scispace - formally typeset
Search or ask a question
Book ChapterDOI

HoneyHash: Honeyword Generation Based on Transformed Hashes.

23 Nov 2020-pp 161-173
TL;DR: In this article, a new direction of generating honeywords - generating by transforming password hashes - is proposed, which attains expected levels of flatness, security, performance and usability. But, it does not have the ability to generate a set of decoy passwords together with real passwords.
Abstract: Since systems using honeywords store a set of decoy passwords together with real passwords of users to confuse adversaries, they are strongly dependent on the algorithm for generating honeywords. However, all of the existing honeyword generating algorithms are based on raw passwords of users and they either need lots of storage space or show weaknesses in flatness or usability. This paper proposes HoneyHash, a new direction of generating honeywords - generating by transforming password hashes. Analyses show that our algorithm attains expected levels of flatness, security, performance and usability.
Citations
More filters
Proceedings ArticleDOI
01 Jun 2022
TL;DR: Lethe is a honeywords-based data-breach detection system that requires no trusted components, other than a trusted bootstrap, and keeps limited transient state for verifying login attempts, and is the first system that allows an attacker to fully compromise the HGT without affecting the security of already generated honeywords.
Abstract: Honeywords are false passwords associated with each user account. Using a honeyword to login sets off an alarm as a data breach has been detected. Existing approaches for detecting data breaches using honeywords suffer from the need of a trusted component to tell honey-words from the valid password. Once this trusted component is compromised, then honeywords can offer no assistance for mitigating or detecting a data breach. In this paper, we present Lethe, a honeywords-based data-breach detection system that requires no trusted components, other than a trusted bootstrap, and keeps limited transient state for verifying login attempts. Lethe is based on two fundamental principles. First, Lethe generates honeywords using a Machine Learning (ML) model, which constantly evolves. This means that an attacker that compromises the Honeyword Generation Technique (HGT) cannot reproduce the same set of honeywords, and thus cannot tell which password was used as the initial generator. In particular, Lethe is the first system that allows an attacker to fully compromise the HGT without affecting the security of already generated honeywords. Second, Lethe is not aware of the valid password. In fact, for Lethe the only one that knows the actual password is the user that selected it in the first place. Lethe records login events, but without storing anywhere the password used. These login events can be further replayed in another server, which can check if, for a particular user, there were at least two different passwords used and therefore detect a data breach. Lethe allows the detection of a data breach deterministically and not probabilistically as similar approaches do. Additionally, Lethe allows detecting data breaches that are associated with rarely used accounts. Lethe can signal an alarm even if a user account that has logged in just once with the system is compromised. This is in contrast to other efforts that require legitimate users to authenticate with the system, after the attacker has done so, for detecting the breach. To demonstrate the effectiveness of Lethe, we provide a fully functional prototype, along with the ML-based HGT, and assess the provided security with a set of diverse attackers.

2 citations

Proceedings ArticleDOI
01 Jan 2022
TL;DR: This work proposes a new architecture for the passwordle that makes use of multiple servers and is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time.
Abstract: : Over the last decade, we have seen a significant number of data breaches affecting hundreds of millions of users. Leaked password files / Databases that contain passwords in plaintext allow attackers to get immediate access to the credentials of all the accounts stored in those files. Nowadays most systems keep passwords in a hashed salted form, but using brute force techniques attackers are still able to crack a large percentage of those passwords. In this work, we present a novel approach to protect users’ credentials from such leaks. We propose a new architecture for the password file that makes use of multiple servers. The approach is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time. Our prototype implementation and preliminary evaluation in the authentication system of WordPress suggests that this approach is not only easy to incorporate into existing systems, but it also has minimal overhead.
Proceedings ArticleDOI
01 Jun 2022
TL;DR: Lethe as mentioned in this paper is a honeywords-based data-breach detection system that requires no trusted components, other than a trusted bootstrap, and keeps limited transient state for verifying login attempts.
Abstract: Honeywords are false passwords associated with each user account. Using a honeyword to login sets off an alarm as a data breach has been detected. Existing approaches for detecting data breaches using honeywords suffer from the need of a trusted component to tell honey-words from the valid password. Once this trusted component is compromised, then honeywords can offer no assistance for mitigating or detecting a data breach. In this paper, we present Lethe, a honeywords-based data-breach detection system that requires no trusted components, other than a trusted bootstrap, and keeps limited transient state for verifying login attempts. Lethe is based on two fundamental principles. First, Lethe generates honeywords using a Machine Learning (ML) model, which constantly evolves. This means that an attacker that compromises the Honeyword Generation Technique (HGT) cannot reproduce the same set of honeywords, and thus cannot tell which password was used as the initial generator. In particular, Lethe is the first system that allows an attacker to fully compromise the HGT without affecting the security of already generated honeywords. Second, Lethe is not aware of the valid password. In fact, for Lethe the only one that knows the actual password is the user that selected it in the first place. Lethe records login events, but without storing anywhere the password used. These login events can be further replayed in another server, which can check if, for a particular user, there were at least two different passwords used and therefore detect a data breach. Lethe allows the detection of a data breach deterministically and not probabilistically as similar approaches do. Additionally, Lethe allows detecting data breaches that are associated with rarely used accounts. Lethe can signal an alarm even if a user account that has logged in just once with the system is compromised. This is in contrast to other efforts that require legitimate users to authenticate with the system, after the attacker has done so, for detecting the breach. To demonstrate the effectiveness of Lethe, we provide a fully functional prototype, along with the ML-based HGT, and assess the provided security with a set of diverse attackers.
References
More filters
Proceedings ArticleDOI
24 Oct 2016
TL;DR: TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker, is proposed to design novel and efficient guessing algorithms.
Abstract: While trawling online/offline password guessing has been intensively studied, only a few studies have examined targeted online guessing, where an attacker guesses a specific victim's password for a service, by exploiting the victim's personal information such as one sister password leaked from her another account and some personally identifiable information (PII). A key challenge for targeted online guessing is to choose the most effective password candidates, while the number of guess attempts allowed by a server's lockout or throttling mechanisms is typically very small. We propose TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker. These models allow us to design novel and efficient guessing algorithms. Extensive experiments on 10 large real-world password datasets show the effectiveness of TarGuess. Particularly, TarGuess I~IV capture the four most representative scenarios and within 100 guesses: (1) TarGuess-I outperforms its foremost counterpart by 142% against security-savvy users and by 46% against normal users; (2) TarGuess-II outperforms its foremost counterpart by 169% on security-savvy users and by 72% against normal users; and (3) Both TarGuess-III and IV gain success rates over 73% against normal users and over 32% against security-savvy users. TarGuess-III and IV, for the first time, address the issue of cross-site online guessing when given the victim's one sister password and some PII.

304 citations

Proceedings ArticleDOI
04 Nov 2013
TL;DR: It is proposed that an auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
Abstract: We propose a simple method for improving the security of hashed passwords: the maintenance of additional ``honeywords'' (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.

264 citations

Book ChapterDOI
20 Sep 2010
TL;DR: Kamouflage as discussed by the authors is a new architecture for building theft-resistant password managers, which is well suited to become a standard architecture for password managers on mobile devices and is implemented as a replacement for the built-in Firefox password manager.
Abstract: We introduce Kamouflage: a new architecture for building theft-resistant password managers. An attacker who steals a laptop or cell phone with a Kamouflage-based password manager is forced to carry out a considerable amount of online work before obtaining any user credentials. We implemented our proposal as a replacement for the built-in Firefox password manager, and provide performance measurements and the results from experiments with large real-world password sets to evaluate the feasibility and effectiveness of our approach. Kamouflage is well suited to become a standard architecture for password managers on mobile devices.

126 citations

Journal ArticleDOI
TL;DR: An alternative approach is suggested that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords-a perfectly flat honeyword generation method-and also to reduce storage cost of the honeyword scheme.
Abstract: Recently, Juels and Rivest proposed honeywords (decoy passwords) to detect attacks against hashed password databases. For each user account, the legitimate password is stored with several honeywords in order to sense impersonation. If honeywords are selected properly, a cyber-attacker who steals a file of hashed passwords cannot be sure if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 20 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinize the honeyword system and present some remarks to highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords—a perfectly flat honeyword generation method—and also to reduce storage cost of the honeyword scheme.

74 citations

Proceedings ArticleDOI
17 May 2015
TL;DR: In this paper, a natural language encoder (NLE) is proposed for password vaults that resist offline cracking attacks and force attackers instead to mount online attacks, which is the only one of which we are aware.
Abstract: Password vaults are increasingly popular applications that store multiple passwords encrypted under a single master password that the user memorizes. A password vault can greatly reduce the burden on a user of remembering passwords, but introduces a single point of failure. An attacker that obtains a user's encrypted vault can mount offline brute-force attacks and, if successful, compromise all of the passwords in the vault. In this paper, we investigate the construction of encrypted vaults that resist such offline cracking attacks and force attackers instead to mount online attacks. Our contributions are as follows. We present an attack and supporting analysis showing that a previous design for cracking-resistant vaults -- the only one of which we are aware -- actually degrades security relative to conventional password-based approaches. We then introduce a new type of secure encoding scheme that we call a natural language encoder (NLE). An NLE permits the construction of vaults which, when decrypted with the wrong master password, produce plausible-looking decoy passwords. We show how to build NLEs using existing tools from natural language processing, such as n-gram models and probabilistic context-free grammars, and evaluate their ability to generate plausible decoys. Finally, we present, implement, and evaluate a full, NLE-based cracking-resistant vault system called No Crack.

68 citations