A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System

Genç, Ziya Alper; Lenzini, Gabriele; Ryan, Peter Y. A.; Sandoval, Itzel Vazquez

doi:10.5220/0006609100830095

Cited by 7 publications

(18 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To protect implementations against remote timing attacks [3], the time-cost of the multiplication is usually t c , a constant that depends on the chosen curve c. Thus, the time-cost of our protocol's implementation is constant in t c . We do not have measures over our protocol performances (we are currently implementing our solution in C# atop the Microsoft .NET framework), but from previous experiences with more complex protocols using exponentiation, as the one documented in [4], we expect the overhead on the user and on the login server to be negligible.…”

Section: Methodsmentioning

confidence: 99%

“…To the best of our knowledge, the protocol that we describe here is novel, but the motivation of the work is rooted in previous research of ours [4].…”

Section: Previous Work and Contributionmentioning

confidence: 99%

“…In [4] we reviewed the protocol to make it tamper-evident when the Login Server (LS)'s code is corrupted by the adversary. The resulting protocol seems to suggest a completely new way to authenticate users, which also makes a password file resilient to off-line dictionary attacks.…”

Section: Previous Work and Contributionmentioning

confidence: 99%

“…The token obtained, h r1 (H(w)) is sent to LS together with U's id, u (2). On reception, LS anticipates the next OTP number, r 2 = OTP(2) (by operating the device twice) and rehashes the identity token it has received from U using that number (3,4). LS relies on a strategy that we describe next and that does not require LS to know the password.…”

Section: An Enhanced Password-based Authenticationmentioning

confidence: 99%

See 3 more Smart Citations

A Protocol to Strengthen Password-Based Authentication

Sandoval

Stojkovski

Lenzini

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We discuss a password-based authentication protocol that we argue to be robust against password-guessing and off-line dictionary attacks. The core idea is to hash the passwords with a seed that comes from an OTP device, making the resulting identity token unpredictable for an adversary. We believe that the usability of this new protocol is the same as that of password-based methods with OTP, but has the advantage of not burdening users with having to choose strong passwords.

show abstract

Section: Methodsmentioning

confidence: 99%

“…To the best of our knowledge, the protocol that we describe here is novel, but the motivation of the work is rooted in previous research of ours [4].…”

Section: Previous Work and Contributionmentioning

confidence: 99%

Section: Previous Work and Contributionmentioning

confidence: 99%

Section: An Enhanced Password-based Authenticationmentioning

confidence: 99%

See 2 more Smart Citations

A Protocol to Strengthen Password-Based Authentication

Sandoval

Stojkovski

Lenzini

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…In a conference version of this work [7], we took on the task to discuss the part of the problem regarding "to withstand [..] code modification of the computer system".…”

Section: Juels and Rivest's Honeywords Systemmentioning

confidence: 99%

A Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack

Genç

Lenzini

Ryan

et al. 2019

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and Rivest introduced the Honeywords System in 2013. The core idea is to store the password with a list of decoy words that are "indistinguishable" from the password, called honeywords. An adversary that obtains the password file and, by dictionary attack, retrieves the honeywords can only guess the password when attempting to log in: but any incorrect guess will set off an alarm, warning that file has been compromised. In a recent conference paper, we studied the security of the Honeywords System in a scenario where the intruder also manages to corrupt the server's code (with certain limiting assumptions); we proposed an authentication protocol and proved it secure despite the corruption. In this extended journal version, we detail the analysis and we extend it, under the same attacker model, to the other two protocols of the original Honeywords System, the setup and change of password. We formally verify the security of both of them; further, we discuss that our design suggests a completely new approach that diverges from the original idea of the Honeywords System but indicates an alternative way to authenticate users which is robust to server's code-corruption.

show abstract