How to End Password Reuse on the Web

Wang, Ke Coby; Reiter, Michael K.

doi:10.14722/ndss.2019.23350

Cited by 15 publications

(22 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To prevent users from reusing their password across web services, Wang and Reiter [45,46] propose two protocols for a group of web services to check if a user is using the same password in multiple of the participating web services. The efficacy of this protocol relies on the coordination of many web services, making it harder to deploy.…”

Section: Background and Prior Workmentioning

confidence: 99%

“…We measure and compare the latency and bandwidth requirements for running different compromised credential checking services: MIGP (ours), GPC [41], IDB [31], WR19-Bloom [45] and WR20-Cuckoo [46]. Although WR19-Bloom [45] and WR20-Cuckoo [46] were designed to check user's passwords in multiple web services, these protocols can be easily used for checking user's leaked passwords, as well. WR19-Bloom and WR20-Cuckoo protocols rely on partial homomorphic encryption technique to build private membership test (PMT) protocols.…”

Section: Performance Analysismentioning

confidence: 99%

“…The server and the client are executed in two different EC2 11. Average latency (in milliseconds) for checking one password via GPC [41], IDB [31], WR19-Bloom [45], WR20-Cuckoo [46] and MIGP (ours) with different parameters. WR19-Bloom and MIGP-Bloom use Bloom filter to reduce the b/w requirement.…”

Section: Performance Analysismentioning

confidence: 99%

See 2 more Smart Citations

Might I Get Pwned: A Second Generation Compromised Credential Checking Service

Pal¹,

Islam²,

Sanusi³

et al. 2021

Preprint

View full text Add to dashboard Cite

Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these attacks, recently deployed compromised credential checking (C3) services provide APIs that help users and companies check whether a username, password pair is exposed. These services however only check if the exact password is leaked, and therefore do not mitigate credential tweaking attacks in which the adversary guesses variants of a user's leaked passwords.We initiate work on C3 APIs that protect users from credential tweaking attacks. The core underlying challenge is how to identify passwords that are similar to their leaked passwords while preserving honest clients' privacy and also preventing malicious clients from extracting breach data from the service. We formalize the problem and explore a variety of ways to measure password similarity that balance efficacy, performance, and security.Based on this exploration, we design "Might I Get Pwned" (MIGP), a new kind of breach alerting service. Our simulations show that MIGP reduces the efficacy of state-of-the-art 10guess credential tweaking attacks by 81%. MIGP preserves user privacy and limits potential exposure of sensitive breach entries. We show that the protocol is fast, with response time close to existing C3 services, and suitable for real-world deployment.

show abstract

Section: Background and Prior Workmentioning

confidence: 99%

Section: Performance Analysismentioning

confidence: 99%

See 1 more Smart Citation

Might I Get Pwned: A Second Generation Compromised Credential Checking Service

Pal¹,

Islam²,

Sanusi³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…III; account location privacy will be discussed in Sec. V. Proofs for all propositions in this section can be found in our technical report [72].…”

Section: Securitymentioning

confidence: 99%

How to End Password Reuse on the Web

Wang

Reiter

2019

Proceedings 2019 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

We present a framework by which websites can coordinate to make it difficult for users to set similar passwords at these websites, in an effort to break the culture of password reuse on the web today. Though the design of such a framework is fraught with risks to users' security and privacy, we show that these risks can be effectively mitigated through careful scoping of the goals for such a framework and through principled design. At the core of our framework is a private set-membership-test protocol that enables one website to determine, upon a user setting a password for use at it, whether that user has already set a similar password at another participating website, but with neither side disclosing to the other the password(s) it employs in the protocol. Our framework then layers over this protocol a collection of techniques to mitigate the leakage necessitated by such a test. We verify via probabilistic model checking that these techniques are effective in maintaining account security, and since these mechanisms are consistent with common user experience today, our framework should be unobtrusive to users who do not reuse similar passwords across websites (e.g., due to having adopted a password manager). Through a working implementation of our framework and optimization of its parameters based on insights of how passwords tend to be reused, we show that our design can meet the scalability challenges facing such a service.

show abstract

“…After this defect was corrected, by removing the display of the valid ticket in the error report web page, another experiment was carried out. In some cases the algorithm used to generate tickets is known by attackers because the source code for the server may be available or the attackers may be able to guess the ticket algorithm [17]. In the revised Netml system, tickets were calculated as: hexsha(username+Calendar.getInstance() .get(Calendar.DAY_OF_YEAR)) In the present case this algorithm was deliberately revealed to the attacker.…”

Section: B Second Experimentsmentioning

confidence: 99%

Experiments and Proofs in Web-service Security

Sheniar

Hadaad

Addie

et al. 2018

2018 28th International Telecommunication Networks and Applications Conference (ITNAC)

View full text Add to dashboard Cite

Many web services have a subsystem for allowing users to register, authenticate, reset their password, and change personal details. It is important that such subsystems cannot be abused by attackers to gain access to the accounts of other users. We study a system which was initially prone to such attacks. Specific attacks are demonstrated and the system is then modified to prevent such attacks in future. The design achieved in this way is then analysed to show that it can't be broken in future unless users allow their email to be intercepted. This is achieved by formulating the requirement as a statement of the user's expectations of the system and then analysing the source code of the system to prove that it meets these requirements. The process of attack, correction, and formulation of security rules, and proof that rules hold, is proposed as a methodical security design philosophy.

show abstract

How to End Password Reuse on the Web

Cited by 15 publications

References 27 publications

Might I Get Pwned: A Second Generation Compromised Credential Checking Service

Might I Get Pwned: A Second Generation Compromised Credential Checking Service

How to End Password Reuse on the Web

Experiments and Proofs in Web-service Security

Contact Info

Product

Resources

About