Embed Size (px)
DESCRIPTION
Duress Detection for Authentication Attacks Against Multiple Administrators. Emil Stefanov UC Berkeley [email protected] Mikhail Atallah Purdue University [email protected]. Remedies for Authentication Attacks. Guessing passwords Require strong passwords. Eavesdropping - PowerPoint PPT Presentation
Citation preview
Duress Detection for Authentication Attacks
AgainstMultiple AdministratorsEmil StefanovUC Berkeley
uMikhail Atallah
Purdue [email protected]
Remedies for Authentication Attacks• Guessing
passwordso Require strong
passwords.• Eavesdropping
o Encrypt traffic (e.g., TSL/SSH).
• Man in the middleo Pre-shared secrets,
certificate based authentication.
• Spywareo Intrusion detection
systems / antivirus• Phishing
o TSL, web filters.• Shoulder surfing
o Common sense.• Physical Coercion
o Duress Detection
Physical Coercion• Alice has an account on a server.• To use the server she must log in
with her password.• One day, Oscar
threatens Alice and demands to know her password.
Duress Signaling• What should Alice do?
o Provide the correct password?• Oscar wins.
o Refuse to cooperate?• Oscar carries out his threat.
o Provide an invalid password?• Oscar tries the password and determines that Alice refused to cooperate.
o Provide a duress password?• The attacker logs in but unknowingly signals a silent alarm.
Duress Password• What should it look like?
o Let’s review a few possibilities.
Two-Password Schemes
• Alice has two passwords:o A correct password
• She always uses this one to log in when she is not under duress.
o A duress passwords• She gives this one to Oscar during duress.
• Advantages?o Simple to explain and implement.
• Problems?o Oscar can ask for both passwords Succeeds with
probability .o Alice will likely forget her duress password because she
never uses it.
N-Password Schemes• Alice has N passwords:
o One correct password• She always uses this one to log in when she is
not under duress.o N-1 duress passwords
• She gives this one to Oscar during duress.
• Advantages?o Oscar’s probability of success is smaller: .
• Problems?o Alice has to remember passwords, and she never
uses of them! This is not practical.
PIN Schemes• Alice has:
o A strong password (e.g., “VHz3xK*bL8”)• This must be correct during normal and duress
authentications.o A PIN (e.g., “8394”)
• Alice uses her PIN for a normal authentication.• She gives Oscar any other PIN during duress.
• Advantages?o Less for Alice to remember.o Oscar’s probability of success is low.
• Problems?o Recall attack – Oscar can ask her to repeat the PIN later.
• Alice might forget the PIN she gave Oscar.o Typos – Easy to mistype a PIN and cause a false alarm.
Our Approach• We split the authentication secret into two:
o A strong password – just like usual.o A keyword from a dictionary.
• Carefully choose a keyword dictionary.o Specify requirements.o Give an example.
• Allows for Alice to be an administrator.o Has access to the password/keyword store.o Can intercept network traffic.
• Allows multiple users/administrators.o Alice, Bob, etc.
Login Screen
Single Administrator Scheme
• A single administrator (Alice) is being attacked.
• Server stores passwords and keywords (hashed & salted).
• Incorrect keyword server notifies authorities.
Single Administrator Scheme
• Problem:oOscar gains administrator access.oOscar can verify the keyword.
• Solution:1. The server notifies the authorities.2. The server overwrites the correct
keyword.
Single Administrator Scheme
• Not secure for multiple administrators!
• Attack:• Alice and Bob are administrators.• Oscar attacks both of them.• Oscar authenticates as one of them and
checks the keyword of the other one.o Solution?• Our multiple administrator scheme.
Multiple Administrator Scheme
• Oscar attacks Alice.• Alice provides a correct password and
an incorrect keyword.• The server receives the credentials.
Multiple Administrator Scheme
• Authentication server:o Has purposely “forgotten” the correct
keyword.o Creates a privacy-preserving record.o Sends it to the monitoring server.
Multiple Administrator Scheme
• Monitoring server:o Checks the authentication record.o If duress notifies monitoring personnel.
Multiple Administrator Scheme
• Monitoring personnel:o Notify the authorities.
• Similar to existing alarm system companies.
• Key ideas:oThe authentication server never
knows the correct keyword.oThe monitoring server can only
decrypt duress authentication records.
oKeywords are picked from a carefully selected dictionary (more on this later).
Multiple Administrator Scheme
Keyword Dictionary Requirements
• Well definedo Implicitly defined by a topic.oAlice can randomly pick a keyword
by only memorizing the topic.• Hard to make a typo
o Large edit distance between keywords.
Keyword Dictionary Example: U.S. States
# Keyword Closest Keyword Edit Distance
1 arkansas kansas 22 kansas arkansas 23 northcarolina southcarolina 24 northdakota southdakota 25 southcarolina northcarolina 26 southdakota northdakota 27 alabama Alaska 3
…45 rhodeisland louisiana 646 washington michigan 647 newhampshire newmexico 748 connecticut kentucky 849 pennsylvania indiana 850 massachusetts arkansas 9
Performance Authentication
TimeMonitoring
Time1024-bit
Keys 0.203 ms 0.125 ms2048-bit
Keys 0.250 ms 0.671 ms3072-bit
Keys 0.343 ms 2.075 ms4096-bit
Keys 0.468 ms 6.318 ms
