Securing Passwords against Dictionary Attacks

Slides:

Advertisements

Similar presentations

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

Advertisements

Secure Pre-Shared Key Authentication for IKE

Digital Certificate Installation & User Guide For Class-2 Certificates.

Installation & User Guide

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Security Issues and Challenges in Cloud Computing

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Iron Key and Portable Drive Security Zakary Littlefield.

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

Online and Mobile Banking. Online banking Online Banking  Online banking is a fairly established practice in our internet-saturated world.  Many people.

Online Registration Software A Robust, High Quality Web Based Solution that Streamlines your Organization! (612) (866)

Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

IOTA Improved Design and Implementation of a Modular and Extensible Website Framework Andrew Hamilton – TJHSST Computer Systems Lab Abstract.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Chapter 2. Network Security Protocols

CIS 450 – Network Security Chapter 8 – Password Security.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Protecting Web Servers from Content Request Floods Srikanth Kandula ▪ Shantanu Sinha ▪ Dina Katabi ▪ Matthias Jacob CSAIL –MIT.

Lecture 11: Strong Passwords

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

Using LastPass. Great password management is impossible w/o a great tool Auto-fill (hands-free login) will save you approximately one hour per month You.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Stanford University Ari Juels, RSA Laboratories Alex Halderman, Princeton University.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

CSCE 201 Identification and Authentication Fall 2015.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

COOKIES AND SESSIONS.

Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.

Understanding Security Policies Lesson 3. Objectives.

Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé

Are you Human?.

Web Systems Development (CSC-215)

Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé

REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.

Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé

Presentation transcript:

Securing Passwords against Dictionary Attacks Benny Pinkas, Tomas Sander HP Labs (most work done at STAR Lab, Intertrust)

In this talk Online dictionary attacks against passwords Current countermeasures are insufficient and introduce risks A solution using Reverse Turing Tests Prevent online dictionary attacks, while preserving the advantages of using passwords (low costs, portability, user friendliness…)

Motivation Passwords are the most common authentication method They are inherently insecure How can a password based authentication system be secured against online dictionary attacks?

Insecurity of Passwords Human generated passwords Come from a small domain Easy to guess – dictionary attacks Stronger passwords Computer generated or verified Not user friendly Hard to remember

Previous suggestions: securing passwords against online attacks Enterprise: hardware tokens. (Cost? Usability?) Server defined passwords. (Usability?) Consumer: Key stroke timing [Bell Labs] (Reliability?) Graphical passwords [Microsoft, Berkeley] (Usability?) None of these methods is as popular as plain passwords

Possible attacks on passwords Eavesdropping. (Solution: encrypt the channel, e.g. using SSL or SSH.) Offline dictionary attacks. (Solution: limit access to password file, use salt.) Online dictionary attacks: Attacker guesses a username/password pair and tries to login.

Countermeasures against offline dictionary attacks Username / pwd-1 Answer 1 (No) Delayed answer Username / pwd-2 Answer 2 (No) Username / pwd-5 Answer 5 (No) Account locked

Global Password Attack: Countering the countermeasurs Username-1 / pwd-1 Answer 1 Pipelining guesses: High throughput Username-2 / pwd-2 Answer 2 Username-100 / pwd-100 Use different usernames - no locking Answer 100

Risks of locking accounts eBay experiences dictionary attacks, but does not implement account locking. Denial of service attacks: To lock a user, try to login into his account with random passwords. (auctions, corporates…) Customer service costs: Users whose accounts are locked call a customer service center – cost is $20-50 per call.

Using Pricing via Processing [DN] Idea: each login attempt must be accompanied by H(username,pwd,t,r) s.t. 20 least significant bits are 0. Negligible overhead for a single request. A dictionary attack is slowed by a factor of 220 (must find r for every pwd guess). Implementation problems: Clients must use a special software. Legitimate user with a slow machine. Describe what the server is doing. Verification is easy.

Our Approach Legitimate logins – done by humans. Dictionary attacks – run by programs. Login attempts must be accompanied by a computation that is easy for humans and hard for programs. Other requirements: Little impact on usability, portability, no additional hardware, easy implementation and integration.

Reverse Turing Test (RTT) Verifies “human in the loop”. A challenge from a domain in which humans excel and computers fail. Please type the following word:

Properties of Reverse Turing Tests (RTT, Captcha, ATT) Automated generation and verification. Easy for humans. Hard for computer programs. Small probability of guessing the answer (I.e. not a yes/no answer).

Reverse Turing Tests (RTT) Suggested by Moni Naor in 1996. Captcha project, CMU. http://www.captcha.net Used to prevent automated programs from accessing different features of web sites (Yahoo!, Paypal, AltaVista). Possible accessibility problems?

Security of RTTs Alta Vista: # of url submissions down by 90% after RTT were required. Pessimal print – “…RTTs are, and will be, hard for OCR programs” [CBF]. Unfortunately, simple RTTs (Yahoo!’s), displaying English text, can be broken with high probability [MM2002]. There will be an arms race. We only need that breaking RTTs isn’t too easy. CBF – Coates, baird, fateman. MM- Mori, Malik Explain why we only need that breaking is not too easy

Simple method I want to login RTT id, pwd, RTT answer (id,pwd) valid, and RTT answer is correct Welcome! Go away! Otherwise

Properties Securitya: Usability: User’s experience is more annoying Each password guess requires an RTT. Hard to guess RTT answer. Password space of size N requires adversary to answer N RTTs Usability: User’s experience is more annoying Scalability: server must generate many RTTs (one per login attempt).

Improved Authentication Method Each user typically uses a limited set of computers. Dictionary attacks originate from other computers. Servers can identify machines (e.g. using cookies or ip addresses).

Improved Authentication Method cookie, id, pwd If password is correct: Cookie indicates previous successful login to same account? Yes No Grant access RTT? Solution? Yes: Grant No: Deny! If password is incorrect: With prob 90% deny access With prob p=10% ask for an RTT and then deny access

Properties Usabilitya- user has to answer RTT In the first login from a new computer If entered wrong password Scalabilitya: Server generates RTTs only for 10% of incorrect login attempts.

Security User must receive identical feedback if, (id,pwd) pair is correct but RTT is required (id,pwd) pair is incorrect and RTT is required Attacker can easily identify a set of pN candidate passwords. To check these passwords, has to “pay” with an RTT answer per password. (We can also protect against cookie theft) Implication for timing

Security - example Parameters: N=106 passwords, 1000 possible answers for RTT, p=10%. Attacks: Attacker guesses RTT answer: succeeds with prob 10-8. Attacker breaks RTT in 3 seconds (automatically or using humans): expected to invest 42 hours per account.

And if RTT is broken… Identify a successful attack: Countermeasures: Monitor fraction of login attempts that solve the RTT but fail in entering password. Set alarm when this fraction increases. Countermeasures: Increase p (fraction of logins requiring RTT). Switch to an RTT from a different domain. Notify administrator

Implications wrt Account locking Common practice today: lock account after L unsuccessful login attempts. Risks: Denial of service, service calls. Assume: A secure RTT with 1000 possible answers, RTT needed for 10% of pwd guesses. Pwd space increases by a factor of 100. Therefore, can lock accounts after L*100 unsuccessful login attempts…

Benefits to server Better security against break-ins. Visible security measures, but with few usability effects. Easy implementation and integration. Less account locking Less denial of service attacks – important for corporates, auctions,… Save money - less customer support calls

Scores wrt Different Criteria Availability and portability: account can be accessed from everywhere. User friendliness: easy learning curve Robustness: less account locking Low implementation and operation costs Passwords score well. Our solution scores well, and provides better security.