Generation of Secure and Reliable Honeywords, Preventing False Detection
TL;DR: This work proposes new and more practical honeyword generation techniques, which achieve ‘approximate flatness’, implying that the honeywords generated using these techniques are indistinguishable from passwords with high probability, and proposes a new attack model called ‘Multiple System Intersection attack considering Input’.
Abstract: Breach in password databases has been a frequent phenomena in the software industry. Often these breaches go undetected for years. Sometimes, even the companies involved are not aware of the breach. Even after they are detected, publicizing such attacks might not always be in the best interest of the companies. This calls for a strong breach detection mechanism. Juels et al. (in ACM-CCS 2013) suggest a method called ‘Honeywords’, for detecting password database breaches. Their idea is to generate multiple fake passwords, called honeywords and store them along with the real password. Any login attempt with honeywords is identified as a compromise of the password database, since legitimate users are not expected to know the honeywords corresponding to their passwords. The key components of their idea are (i) generation of honeywords, (ii) typo-safety measures for preventing false alarms, (iii) alarm policy upon detection, and (iv) testing robustness of the system against various attacks. In this work, we analyze the limitations of existing honeyword generation techniques. We propose a new attack model called ‘Multiple System Intersection attack considering Input’. We show that the ‘Paired Distance Protocol’ proposed by Chakraborty et al., is not secure in this attack model. We also propose new and more practical honeyword generation techniques and call them the ‘evolving-password model’, the ‘user-profile model’, and the ‘append-secret model’. These techniques achieve ‘approximate flatness’, implying that the honeywords generated using these techniques are indistinguishable from passwords with high probability. Our proposed techniques overcome most of the risks and limitations associated with existing techniques. We prove flatness of our ‘evolving-password model’ technique through experimental analysis. We provide a comparison of our proposed models with the existing ones under various attack models to justify our claims.
Citations
More filters
[...]
01 May 2022
TL;DR: This work proposes four theoretic models for characterizing the attacker $\mathcal{A}$’s best distinguishing strategies, and develops the corresponding honeyword-generation method for each type of attackers, by using various representative probabilistic password guessing models.
Abstract: Honeywords are decoy passwords associated with each user account to timely detect password leakage. The key issue lies in how to generate honeywords that are hard to be differentiated from real passwords. This security mechanism was first introduced by Juels and Rivest at CCS’13, and has been covered by hundreds of media and adopted in dozens of research domains. Existing research deals with honeywords primarily in an ad hoc manner, and it is challenging to develop a secure honeyword-generation method and well evaluate (attack) it. In this work, we tackle this problem in a principled approach. We first propose four theoretic models for characterizing the attacker $\mathcal{A}$’s best distinguishing strategies, with each model based on a different combination of information available to $\mathcal{A}$ (e.g., public datasets, the victim’s personal information and registration order). These theories guide us to design effective experiments with real-world password datasets to evaluate the goodness (flatness) of a given honeyword-generation method.Armed with the four best attacking theories, we develop the corresponding honeyword-generation method for each type of attackers, by using various representative probabilistic password guessing models. Through a series of exploratory investigations, we show the use of these password models is not straightforward, but requires creative and significant efforts. Both empirical experiments and user-study results demonstrate that our methods significantly outperform prior art. Besides, we manage to resolve several previously unexplored challenges that arise in the practical deployment of a honeyword method. We believe this work pushes the honeyword research towards statistical rigor.
11 citations
[...]
TL;DR: This study proposes a “matching attack” model and finds that although Erguler's honeyword system can achieve perfect flatness, the success rate of the attacker is 100% under matching attack, and proposes a new honeyword approach named Superword that isolates the direct relationship between username and the corresponding hashed password in password files.
Abstract: Generating honeywords for each user’s account is an effective way to detect whether password databases are compromised. However, there are several underlying security issues associated with honeyword techniques that need to be addressed, for example, (1) How to make it more difficult for an attacker to find an accurate match of “username-real password”? (2) How to prevent the intersection attack in multiple systems caused by password reuse without reducing usability? (3) How to reduce the success rate of targeted password guessing? In this study, we first propose a “matching attack” model and find that although Erguler’s honeyword system can achieve perfect flatness, the success rate of the attacker is 100% under matching attack. Secondly, we propose a new honeyword approach named Superword that isolates the direct relationship between username and the corresponding hashed password in password files. Additional honeypots are mixed with real accounts to detect online guessing attacks. The analysis reveals that our approach makes a matching attacker difficult to find a real password from N password hashes. Since there is no connection between the username and password in password files, our honeyword system also alleviates the multiple systems intersection attack and targeted password guessing.
5 citations
[...]
TL;DR: This research has proved that every honeyword generation method has many weaknesses points.
Abstract: Abstract Honeyword system is a successful password cracking detection system. Simply the honeywords are (False passwords) that are accompanied to the sugarword (Real password). Honeyword system aims to improve the security of hashed passwords by facilitating the detection of password cracking. The password database will have many honeywords for every user in the system. If the adversary uses a honeyword for login, a silent alert will indicate that the password database might be compromised. All previous studies present a few remarks on honeyword generation methods for max two preceding methods only. So, the need for one that lists all preceding researches with their weaknesses is shown. This work presents all generation methods then lists the strengths and weaknesses of 26 ones. In addition, it puts 32 remarks that highlight their strengths and weaknesses points. This research has proved that every honeyword generation method has many weaknesses points.
2 citations
[...]
TL;DR: Wang et al. as discussed by the authors proposed a method to protect the hashed passwords by using topological graphic sequences, which works effectively even if the password file is leaked by using graphic labeling.
Abstract: In this paper, we propose a method to protect the hashed passwords by using topological graphic sequences This method works effectively even if the password file is leaked First, the user password is divided based on its length Then the processed string and the topological graphic sequence are operated for obtaining the real decoy honeywords In this way, a flatness honeywords generation method is generated Since every password seems unrealistic, the hacker who steals the hashed password file cannot distinguish between the real passwords and the honeywords If he uses the honeywords for login, the system will know that it is the intruder’s attack, and then the service provider (SP) can take security measures Finally, several typical attack methods are analyzed to verify the effectiveness of our scheme We use the topological graph to generate the honeywords, which is the first application of graphic labeling in the honeywords generation
2 citations
Dissertation•
[...]
01 Oct 2017
TL;DR: This thesis is devoted to the secure design of password hashing algorithm and the analysis of existing password-based authentication systems and provides a cryptographic module based approach for password hashing.
Abstract: Passwords are the most widely deployed means of human-computer authentication since the early 1960s. The use of passwords, which are usually low in entropy, is delicate in cryptography because of the possibility of launching an offline dictionary attack. It is ever challenging to design a password-based cryptosystem that is secure against this attack. Password-based cryptosystems broadly cover two areas 1) Password-based authentication, e.g., password hashing schemes and 2) Password-based encryption specifically used in password-based authenticated key exchange (PAKE) protocols. This thesis is devoted to the secure design of password hashing algorithm and the analysis of existing password-based authentication systems. The frequent reporting of password database leakage in real-world highlights the vulnerabilities existing in the current password based constructions. In order to alleviate these problems and to encourage strong password protection techniques, a Password Hashing Competition (PHC) was held from 2013 to 2015. Following the announced criteria, we propose a password hashing scheme Rig that fulfills all the required goals. We also present a cryptanalytic technique for password hashing. Further, we focus on the improvement of a password database breach detection technique and on the analysis of Universal 2nd Factor protocol. This report tries to list and summarize all the important results published in the field of password hashing in recent years and understand the extent of research over password-based authentication schemes. Our significant results are listed below. 1. Following the design requirements for a secure password hashing scheme as mentioned at the PHC [16], we present our design Rig which satisfies all required criteria. It is a memory hard and best performing algorithm under cache-timing attack resistant category. As part of the results, we present the construction explaining the design rationale and the proof of its collision resistance. We also provide the performance and security analysis. 2. In practice, most cryptographic designs are implemented inside a Cryptographic module, as suggested by National Institute of Standards and Technology (NIST) in a standard, FIPS 140. A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it. We provide a cryptographic module based approach for password hashing. It helps to enhance the security of the existing password-based authentication framework. We also discuss the feasibility of the approach considering the submissions of PHC. 3. The increasing threat of password leakage from compromised password hashes demands a resource consuming algorithm to prevent the precomputation of the password hashes. A class of password hashing designs which ensure that any reduction in the memory leads to exponential increase in their runtime are called Memory hard designs. Time Memory Tradeoff (TMTO) technique is an effective cryptanalytic approach for such password hashing schemes (PHS). However, it is generally difficult to evaluate the “memory hardness” of a given PHS design. We present a simple technique to analyze TMTO for any password hashing schemes which can be represented as a directed acyclic graph.
1 citations
Cites background from "Generation of Secure and Reliable H..."
[...]
References
More filters
[...]
TL;DR: The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site.
Abstract: We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience.
1,011 citations
"Generation of Secure and Reliable H..." refers background in this paper
[...]
[...]
[...]
[...]
TL;DR: The present design of the password security scheme was the result of countering observed attempts to penetrate the system and is a compromise between extreme security and ease of use.
Abstract: This paper describes the history of the design of the password security scheme on a remotely accessed time-sharing system. The present design was the result of countering observed attempts to penetrate the system. The result is a compromise between extreme security and ease of use.
952 citations
"Generation of Secure and Reliable H..." refers methods in this paper
[...]
[...]
TL;DR: A new way of precalculating the data is proposed which reduces by two the number of calculations needed during cryptanalysis and it is shown that the gain could be even much higher depending on the parameters used.
Abstract: In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (237) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used.
503 citations
"Generation of Secure and Reliable H..." refers background in this paper
[...]
[...]
TL;DR: Five design principles help provide insight into the tradeoffs among different possible designs in the Multics system and several known weaknesses in the current protection mechanism design are discussed.
Abstract: The design of mechanisms to control the sharing of information in the Multics system is described. Five design principles help provide insight into the tradeoffs among different possible designs. The key mechanisms described include access control lists, hierarchical control of access specifications, identification and authentication of users, and primary memory protection. The paper ends with a discussion of several known weaknesses in the current protection mechanism design.
427 citations
"Generation of Secure and Reliable H..." refers background in this paper
[...]
[...]
TL;DR: This paper discusses a new method that generates password structures in highest probability order by automatically creating a probabilistic context-free grammar based upon a training set of previously disclosed passwords, and then generating word-mangling rules to be used in password cracking.
Abstract: Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task In this paper we discuss a new method that generates password structures in highest probability order We first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking We will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing our tools and techniques on real password sets In one series of experiments, training on a set of disclosed passwords, our approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program
411 citations
"Generation of Secure and Reliable H..." refers methods in this paper
[...]
[...]
[...]
Related Papers (5)
[...]
[...]
[...]