Securing Passwords against Dictionary Attacks.ppt

Securing Passwords against Dictionary Attacks Benny Pinkas, Tomas Sander HP Labs (most work done at STAR Lab, Intertrust) In this talk Online dictionary attacks against passwords Current countermeasures are insufficient and introduce risks A solution using Reverse Turing Tests Prevent online dictionary attacks, while preserving the advantages of using passwords (low costs, portability, user friendliness…) Motivation Passwords are the most common authentication method They are inherently insecure How can a password based authentication system be secured against online dictionary attacks? Previous suggestions: securing passwords against online attacks Enterprise: hardware tokens. (Cost? Usability?) Server defined passwords. (Usability?) Consumer: Key stroke timing [Bell Labs] (Reliability?) Graphical passwords [Microsoft, Berkeley] (Usability?) None of these methods is as popular as plain passwords Reverse Turing Test (RTT) Properties of Reverse Turing Tests (RTT, Captcha, ATT) Automated generation and verification. Easy for humans. Hard for computer programs. Small probability of guessing the answer (I.e. not a yes/no answer). Simple method Properties Securitya: Each password guess requires an RTT. Hard to guess RTT answer. Password space of size N requires adversary to answer N RTTs Usability: User’s experience is more annoying Scalability: server must generate many RTTs (one per login attempt). Improved Authentication Method Each user typically uses a limited set of computers. Dictionary attacks originate from other computers. Servers can identify machines (e.g. using cookies or ip addresses). Improved Authentication Method If password is correct: Cookie indicates previous successful login to same account? Yes No Properties Usabilitya- user has to answer RTT In the first login from a new computer If entered wrong password Scalabilitya: Server generates RTTs only for 10% of incorrect login attempts. Security User must receive identical feedback if, (id,pwd