1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

Slides:



Advertisements
Similar presentations
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Advertisements

Security Issues In Mobile IP
RSA.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Chapter 10 Real world security protocols
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
1 Welcome to JCCAA Data base presentation Click box to see the DEMO 1.JCCAA Web Site 2. Member Login 3. My Acount 4. School DBA The end.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Off-the-Record Communication, or, Why Not To Use PGP
Lecture 5: Cryptographic Hashes
CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Digital Signatures and Hash Functions. Digital Signatures.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Authentication System
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Strong Password Protocols
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication.
Chapter 2. Network Security Protocols
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
COEN 351 E-Commerce Security Essentials of Cryptography.
Lecture 11: Strong Passwords
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
Presented by Sharan Dhanala
COEN 351 E-Commerce Security
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
1 (Re)Introducing Strong Password Protocols Radia Perlman
1 Authentication Protocols Rocky K. C. Chang 9 March 2007.
Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
Strong Password Protocols
Strong Password Protocols
CompChall: Addressing Password Guessing Attacks
AIT 682: Network and Systems Security
Presentation transcript:

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global Mumbai, India Coauthors: Virendra Kumar, Mayank Singh, Ajith Abraham and Sugata Sanyal

2 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Introduction Passwords are the most widely used means of authentication Humans have a tendency to choose relatively short and simple passwords Thus, passwords bring along with them, the threat of dictionary attacks

3 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Dictionary attacks Dictionary attack means guessing the password and somehow check whether it is valid or not If the rate of guessing and validating is reasonably high, the attacker stands a good chance of breaking the password Two types: offline and online

4 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Offline dictionary attacks The attacker somehow gets access to some data which allow him to test passwords without any interaction with the server Theoretically impossible to resist w/o PKC but efficient protocols like EKE exist to resist these attacks using PKC

5 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Online dictionary attacks For each password validation, interaction with the server is required By attempting a login, it is always possible to test for password validity and hence, these attacks cannot be totally prevented Common countermeasures like account locking and delayed response are not satisfactory

6 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Our protocol Limits the rate of login attempt by asking the user to first solve a computational challenge Uses only fast one way hash functions for efficiency Totally stateless and thus less vulnerable to DoS attacks

7 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description Step 1: Alice sends her user ID to Bob This is a simple step in which Alice indicates her willingness to login

8 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Bob generates two random numbers r and R. r is a small (e.g. 20 bit) random number, R is a big (100 bit) random number Bob also computes H(r, P) where P is Alices password and computes a MAC = H(K Bob,H(r, P), Alice, n) K Bob is Bobs secret key, n is the number of failed attempts by Alice so far Step 2: Bob replies back with: H(r, R), R, MAC

9 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Alice should find out r before she can proceed with the login attempt. This is done by checking the hash values of all possible 20 bit number appended with R (and matching with H(r,R)) R acts as a salt to prevent her from pre-computing H(r) for all possible r This step is computationally intensive for Alice and prevents her from making a large number of login attempts per unit time.

10 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. After finding out r, Alice computes H(r, P) Step 3: Alice sends to Bob: Alice, H(r, P) along with the received MAC (=H(H(r, P), Alice, K Bob, n)) This step can be independently executed making the protocol stateless

11 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Bob hashes the received H(r, P) with its key, Alice, and n and matches the resulting quantity with the received MAC If they match, Alice is logged in Else n is incremented. Bob sends the success/failure signal

12 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol figure

13 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Security The MAC H(H(r, P), Alice, K Bob, n) is un-intelligible to Alice and is only meant to be returned to the server. This is to make the server stateless. This MAC is specific for the user and the login attempt. Thus, this cannot be re-used for any other user / attempting login more than once for a single user All this ensures that Alice did the required computation

14 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Variant 1 A minor variation in the message sequence produces interesting results Replace H(r,R) with H(r,P,R) in step 2 and 3 with MAC=H(H(r, P), Alice, K Bob, n) This rapidly increases the offline dictionary attack time, useful in case SSL protection is not used

15 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Variant 2 Aimed at making the protocol secure again server compromise Replace H(P,r) with r, H (i-1) (P) with MAC = H(r, H i (P), Alice, K Bob, n) Relatively complex, uses Hash chains

16 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.