Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Presentation 3 1 1 1

Achieving Flatness:Selecting Honeywords From Existing User Passwords

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

Presentation 3 1 1 1

  1. 1. S E L E C T I N G H O N E Y W O R D S F R O M E X I S T I N G U S E R P A S S W O R D S P R E S E N T E D B Y : R A S H W I N K U M A R - 2 4 5 1 - 1 2 - 7 3 3 - 3 2 2 A L L A D I M A H E S H - 2 4 5 1 - 1 2 - 7 3 3 - 3 2 4 I M E E N A K S H I - 2 4 5 1 - 1 2 - 7 3 3 - 3 1 6
  2. 2. INTRODUCTION • Recently, Juels and Rivest proposed honeywords (decoy passwords) to detect attacks against hashed password databases. • For each user account, the legitimate password is stored with several honeywords in order to sense impersonation. • If honeywords are selected properly, a cyber-attacker who steals a file of hashed passwords cannot be sure if it is the real password or a honeyword for any account. • Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. • At the expense of increasing the storage requirement by 20 times, the authors introduce a simple and effective solution to the detection of password file disclosure events.
  3. 3. • Honeywords – enables detection of theft, prevents impersonation • Honeywords are ``decoy passwords’’ (many for each user) • Separate ``honeychecker’’ aids in password checking • Why Honeywords? 6+ millions passwords Hacked in june 2012 1.5 million passwords june 2012 450,000 passwords july 2012
  4. 4. PROBLEM DEFINITION • In this respect, there are two issues that should be considered to overcome these security problems: • First, passwords must be protected by taking appropriate precautions and storing with their hash values computed through salting or some other complex mechanisms. Hence, for an adversary it must be hard to invert hashes to acquire plaintext passwords. • The second point is that a secure system should detect whether a password file disclosure incident happened or not to take appropriate actions. In this study, we focus on the latter issue and deal with fake passwords or accounts as a simple and cost effective solution to detect compromise of passwords. • Honey pot is one of the methods to identify occurrence of a password database breach. In this approach, the administrator purposely creates deceit user accounts to lure adversaries and detects a password disclosure, if any one of the honey pot passwords get used.
  5. 5. PASSWORDS USUALLY STORED IN HASHED FORM • P = Alice’s password • System stores mapping “Alice” h(P) in database, for a suitable hash function h. • When someone (perhaps Alice) tries to log in as Alice, system computes h(P’) of submitted password P’ • and compares it to h(P). If equal, login is allowed. • Hash function h should be easy to compute, hard to invert. Such ``one- wayness’’ makes a stolen hash not so useful to adversary.
  6. 6. PASSWORD HASHING • To defeat precomputation attack, a per-user ``salt’’ value s is used: system stores mapping “Alice”(s,h(s,P)). Hash h(s,P’) computed for submitted password P’ and compared. • Hashing with salting forces adversary who steals hashes and salts to find passwords by brute-force offline search: adversary repeatedly guesses P’ until a P’ is found such that h(s,P’) = h(s,P) • Also, hashing can be hardened (slowed) in various ways (e.g. bcrypt) • This all seems good, but… • Real passwords are often weak and easily guessed. • Password-hash crackers now use models or sets of real passwords.
  7. 7. "Alice" , P • "Alice": s,h(s,P)• Adversary compromises system ephemerally, steals password hashes • Adversary cracks hash, finding P • Impersonate user(s) and logs in. • Adversary almost always succeeds, and is often undetected. • ADVERSARY
  8. 8. TERMINOLOGY True Password P1 P2 …. Pi=P …. Pn Alice:
  9. 9. TERMINOLOGY Alice: P1 P2 …. Pi=P …. Pn Honey Words (Decoys)
  10. 10. TERMINOLOGY Alice: P1 P2 …. Pi …. Pn Sweet Words Wi
  11. 11. Honey Words Design Two questions: 1. HoneyWords Verification 2. HoneyWords Generation HoneyWords Verification: • The authentication system stores a mapping from Alice to his set of passwords • A “honeychecker” stores the index of the correct password for Alice Alice: P1 P2 …. Pi …. Pn Computer System Alice: (Ci) i Honey Checker
  12. 12. • Alice authenticates by submitting her password P • The computer system checks her password against all those it stores • If a match is found, the index of that match is sent to the honeychecker for verification • If the index is correct, Alice is authenticated. What is i ? • With ideal honeywords, adversary guesses correctly ( j = i ), with probability only 1/n • HoneyWords Verification Alice: P1 P2 …. Pi …. Pn Computer System Alice: i Honey Checker True i
  13. 13. • An attacker will submit a sweetword • The computer system checks the password against all those it stores • If a match is found, the index of that match is sent to the honeychecker for verification • If the index is incorrect, an alarm is raised HoneyWords Verification Alice: Pj = P1 P2 …. Pi …. Pn Computer System Alice: 2=i Honey Checker False 2
  15. 15. • Generation procedures of Honeywords are required to produce a ‘flat’ list denoted by ‘W’ • Legacy-UI procedures: - 1) Chaffing-by-tweaking 2) Chaffing-with-a-password-model • Modified-UI procedure: - Take-a-tail HoneyWords Generation Chaffing-by-tweeking: • the user password seeds the generator algorithm which tweaks selected character positions of the real password to produce the honeywords. • For instance,each character of a user password in predetermined positions is replaced by a randomly chosen character of the same type: digits are replaced by digits, letters by letters, and special characters by special characters. • Number of positions to be tweaked, denoted as t should depend on system policy.
  16. 16. • The generator algorithm takes the password from the user and relying on a probabilistic model of real passwords it produces the Honeywords. • May not depend on user-chosen password • However, attacker might have access to the list of passwords • The password is splitted into character sets. For instance, "mice3blind" is decomposed as 4-letters + 1-digit + 5-letters L4+D1+L5 and replaced with the same composition like "gold5rings". Chaffing-with-a-password model:
  17. 17. MD5 ALGORITHM • The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32- digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. • Steps: • A message digest algorithm is a hash function that takes a bit sequence of any length and produces a bit sequence of a fixed small length. • The output of a message digest is considered as a digital signature of the input data. • MD5 is a message digest algorithm producing 128 bits of data. • It uses constants derived to trigonometric Sine function. • It loops through the original message in blocks of 512 bits, with 4 rounds of operations for each block, and 16 operations in each round. • Most modern programming languages provides MD5 algorithm as built-in functions.
  18. 18. SIMPLE MODEL ALGORITHM FOR HONEYWORDS GENERATION • 1: procedure SIMPLEMODEL(L) • 2: w <--random(L) . // randomly returns a word from L • 3: d <--length(w) . //returns length of word w • 4: honeyword(1) <-- w(1) . //The first character is the just first character of w • 5: for j <-- 2 to d do . //Probabilities of mod1, mod2 and else are 0.1, 0.4 and 0.5 • 6: if mod1 then • 7: w <-- random(L), honeyword(j) <-- w(j) . // Add character in same position of new random word • 8: else if mod2 then • 9: w <--random(L), honeyword(j) <-- w(j) . //Select a random word s.t. w(j-1) = honeyword(j-1) • 10: else • 11: honeyword(j) <-- w(j) . //Proceed with the same word • 12: end if • 13: end for • 14: end procedure
  19. 19. DESIGN APPROACH : 1) Implementation: Firstly, T fake user accounts (honeypots) are created with their passwords. also an index value between [1;N], but not used previously is assigned to each honeypot randomly. 2) Registration: After the initialization process, system is ready for user registration. In this phase, a legacy-UI is preferred, i.e. a username and password are required from the user as ui; pi to register the system. 3) HoneyWord: Incorporate an auxiliary secure server called a “honeychecker” . The role and primary processes of the honeychecker: It executes two commands sent by the main server: i) Set: Ci,Ui ii) Check: Ui; 4) Login: If entered password g is correct then login succesful,, else it will go to fake server which is honeypot account and Alaram is raised.
  20. 20. MODULES: • Client Module • Admin Module Types Of Attacks:
  21. 21. SCREEN SHOTS
  22. 22. SCREEN SHOTS
  23. 23. SCREEN SHOTS
  26. 26. FUTURE ENHANCEMENTS • In the future, we would like to refine our model by involving hybrid generation algorithms to also make the total hash inversion process harder for an adversary in getting the passwords in plaintext form from a leaked password hash file. • In our approach, the auxiliary service honey checker is employed to store correct indexes for each account and we assume that it communicates with the main server through a secure channel in an authenticated manner. • Indeed, it can be assumed that security enhancements for honey checker and the main server presented in are applied, but it is out scope of this study. • The role and primary processes of the honey checker are the same as described in the original study.
  27. 27. CONCLUSION • Eventually, passwords should be supplemented with stronger and more convenient authentication methods • A simple and powerful new line of defense in the security of hashed passwords • Decreases the value of the stolen password hash files • Makes password cracking detectable.
  28. 28. THANK YOU