A Convenient Method for Securely Managing Passwords J

  • Slides: 17
Download presentation
A Convenient Method for Securely Managing Passwords J. Alex Halderman Brent Waters Edward W.

A Convenient Method for Securely Managing Passwords J. Alex Halderman Brent Waters Edward W. Felten Princeton Stanford Princeton jhalderm@princeton. edu J. Alex Halderman

****ing Passwords! • Web site password overload Generating, keeping secret, and recalling passwords for

****ing Passwords! • Web site password overload Generating, keeping secret, and recalling passwords for scores of sites • Leads to insecure coping techniques – Writing passwords down – Reusing same passwords • Difficult to enforce better behavior We need to make password security easy 2 J. Alex Halderman

In This Talk 1. Approaches to password management 2. Our construction and its security

In This Talk 1. Approaches to password management 2. Our construction and its security 3. Comparison with other techniques 4. Demonstration of our implementation 5. Future work and conclusions 3 J. Alex Halderman

Approaches to Password Mgmt • Local encrypted storage e. g. , Password Safe (1998)

Approaches to Password Mgmt • Local encrypted storage e. g. , Password Safe (1998) – Cumbersome to access from multiple locations • Centralized remote authentication e. g. , Microsoft Passport (1999) – Needs server-side changes, trusted third party • Cryptographic password generation e. g. , LPWA (1997), Pwd. Hash (2004), our scheme (2004) 4 J. Alex Halderman

Password Generators Master Password “amazon. com” Hash() “wrb. Pzdq. S” Use as your Amazon

Password Generators Master Password “amazon. com” Hash() “wrb. Pzdq. S” Use as your Amazon password • E. g. : LPWA, Pwd. Hash • Client software derives individual site passwords using deterministic one-way function • Users sets all site passwords to function output • Only need to remember master password to recreate all site passwords—highly transportable A simple idea, but hard to get right! 5 J. Alex Halderman

Stealing the Master Password t” Password Guess “yahoo. com” “lassie” “rover” “spot” “fido” o

Stealing the Master Password t” Password Guess “yahoo. com” “lassie” “rover” “spot” “fido” o “sp Hash() “RWws. Yl. Ti” “H 2 Veus. Sq” “CJPZf. AKx” “LZIni. BNd” == =? “LZIni. BNd” Adversary learns password from low-security site Dictionary attack to learn master password amazon. com wrb. Pzdq. S gmail. com ob. IDmogl citibank. com s. X 4 r. Ll. O 1 Can access all other password-managed sites Easy to execute because scheme use fast hashes 6 J. Alex Halderman

Thwarting Brute Force Attacks attack cost = ½ × dictionary size × cost per

Thwarting Brute Force Attacks attack cost = ½ × dictionary size × cost per guess • Hard to increase dictionary size User habits hard to change, limits on human memory • Increase cost per guess by using slower hash – Used elsewhere to protect password verification routines (UNIX crypt) – Our approach: iterated hash • Security vs. usability tradeoff User has to wait too! — Cache intermediate results 7 J. Alex Halderman

Initialization Phase Our Construction Master password User identity “My. D 06 Re. X” “jhalderm@princeton.

Initialization Phase Our Construction Master password User identity “My. D 06 Re. X” “jhalderm@princeton. edu” Hk 1() Generation Phase Local Cache Master password (again) Hk 2() J. Alex Halderman Target site “amazon. com” Mapping “wrb 8 zdq. S” 8 (k 1 >> k 2) User’s site password for “amazon. com”

Security Analysis Four attack scenarios: ? ? ? 1. 2. 3. 4. No information

Security Analysis Four attack scenarios: ? ? ? 1. 2. 3. 4. No information Stolen site password Stolen cache data Stolen cache + site password Primary concern is offline attacks. 9 J. Alex Halderman Increasing external difficulty

Security of Our Scheme Attack scenario Hashes/ Time/ guess 1. No information N/A 2.

Security of Our Scheme Attack scenario Hashes/ Time/ guess 1. No information N/A 2. Stolen site password k 1+k 2 100. 1 s 3. Stolen cache data k 1 100 s 4. Stolen cache + site password k 2 0. 1 s 10 J. Alex Halderman

Relative Attack Resistance Estimated time to test 100, 000 guesses Scheme Stolen password Stolen

Relative Attack Resistance Estimated time to test 100, 000 guesses Scheme Stolen password Stolen data Stolen pw and data Password Safe N/A 74. 6 secs LPWA 0. 5 secs N/A Pwd. Hash 0. 1 secs N/A Our Scheme 116 days 2. 8 hours 11 J. Alex Halderman

Equally Secure Password Length ***** **** 12 J. Alex Halderman

Equally Secure Password Length ***** **** 12 J. Alex Halderman

Password Multiplier • Extension for Mozilla Firefox Windows, Mac OS X, and Linux •

Password Multiplier • Extension for Mozilla Firefox Windows, Mac OS X, and Linux • Tightly integrated with browser Double-click any password field to fill in • Balanced security and convenience – Initialization — 108 iterations, ~100 seconds (Only once per installation) – Password generation — 105 iterations, ~0. 1 secs (Before every password operation) 13 J. Alex Halderman

Password Multiplier — Demo 14 J. Alex Halderman

Password Multiplier — Demo 14 J. Alex Halderman

Future Improvements • Flexible password formatting Cope with sites that require numbers, punctuation, special

Future Improvements • Flexible password formatting Cope with sites that require numbers, punctuation, special patterns • Easier password changes Manually and at regular intervals • Improved anti-spoofing Adopt techniques from Pwd. Hash • Port to Internet Explorer, others 15 J. Alex Halderman Require additional “state”

Summary — Our scheme: • Is limited to passwords that… – The user can

Summary — Our scheme: • Is limited to passwords that… – The user can select – Are alphanumeric – Change infrequently – Don’t need to be accessed from locations where our software is unavailable 16 J. Alex Halderman

Summary — Our scheme: • Has the advantages that it… – Asks users to

Summary — Our scheme: • Has the advantages that it… – Asks users to remember only one short password – Requires no server-side changes – Does not require trusting a third-party service – Is nearly as secure as independent random pwds – Is likely much more secure than what you do now – Is practical, available today, and free http: //www. cs. princeton. edu/~jhalderm/projects/password/ 17 J. Alex Halderman

Passwords Passwords What are Passwords Passwords are keysPasswords Passwords What are Passwords Passwords are keys
Running Azure SQL DBs Securely Running Azure SecurelyRunning Azure SQL DBs Securely Running Azure Securely
Convenient Dependable Secure CDSL Welcomes Convenient Dependable SecureConvenient Dependable Secure CDSL Welcomes Convenient Dependable Secure
Convenient Care Association Will the Convenient Care IndustryConvenient Care Association Will the Convenient Care Industry
Convenient Decentralized Authentication using Passwords Tim van derConvenient Decentralized Authentication using Passwords Tim van der
Resetting Passwords Quick Reference Guide Resetting Passwords andResetting Passwords Quick Reference Guide Resetting Passwords and
Passwords Why all the bother Why passwords TheyPasswords Why all the bother Why passwords They
Internet Security Passwords What Are Passwords September 2008Internet Security Passwords What Are Passwords September 2008
Securely Managing VMS from a Windows Environment 1Securely Managing VMS from a Windows Environment 1
Securely Managing VMS from a Windows Environment ShoshanaSecurely Managing VMS from a Windows Environment Shoshana
Can help you compare data A convenient methodCan help you compare data A convenient method
The MOLE Chemists need a convenient method forThe MOLE Chemists need a convenient method for
I Measuring Matter Chemists need a convenient methodI Measuring Matter Chemists need a convenient method
FT dating a convenient radiometric dating method forFT dating a convenient radiometric dating method for
A convenient offline method for detecting electrolyte bridgesA convenient offline method for detecting electrolyte bridges
Managing Passwords in the SAS System Allen MaloneManaging Passwords in the SAS System Allen Malone