Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

Similar presentations


Presentation on theme: "1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global."— Presentation transcript:

1 1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global Mumbai, India Coauthors: Virendra Kumar, Mayank Singh, Ajith Abraham and Sugata Sanyal

2 2 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Introduction Passwords are the most widely used means of authentication Humans have a tendency to choose relatively short and simple passwords Thus, passwords bring along with them, the threat of dictionary attacks

3 3 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Dictionary attacks Dictionary attack means guessing the password and somehow check whether it is valid or not If the rate of guessing and validating is reasonably high, the attacker stands a good chance of breaking the password Two types: offline and online

4 4 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Offline dictionary attacks The attacker somehow gets access to some data which allow him to test passwords without any interaction with the server Theoretically impossible to resist w/o PKC but efficient protocols like EKE exist to resist these attacks using PKC

5 5 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Online dictionary attacks For each password validation, interaction with the server is required By attempting a login, it is always possible to test for password validity and hence, these attacks cannot be totally prevented Common countermeasures like account locking and delayed response are not satisfactory

6 6 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Our protocol Limits the rate of login attempt by asking the user to first solve a computational challenge Uses only fast one way hash functions for efficiency Totally stateless and thus less vulnerable to DoS attacks

7 7 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description Step 1: Alice sends her user ID to Bob This is a simple step in which Alice indicates her willingness to login

8 8 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Bob generates two random numbers r and R. r is a small (e.g. 20 bit) random number, R is a big (100 bit) random number Bob also computes H(r, P) where P is Alices password and computes a MAC = H(K Bob,H(r, P), Alice, n) K Bob is Bobs secret key, n is the number of failed attempts by Alice so far Step 2: Bob replies back with: H(r, R), R, MAC

9 9 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Alice should find out r before she can proceed with the login attempt. This is done by checking the hash values of all possible 20 bit number appended with R (and matching with H(r,R)) R acts as a salt to prevent her from pre-computing H(r) for all possible r This step is computationally intensive for Alice and prevents her from making a large number of login attempts per unit time.

10 10 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. After finding out r, Alice computes H(r, P) Step 3: Alice sends to Bob: Alice, H(r, P) along with the received MAC (=H(H(r, P), Alice, K Bob, n)) This step can be independently executed making the protocol stateless

11 11 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol description contd.. Bob hashes the received H(r, P) with its key, Alice, and n and matches the resulting quantity with the received MAC If they match, Alice is logged in Else n is incremented. Bob sends the success/failure signal

12 12 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol figure

13 13 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Security The MAC H(H(r, P), Alice, K Bob, n) is un-intelligible to Alice and is only meant to be returned to the server. This is to make the server stateless. This MAC is specific for the user and the login attempt. Thus, this cannot be re-used for any other user / attempting login more than once for a single user All this ensures that Alice did the required computation

14 14 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Variant 1 A minor variation in the message sequence produces interesting results Replace H(r,R) with H(r,P,R) in step 2 and 3 with MAC=H(H(r, P), Alice, K Bob, n) This rapidly increases the offline dictionary attack time, useful in case SSL protection is not used

15 15 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol Variant 2 Aimed at making the protocol secure again server compromise Replace H(P,r) with r, H (i-1) (P) with MAC = H(r, H i (P), Alice, K Bob, n) Relatively complex, uses Hash chains

16 16 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Thank You


Download ppt "1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global."

Similar presentations


Ads by Google