Presentation is loading. Please wait.

Presentation is loading. Please wait.

Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.

Published byClaire Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University."— Presentation transcript:

1 Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley emil@cs.berkeley.edu Mikhail Atallah Purdue University mja@cs.purdue.edu

2 Remedies for Authentication Attacks Guessing passwords o Require strong passwords. Eavesdropping o Encrypt traffic (e.g., TSL/SSH). Man in the middle o Pre-shared secrets, certificate based authentication. Spyware o Intrusion detection systems / antivirus Phishing o TSL, web filters. Shoulder surfing o Common sense. Physical Coercion o Duress Detection

3 Physical Coercion Alice has an account on a server. To use the server she must log in with her password. One day, Oscar threatens Alice and demands to know her password.

4 Duress Signaling What should Alice do? o Provide the correct password? Oscar wins. o Refuse to cooperate? Oscar carries out his threat. o Provide an invalid password? Oscar tries the password and determines that Alice refused to cooperate. o Provide a duress password? The attacker logs in but unknowingly signals a silent alarm.

5 Duress Password What should it look like? o Let’s review a few possibilities.

6 Two-Password Schemes

7 N-Password Schemes

8 PIN Schemes Alice has: o A strong password (e.g., “VHz3xK*bL8”) This must be correct during normal and duress authentications. o A PIN (e.g., “8394”) Alice uses her PIN for a normal authentication. She gives Oscar any other PIN during duress. Advantages? o Less for Alice to remember. o Oscar’s probability of success is low. Problems? o Recall attack – Oscar can ask her to repeat the PIN later. Alice might forget the PIN she gave Oscar. o Typos – Easy to mistype a PIN and cause a false alarm.

9 Our Approach We split the authentication secret into two: o A strong password – just like usual. o A keyword from a dictionary. Carefully choose a keyword dictionary. o Specify requirements. o Give an example. Allows for Alice to be an administrator. o Has access to the password/keyword store. o Can intercept network traffic. Allows multiple users/administrators. o Alice, Bob, etc.

10 Login Screen

11 Single Administrator Scheme A single administrator (Alice) is being attacked. Server stores passwords and keywords (hashed & salted). Incorrect keyword  server notifies authorities.

12 Single Administrator Scheme Problem: o Oscar gains administrator access. o Oscar can verify the keyword. Solution: 1.The server notifies the authorities. 2.The server overwrites the correct keyword.

13 Single Administrator Scheme Not secure for multiple administrators! Attack: Alice and Bob are administrators. Oscar attacks both of them. Oscar authenticates as one of them and checks the keyword of the other one. o Solution? Our multiple administrator scheme.

14 Multiple Administrator Scheme Oscar attacks Alice. Alice provides a correct password and an incorrect keyword. The server receives the credentials.

15 Multiple Administrator Scheme Authentication server: o Has purposely “forgotten” the correct keyword. o Creates a privacy-preserving record. o Sends it to the monitoring server.

16 Multiple Administrator Scheme Monitoring server: o Checks the authentication record. o If duress  notifies monitoring personnel.

17 Multiple Administrator Scheme Monitoring personnel: o Notify the authorities. Similar to existing alarm system companies.

18 Key ideas: o The authentication server never knows the correct keyword. o The monitoring server can only decrypt duress authentication records. o Keywords are picked from a carefully selected dictionary (more on this later). Multiple Administrator Scheme

19 Keyword Dictionary Requirements Well defined o Implicitly defined by a topic. o Alice can randomly pick a keyword by only memorizing the topic. Hard to make a typo o Large edit distance between keywords.

20 Keyword Dictionary Example: U.S. States #KeywordClosest KeywordEdit Distance 1arkansaskansas2 2 arkansas2 3northcarolinasouthcarolina2 4northdakotasouthdakota2 5southcarolinanorthcarolina2 6southdakotanorthdakota2 7alabamaAlaska3 … 45rhodeislandlouisiana6 46washingtonmichigan6 47newhampshirenewmexico7 48connecticutkentucky8 49pennsylvaniaindiana8 50massachusettsarkansas9

21 Performance Authentication TimeMonitoring Time 1024-bit Keys 0.203 ms0.125 ms 2048-bit Keys 0.250 ms0.671 ms 3072-bit Keys 0.343 ms2.075 ms 4096-bit Keys 0.468 ms6.318 ms

Download ppt "Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Password-based Credentials Download Protocols Radia Perlman

Password-based Credentials Download Protocols Radia Perlman
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

Similar presentations

Ads by Google