Presented by Sharan Dhanala Honeywords: Making Password-Cracking Detectable Randy Acheson, Joshua Allard, and Andrew Han Ari Juels, and Ronald L. Rivest. “Honeywords: Making password-cracking detectable.” In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS), pp. 145-160. ACM, 2013. Presented by Sharan Dhanala
Paper Summary The authors propose a method for improving the security of password hashing - Honeywords. The authors discuss about Honeywords design principle. The authors propose various honeywords generation methods. The authors also give an overview on the attacks on honeywords generation methods. Verification: How does the check whether a submitted password P’ is the true password Pi? How is index i verified without storing i alongside passwords? I am going to discuss about this aspect.
Motivation “The motivation of this paper is that the hashes are frequently inadequate protection for the passwords themselves; hash functions can be inverted on weak passwords, and most passwords are pretty weak.”
Honeywords: Verification Honeywords and true password are placed into a list of Sweetwords, in a random order. Exactly one of these Sweetwords is equal to the password Pi which is the true password. Honeychecker verifies the index of user’s password. Computer system Alice: P1 P2 P3 P4 … Pi Pn Honeychecker Alice: i
Honeywords: Honeychecker “We assume that the system may incorporate an auxiliary secure server called the “honeychecker” to assist with the use of honeywords”. Set: i, j Sets c(i) to have value j Check: i, j Checks that c(i) = j Honeychecker can be anything-background service or isolated DB or a server at remote secure location. Computer system Alice: Pi=P1 P2 P3 P4 … Pi Pn Honeychecker Alice: i Pi TRUE/FALSE i
Honeywords: Attacks on honeychecker Requests and updates sent to the honeycheckers need to be authenticated. Replies from honeychecker should be authenticated. If the communications between computer system and honeychecker is disabled by adversary then system goes into failover mode. Computer system Alice: Pi=P1 P2 P3 P4 … Pi Pn Honeychecker Alice: i Pi TRUE/FALSE i
Advantages of the design Benefits of distributed security. “A distributed security system aims to protect secrets even when an adversary compromises some of its systems or software.” The authors mention that it will be harder to compromise when the resources are diversified. Honeychecker is input only, simple and realistic to build. “The honeychecker can be configured to manage only a minimal amount of secret state.” Honeychecker can be offline- login is still possible with the exception of verification.
Disadvantages of the design Storage overhead Using honeyword generation approach, system needs to store k-1 more passwords for each user account. Thus for a system storing n users accounts, needs to store n × (k-1) extra information which magnifies the storage cost. Issue related to Multiple System Vulnerability If a user uses same password in two (or more) different systems (where systems are using same honeyword generation algorithm) and an adversary gets access to both the systems, then Multiple System Vulnerability may occur. Issue related to DoS resistivity If adversary can guess the honeywords while he/she knows the original password of user, then adversary can intentionally submit honeyword to generate a false negative feedback signal by the “honeychecker".
Conclusion Discussed about the honeywords design principle aspect. Discussed about the advantages and disadvantages of the design. The idea behind honeywords is to not stop the adversary from brute-force the password file but instead implement a way to detect that an adversary has logged in.