Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

Published byKylie Sandoval Modified over 10 years ago

Similar presentations

Presentation on theme: "1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global."— Presentation transcript:

1 1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global Mumbai, India Coauthors: Virendra Kumar, Mayank Singh, Ajith Abraham and Sugata Sanyal

2 2 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Introduction Passwords are the most widely used means of authentication Humans have a tendency to choose relatively short and simple passwords Thus, passwords bring along with them, the threat of dictionary attacks

3 3 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Dictionary attacks Dictionary attack means guessing the password and somehow check whether it is valid or not If the rate of guessing and validating is reasonably high, the attacker stands a good chance of breaking the password Two types: offline and online

4 4 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Offline dictionary attacks The attacker somehow gets access to some data which allow him to test passwords without any interaction with the server Theoretically impossible to resist w/o PKC but efficient protocols like EKE exist to resist these attacks using PKC

5 5 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Online dictionary attacks For each password validation, interaction with the server is required By attempting a login, it is always possible to test for password validity and hence, these attacks cannot be totally prevented Common countermeasures like account locking and delayed response are not satisfactory

6 6 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Our protocol Limits the rate of login attempt by asking the user to first solve a computational challenge Uses only fast one way hash functions for efficiency Totally stateless and thus less vulnerable to DoS attacks

7 7 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description Step 1: Alice sends her user ID to Bob This is a simple step in which Alice indicates her willingness to login

8 8 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Bob generates two random numbers r and R. r is a small (e.g. 20 bit) random number, R is a big (100 bit) random number Bob also computes H(r, P) where P is Alices password and computes a MAC = H(K Bob,H(r, P), Alice, n) K Bob is Bobs secret key, n is the number of failed attempts by Alice so far Step 2: Bob replies back with: H(r, R), R, MAC

9 9 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Alice should find out r before she can proceed with the login attempt. This is done by checking the hash values of all possible 20 bit number appended with R (and matching with H(r,R)) R acts as a salt to prevent her from pre-computing H(r) for all possible r This step is computationally intensive for Alice and prevents her from making a large number of login attempts per unit time.

10 10 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. After finding out r, Alice computes H(r, P) Step 3: Alice sends to Bob: Alice, H(r, P) along with the received MAC (=H(H(r, P), Alice, K Bob, n)) This step can be independently executed making the protocol stateless

11 11 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Bob hashes the received H(r, P) with its key, Alice, and n and matches the resulting quantity with the received MAC If they match, Alice is logged in Else n is incremented. Bob sends the success/failure signal

12 12 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol figure

13 13 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Security The MAC H(H(r, P), Alice, K Bob, n) is un-intelligible to Alice and is only meant to be returned to the server. This is to make the server stateless. This MAC is specific for the user and the login attempt. Thus, this cannot be re-used for any other user / attempting login more than once for a single user All this ensures that Alice did the required computation

14 14 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Variant 1 A minor variation in the message sequence produces interesting results Replace H(r,R) with H(r,P,R) in step 2 and 3 with MAC=H(H(r, P), Alice, K Bob, n) This rapidly increases the offline dictionary attack time, useful in case SSL protection is not used

15 15 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Variant 2 Aimed at making the protocol secure again server compromise Replace H(P,r) with r, H (i-1) (P) with MAC = H(r, H i (P), Alice, K Bob, n) Relatively complex, uses Hash chains

16 16 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Thank You

Download ppt "1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Security Issues In Mobile IP

Security Issues In Mobile IP
RSA.

RSA.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
1 Welcome to JCCAA Data base presentation Click box to see the DEMO 1.JCCAA Web Site 2. Member Login 3. My Acount 4. School DBA The end.

1 Welcome to JCCAA Data base presentation Click box to see the DEMO 1.JCCAA Web Site 2. Member Login 3. My Acount 4. School DBA The end.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Similar presentations

Ads by Google