Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and.

Slides:



Advertisements
Similar presentations
Securing Passwords against Dictionary Attacks
Advertisements

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Identity Based Encryption
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
0x1A Great Papers in Computer Security
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Bob can sign a message using a digital signature generation algorithm
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
Chapter 2. Network Security Protocols
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.
Session 7 LBSC 690 Information Technology Security.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Cryptography and Network Security (CS435) Part Eight (Key Management)
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.
Lecture 2: Introduction to Cryptography
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date: Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,
Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Key Generation Protocol in IBC Author : Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
1 Example security systems n Kerberos n Secure shell.
A plausible approach to computer-aided cryptographic proofs (a collection of thoughts) Shai Halevi – May 2005.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
3D Password.
Cryptography and Network Security Chapter 13
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Authentication Schemes for Session Passwords using Color and Images
Radius, LDAP, Radius used in Authenticating Users
REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.
Security.
Operating System Concepts
Presentation transcript:

Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and

Contents Introduction to Authentication Deniable Authentication Deniable authentication protocols Adaptive Multi-Trapdoor Commitment (AMTC) Scheme ATMC – based authenticators Decisional Diffie-Hellman (DDH) Scheme Passwords and AuthenticationDeniable Authentication Countermeasures against dictionary attacks and their weaknesses Reveres Turing Test (RTT) Basic User Authentication Protocol Solving Protocol Drawbacks Security Analysis Analysis for a user account Setting the parameters

Introduction to Authentication Formal definition Authentication technologies Concerns to: –Deniable authentication –Password security

Deniable Authentication Property of deniability Concept of deniable authentication –Privacy concerns of the sender Need for deniable authentication: –in private key cryptography? –in public key cryptography?

Deniable authentication protocols Example of deniable protocol What if the sender changes his/her mind? Need to forward deniability Proposal of new schemes based on: –Adaptive Multi-Trapdoor Commitment and –Decisional Diffie-Hellman protocols

Adaptive Multi-Trapdoor Commitment (AMTC) Scheme Notion of commitment Trapdoor Commitment Scheme (TCS) Adaptive Multi-Trapdoor Commitment (AMTC) Scheme: –CKG - a master key generation algorithm –Sel - given a master public key (PK), it outputs an equivalent key (pk) –Tkg - having a triple (PK, pk, TK) it outputs a trapdoor information (tk) –Com - verify a commitment Com(PK, pk, M, R) –Equiv - opening of a commitment C

ATMC – based authenticators (1/2)

ATMC – based authenticators (2/2)

Decisional Diffie-Hellman (DDH) Scheme (1/2)

Decisional Diffie-Hellman (DDH) Scheme (2/2)

Passwords and Authentication Passwords as authentication method Passwords convenient for both service providers and users Dictionary attacks against passwords Password eavesdropping

Countermeasures against dictionary attacks and their weaknesses Countermeasures –Delayed response –Account locking procedure Drawbacks of the countermeasures –Global password attacks –Denial of Service Attacks –Customer service cost

Reveres Turing Test (RTT) Found by M.Naor Distinguish between human and automated program –Automated generation –Easy for Humans –Hard for machines –Small probability of guessing the answer correctly

RTT (Cont..) Used by large IT companies –Yahoo –AltaVista –PayPal Possible drawbacks of RTTs –Based on the visual capabilities of the human Improvement of RTTs –Audible RTTs

Basic User Authentication Protocol Combines RTT with any password based authentication system –Slow down the execution of the automated programs tying to break in the system Drawbacks of the Protocol –Usability difficult for the user to answer RTT in every login attempt –Scalability not easy to generate and serve RTT per login attempt

Solving Protocol Drawbacks Limited set of computer used by the user –Small possibility of dictionary attack from this computes –Identify specific computer web browser by using cookies –No need of solving RTT by this computers RTT required only for a fraction of the login attempts

Security Analysis User Server Interaction –Feedback no. 1 Invalid username or password –Feedback no. 2 First answer RTT than you will be inform if the username/password pair is correct –Whether to ask for RTT is deterministic function from username /password pair –Same time delay regardless if the entered password is correct or not

Analysis for a user account To verify fraction of correct or incorrect passwords a RTT mast be pass first Assume that all passwords has the same probability to be correct Randomly chosen passwords Wining Ticket Game

Setting the parameters Steps to designee a successful authentication protocol: –Estimating the benefit that the attacker gain from breaking into account –Estimating the size of the domain of passwords –Estimating the cost of solving single RTT by the attacker –The cost of breaking an account should be higher than the potential gain from the break

The content on this presentation are being reproduced without the original author’s permission!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.