Presentation is loading. Please wait.

Presentation is loading. Please wait.

Measuring Real-World Accuracies and Biases in Modeling Password Guessability Segreti. et al. Usenix Security 2015.

Published byCatherine George Modified over 8 years ago

Similar presentations

Presentation on theme: "Measuring Real-World Accuracies and Biases in Modeling Password Guessability Segreti. et al. Usenix Security 2015."— Presentation transcript:

1 Measuring Real-World Accuracies and Biases in Modeling Password Guessability Segreti. et al. Usenix Security 2015

2 What is password guessability? It measures how easy to guess a password. Bad password: “password”, “Iloveyou” Good password: “qw3^D)Z1”, “j@mesb0nd007!” Different ways: Traditional: Shannon Entropy (not practical) NIST Entropy (rule based) Currently: α-guesswork Parameterized metrics

3 Why measures password guessability? 1.Eliminate bad passwords. Organizational password audits 2. Help users create better passwords. Provide feedback

4 Password Guessability Metrics Statistical metrics α-guesswork it takes 1 million guesses for an attacker to guess 10% of passwords in a password set measures password set as a whole Parameterized metrics Investigate guessability under a cracking algorithm (simulate an attacker) measures guessability of individual password. security against real-world attacks, not idealized attacks. Does it accurately model real-world attackers? Does the attacker run only one algorithm? Parameter tuning.

5 Cracking Algorithm Brute-force and mask Attacks Dumbly iterate all possibilities Mask attacks first give a mask and then iterate e.g. choose L6D1 start from aaaaaa0, aaaaaa1, aaaaaa2, etc Mangled wordlists attacks (may be the most popular) given a dictionary that contains possible passwords mangling rules e.g. ‘password’ -> ‘p@ssword’

6 Cracking Algorithm Probabilistic context-free grammar (PCFG) Train using real-world passwords (usually from breached password set) Build a password distribution model ranks password structure by probability e.g. p(L3D3S1) = 0.05% ranks special characters and numbers by probability e.g. p(123|D3) = 0.04%, e.g. p(!|S1) = 20% insert characters using an external library e.g. has 50 L3 entries. p(L3) = 1/50 Generate password guess by descending probability: e.g. p(“abc123!”) = 0.05% * 0.04% * 20% * 1/50

7 Cracking Algorithm Markov Models Train using real-world passwords (usually from breached password set) Choose an order, build markov models and compute probability of guesses. e.g order-5 markov model, what is the probability of “abcde”? p(abcd) = 10% p(e|abcd) = 80% p(bcde|end) = 30% p(“abcde”) = 10% * 80% * 30% try guesses in descending probability order

8 This paper will... Analyze 4 automated cracking algorithm and 1 manual cracking method. Show that a single cracking algorithm relatively out-of-box produces a poor estimate of password guessability. Uncover the export procedure - using multiple well- configured algorithm in parallel.

9 This paper What to expect from this paper: Measurement, comparison of existing password cracking algorithm. comparison of algorithm efficiencies between researcher and attacker. What not to expect from this paper Novel technique or algorithm New system

10 Dataset (testing data) 13,345 passwords created under composition policies. Amazon Mechanical Turk Basic: 8+ chars Complex: 8+ chars, containing 4 character classes LongBasic: 16+ chars, LongComplex: 16+ chars, containing 4 character classes 15,000 from rockyou leak and 15,000 from Yahoo leak

11 Dataset (Training data) Breaches of MySpace, Rockyou, and Yahoo Dictionaries (19.4m in total): Single words from Google Web Corpus UNIX dictionary 250,000 words inflection dictionary

12 Simulating Password Cracking PCFG Markov-Model John the Ripper Hashcat Professional Cracker (Done by a security company - KoreLogic)

13 KoreLogic - professional cracker 1.Use JTR and Hashcat with proprietary wordlists, mangling rules, mask lists, and Markov models 2.Optimized over 10 years of password auditing 3.Dynamically update their mangling rules 4.Attack a. Complex b.Long c.Long Complex

14 Results - Configuration out-of-the-box configurations commonly used by researchers substantially underestimate password vulnerability. Hashcat different configuration PCFG and Markov Model Training Data Conclusion: Unoptimized configuration means underestimation the vulnerabilities

15 Guessing by automated approaches Attack Baisc Passwords Attack Long Passwords

16 Guessing by automated approaches Attack LongBasic Passwords Attack LongComplex Passwords

17 Guessed portion of password Limite: 10^(14) guesses

18 Guessing by pros Automated Approaches guess more in early stage An analyst wrote free-style rules at 10^(13) guesses, which significantly increase the cracked passwords Min_auto metric is a conservative approximation of the success of Pros

19 Limited Professional Cracking Attack 4239 complex passwords

20 Difference between approaches - Coverage Basic Password On contrast: LongBasic Shared: 6% 28% of Complex, LongBasic, and LongComplex passwords were guessed only by a single approach.

21 Difference between approaches - Char types Passwords contain only lower-case characters Also different in other settings

22 Difference between approaches - Different Policies Pro Attack Automated Attack (all attacking algorithms)

23 Difference between approaches - Different Policies

24 Difference between approaches - Individual Password

25 Conclusion A single guessing algorithm -> poor estimation several well-configured algorithms -> fairly good estimation of real attackers Different approaches have different outcome

26 Questions 1.why do we measure password strength? (2 main reasons) 2. Why is measuring password strength difficult? 3. What should a researcher do to make his estimation of password strength more accurate?

27 Questions 1.why do we measure password strength? (2 main reasons) 2.Why is measuring password strength difficult? 3.What should a researcher do to make his estimation of password strength more accurate?

Download ppt "Measuring Real-World Accuracies and Biases in Modeling Password Guessability Segreti. et al. Usenix Security 2015."

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
On the Semantic Patterns of Passwords and their Security Impact RAFAEL VERAS, CHRISTOPHER COLLINS, JULIE THORPE UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY.

On the Semantic Patterns of Passwords and their Security Impact RAFAEL VERAS, CHRISTOPHER COLLINS, JULIE THORPE UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms by Patrick Gage Kelley, Saranga Komanduri, Michelle.

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms by Patrick Gage Kelley, Saranga Komanduri, Michelle.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Hidden Markov Model 11/28/07. Bayes Rule The posterior distribution Select k with the largest posterior distribution. Minimizes the average misclassification.

Hidden Markov Model 11/28/07. Bayes Rule The posterior distribution Select k with the largest posterior distribution. Minimizes the average misclassification.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.

Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
NetID Password Strength Initiative Gary Windham Senior Enterprise Systems Architect UITS Computing Services.

NetID Password Strength Initiative Gary Windham Senior Enterprise Systems Architect UITS Computing Services.
Lecture 5: Learning models using EM

Lecture 5: Learning models using EM
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.

Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database.
1 Ranked Queries over sources with Boolean Query Interfaces without Ranking Support Vagelis Hristidis, Florida International University Yuheng Hu, Arizona.

1 Ranked Queries over sources with Boolean Query Interfaces without Ranking Support Vagelis Hristidis, Florida International University Yuheng Hu, Arizona.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.
Relevance Feedback Content-Based Image Retrieval Using Query Distribution Estimation Based on Maximum Entropy Principle Irwin King and Zhong Jin The Chinese.

Relevance Feedback Content-Based Image Retrieval Using Query Distribution Estimation Based on Maximum Entropy Principle Irwin King and Zhong Jin The Chinese.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
IE 594 : Research Methodology – Discrete Event Simulation David S. Kim Spring 2009.

IE 594 : Research Methodology – Discrete Event Simulation David S. Kim Spring 2009.

Similar presentations

Ads by Google