Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

Password-based Credentials Download Protocols Radia Perlman
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Authentication System
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Strong Password Protocols
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
IS 302: Information Security and Trust Week 9: User Authentication (part II) and Introduction to Internet Security 2012.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Lecture 11: Strong Passwords
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.
Network Security – Special Topic on Skype Security.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Jeremy Clark Authenticating under duress Urs Hengartner Panic Passwords:
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Knock Yourself Out Secure Authentication with Short Re-Usable Passwords by Benjamin Guldenring, Volker Roth and Lars Ries PRESENTED BY EUNYOUNG CHO COLLEGE.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
CSCE 201 Identification and Authentication Fall 2015.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Searchable Encryption in Cloud
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Strong Password Protocols
Strong Password Protocols
KERBEROS.
Computer Security Protection in general purpose Operating Systems
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Presentation transcript:

Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University

Remedies for Authentication Attacks Guessing passwords o Require strong passwords. Eavesdropping o Encrypt traffic (e.g., TSL/SSH). Man in the middle o Pre-shared secrets, certificate based authentication. Spyware o Intrusion detection systems / antivirus Phishing o TSL, web filters. Shoulder surfing o Common sense. Physical Coercion o Duress Detection

Physical Coercion Alice has an account on a server. To use the server she must log in with her password. One day, Oscar threatens Alice and demands to know her password.

Duress Signaling What should Alice do? o Provide the correct password? Oscar wins. o Refuse to cooperate? Oscar carries out his threat. o Provide an invalid password? Oscar tries the password and determines that Alice refused to cooperate. o Provide a duress password? The attacker logs in but unknowingly signals a silent alarm.

Duress Password What should it look like? o Let’s review a few possibilities.

Two-Password Schemes

N-Password Schemes

PIN Schemes Alice has: o A strong password (e.g., “VHz3xK*bL8”) This must be correct during normal and duress authentications. o A PIN (e.g., “8394”) Alice uses her PIN for a normal authentication. She gives Oscar any other PIN during duress. Advantages? o Less for Alice to remember. o Oscar’s probability of success is low. Problems? o Recall attack – Oscar can ask her to repeat the PIN later. Alice might forget the PIN she gave Oscar. o Typos – Easy to mistype a PIN and cause a false alarm.

Our Approach We split the authentication secret into two: o A strong password – just like usual. o A keyword from a dictionary. Carefully choose a keyword dictionary. o Specify requirements. o Give an example. Allows for Alice to be an administrator. o Has access to the password/keyword store. o Can intercept network traffic. Allows multiple users/administrators. o Alice, Bob, etc.

Login Screen

Single Administrator Scheme A single administrator (Alice) is being attacked. Server stores passwords and keywords (hashed & salted). Incorrect keyword  server notifies authorities.

Single Administrator Scheme Problem: o Oscar gains administrator access. o Oscar can verify the keyword. Solution: 1.The server notifies the authorities. 2.The server overwrites the correct keyword.

Single Administrator Scheme Not secure for multiple administrators! Attack: Alice and Bob are administrators. Oscar attacks both of them. Oscar authenticates as one of them and checks the keyword of the other one. o Solution? Our multiple administrator scheme.

Multiple Administrator Scheme Oscar attacks Alice. Alice provides a correct password and an incorrect keyword. The server receives the credentials.

Multiple Administrator Scheme Authentication server: o Has purposely “forgotten” the correct keyword. o Creates a privacy-preserving record. o Sends it to the monitoring server.

Multiple Administrator Scheme Monitoring server: o Checks the authentication record. o If duress  notifies monitoring personnel.

Multiple Administrator Scheme Monitoring personnel: o Notify the authorities. Similar to existing alarm system companies.

Key ideas: o The authentication server never knows the correct keyword. o The monitoring server can only decrypt duress authentication records. o Keywords are picked from a carefully selected dictionary (more on this later). Multiple Administrator Scheme

Keyword Dictionary Requirements Well defined o Implicitly defined by a topic. o Alice can randomly pick a keyword by only memorizing the topic. Hard to make a typo o Large edit distance between keywords.

Keyword Dictionary Example: U.S. States #KeywordClosest KeywordEdit Distance 1arkansaskansas2 2 arkansas2 3northcarolinasouthcarolina2 4northdakotasouthdakota2 5southcarolinanorthcarolina2 6southdakotanorthdakota2 7alabamaAlaska3 … 45rhodeislandlouisiana6 46washingtonmichigan6 47newhampshirenewmexico7 48connecticutkentucky8 49pennsylvaniaindiana8 50massachusettsarkansas9

Performance Authentication TimeMonitoring Time 1024-bit Keys ms0.125 ms 2048-bit Keys ms0.671 ms 3072-bit Keys ms2.075 ms 4096-bit Keys ms6.318 ms

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.