Generation of Secure and Reliable Honeywords, Preventing False Detection
TL;DR: This work proposes new and more practical honeyword generation techniques, which achieve ‘approximate flatness’, implying that the honeywords generated using these techniques are indistinguishable from passwords with high probability, and proposes a new attack model called ‘Multiple System Intersection attack considering Input’.
Abstract: Breach in password databases has been a frequent phenomena in the software industry. Often these breaches go undetected for years. Sometimes, even the companies involved are not aware of the breach. Even after they are detected, publicizing such attacks might not always be in the best interest of the companies. This calls for a strong breach detection mechanism. Juels et al. (in ACM-CCS 2013) suggest a method called ‘Honeywords’, for detecting password database breaches. Their idea is to generate multiple fake passwords, called honeywords and store them along with the real password. Any login attempt with honeywords is identified as a compromise of the password database, since legitimate users are not expected to know the honeywords corresponding to their passwords. The key components of their idea are (i) generation of honeywords, (ii) typo-safety measures for preventing false alarms, (iii) alarm policy upon detection, and (iv) testing robustness of the system against various attacks. In this work, we analyze the limitations of existing honeyword generation techniques. We propose a new attack model called ‘Multiple System Intersection attack considering Input’. We show that the ‘Paired Distance Protocol’ proposed by Chakraborty et al., is not secure in this attack model. We also propose new and more practical honeyword generation techniques and call them the ‘evolving-password model’, the ‘user-profile model’, and the ‘append-secret model’. These techniques achieve ‘approximate flatness’, implying that the honeywords generated using these techniques are indistinguishable from passwords with high probability. Our proposed techniques overcome most of the risks and limitations associated with existing techniques. We prove flatness of our ‘evolving-password model’ technique through experimental analysis. We provide a comparison of our proposed models with the existing ones under various attack models to justify our claims.
Citations
More filters
TL;DR: Wang et al. as discussed by the authors proposed a honey password-authentication key exchange (HPAKE) protocol that allows the authentication server to detect the password leakage and achieve the security beyond the traditional bound of aPAKE.
Abstract: Password-only authentication is one of the most popular secure mechanisms for real-world online applications. But it easily suffers from a practical threat - password leakage, incurred by external and internal attackers. The external attacker may compromise the password file stored on the authentication server, and the insider may deliberately steal the passwords or inadvertently leak the passwords. So far, there are two main techniques to address the leakage: Augmented password-authentication key exchange (aPAKE) against insiders and honeyword technique for external attackers. But none of them can resist both attacks. To fill the gap, we propose the notion of honey PAKE (HPAKE) that allows the authentication server to detect the password leakage and achieve the security beyond the traditional bound of aPAKE. Further, we build an HPAKE construction on the top of the honeyword mechanism, honey encryption, and OPAQUE which is a standardized aPAKE. We formally analyze the security of our design, achieving the insider resistance and the password breach detection. We implement our design and deploy it in the real environment. The experimental results show that our protocol only costs 71.27 ms for one complete run, within 20.67 ms on computation and 50.6 ms on communication. This means our design is secure and practical for real-world applications.
07 Oct 2022
TL;DR: Amnesia as mentioned in this paper is a framework that resolves the difficulties of using decoy passwords (honeywords) to detect credential database breaches, which suffers from the need for a trusted component to recognize decoys when entered in login attempts and from an attacker's ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites.
Abstract: Abstract Known approaches for using decoy passwords (honeywords) to detect credential database breaches suffer from the need for a trusted component to recognize decoys when entered in login attempts, and from an attacker’s ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites. Amnesia is a framework that resolves these difficulties. Amnesia requires no secret state to detect the entry of honeywords and additionally allows a site to monitor for the entry of its decoy passwords elsewhere. We quantify the benefits of Amnesia using probabilistic model checking and the practicality of this framework through measurements of a working implementation.
[...]
TL;DR: In this paper , the defender treats honeyword selection as a Bernoulli process in which each possible password (except the user-chosen one) is selected as a honeyword independently with some fixed probability.
Abstract: —Decoy passwords, or “honeywords,” planted in a credential database can alert a site to its breach if ever submitted in a login attempt. To be e ff ective, some honeywords must appear at least as likely to be user-chosen passwords as the real ones, and honeywords must be very di ffi cult to guess without having breached the database, to prevent false breach alarms. These goals have proved elusive, however, for heuristic honeyword generation algorithms. In this paper we explore an alternative strategy in which the defender treats honeyword selection as a Bernoulli process in which each possible password (except the user-chosen one) is selected as a honeyword independently with some fixed probability. We show how Bernoulli honeywords can be integrated into two existing system designs for leveraging honeywords: one based on a honeychecker that stores the secret index of the user-chosen password in the list of account passwords, and another that does not leverage secret state at all. We show that Bernoulli honeywords enable analytic derivation of false breach-detection probabilities irrespective of what information the attacker gathers about the sites’ users; that their true and false breach-detection probabilities demonstrate compelling e ffi cacy; and that Bernoulli honeywords can even enable performance improvements in modern honeyword system designs.
30 Dec 2022
TL;DR: In this article , the authors proposed a tokenization-based authentication scheme, which can serve the purpose of honeywords but in a more cost-effective way than traditional password-based schemes.
Abstract: In the era of computer systems, user authentication, both online and offline, is an unavoidable step for securing users’ privacy. Password-based authentication is popularly adopted for its simplicity in this context. In password-based authentication, a set of credentials (mostly username and password) is required to identify the unique user. But this method of authentication is vulnerable to inversion attack paradigm. In inversion attack, the adversary obtains the plaintext password by cracking the hashed value of the password. Honeyword-based authentication has been introduced to combat such attacks. In this strategy, certain dummy passwords or honeywords are saved along with the user’s original password. When an adversary tries to enter one of the honeywords to log into the system, an alarm message is sent to the authority via an auxiliary server called honeychecker. Although this technique is useful to address this type of security threat, the requirement of additional space to store the honeywords is still an overhead. Driven by these drawbacks, this work is aimed to propose a strategy which can serve the purpose of honeywords but in a more cost-effective way. In this technique, the concept of tokenization is utilized. Theoretical and experimental analyses have been done to assess the viability of the proposed scheme. A comparative study between the proposed scheme and honeyword-based authentication has been carried out based on required storage cost and resiliency against MSV attack. From our rigorous analysis, it is found that our scheme shows promising results in terms of other usability and security features as well.
Proceedings Article•
01 Jan 2021References
More filters
08 May 2007
TL;DR: The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site.
Abstract: We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience.
1,068 citations
"Generation of Secure and Reliable H..." refers background in this paper
...Humans have a tendency to choose the same password for multiple websites [17]....
[...]
...This attack is also motivated by the tendency of humans to choose the same password for multiple websites [17]....
[...]
...It is common human tendency to use the same password for multiple sites [17]....
[...]
TL;DR: The present design of the password security scheme was the result of countering observed attempts to penetrate the system and is a compromise between extreme security and ease of use.
Abstract: This paper describes the history of the design of the password security scheme on a remotely accessed time-sharing system. The present design was the result of countering observed attempts to penetrate the system. The result is a compromise between extreme security and ease of use.
1,015 citations
"Generation of Secure and Reliable H..." refers methods in this paper
...‘Dictionary attack’ [2] is the most widely used attack technique for retrieving a password from its hash value....
[...]
17 Aug 2003
TL;DR: A new way of precalculating the data is proposed which reduces by two the number of calculations needed during cryptanalysis and it is shown that the gain could be even much higher depending on the parameters used.
Abstract: In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (237) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used.
524 citations
"Generation of Secure and Reliable H..." refers background in this paper
...Use of salt prevents specialized attacks like the rainbow table attack [3], when considering a large collection of hashes....
[...]
17 May 2009
TL;DR: This paper discusses a new method that generates password structures in highest probability order by automatically creating a probabilistic context-free grammar based upon a training set of previously disclosed passwords, and then generating word-mangling rules to be used in password cracking.
Abstract: Choosing the most effective word-mangling rules to use when performing a dictionary-based password cracking attack can be a difficult task In this paper we discuss a new method that generates password structures in highest probability order We first automatically create a probabilistic context-free grammar based upon a training set of previously disclosed passwords This grammar then allows us to generate word-mangling rules, and from them, password guesses to be used in password cracking We will also show that this approach seems to provide a more effective way to crack passwords as compared to traditional methods by testing our tools and techniques on real password sets In one series of experiments, training on a set of disclosed passwords, our approach was able to crack 28% to 129% more passwords than John the Ripper, a publicly available standard password cracking program
491 citations
"Generation of Secure and Reliable H..." refers methods in this paper
...The work [24] suggests a method to compute the probability based on the frequency of each token in the password....
[...]
...quencies of each password enlisted in an existing database and also computes the frequency of each individual tokens (alphabets-strings, digitsstrings, special-characters-strings) of the password following the technique suggested in [24]....
[...]
...To match the frequency considering the tokens, we follow the technique proposed in [24], where the probability of the honeyword is the product of the probabilities of the tokens used to derive it....
[...]
TL;DR: Five design principles help provide insight into the tradeoffs among different possible designs in the Multics system and several known weaknesses in the current protection mechanism design are discussed.
Abstract: The design of mechanisms to control the sharing of information in the Multics system is described. Five design principles help provide insight into the tradeoffs among different possible designs. The key mechanisms described include access control lists, hierarchical control of access specifications, identification and authentication of users, and primary memory protection. The paper ends with a discussion of several known weaknesses in the current protection mechanism design.
444 citations
"Generation of Secure and Reliable H..." refers background in this paper
...User selected passwords are mostly predictable, since humans have a tendency to choose non-random and easy to remember passwords [1]....
[...]