terminate its use (i.e., opt-out), and is defined as a suite of protocols that meet desirable properties and build a simple, secure, and efficient instance.
Abstract: As the most dominant authentication mechanism, password-based authentication suffers catastrophic offline password guessing attacks once the authentication server is compromised and the password database is leaked. Password hardening (PH) service, an external/third-party crypto service, has been recently proposed to strengthen password storage and reduce the damage of authentication server compromise. However, all existing schemes are unreliable in that they overlook the important restorable property: PH service opt-out. In existing PH schemes, once the authentication server has subscribed to a PH service, it must adopt this service forever, even if it wants to stop the external/third-party PH service and restore its original password storage (or subscribe to another PH service). To fill the gap, we propose a new PH service called PW-Hero that equips its PH service with an option to terminate its use (i.e., opt-out). In PW-Hero, password authentication is strengthened against offline attacks by adding external secret spices to password records. With the opt-out property, authentication servers can proactively request to end the PH service after successful authentications. Then password records can be securely migrated to their traditional salted hash state, ready for subscription to other PH services. Besides, PW-Hero achieves all existing desirable properties, such as comprehensive verifiability, rate limits against online attacks, and user privacy. We define PW-Hero as a suite of protocols that meet desirable properties and build a simple, secure, and efficient instance. Moreover, we develop a prototype implementation and evaluate its performance, establishing the practicality of our PW-Hero service.

1 citations