research-article

Public Access

Client-CASH: Protecting Master Passwords against Offline Attacks

Authors:

Jeremiah Blocki,

Anirudh SridharAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 165 - 176

https://doi.org/10.1145/2897845.2897876

Published: 30 May 2016 Publication History

Abstract

Offline attacks on passwords are increasingly commonplace and dangerous. An offline adversary is limited only by the amount of computational resources he or she is willing to invest to crack a user's password. The danger is compounded by the existence of authentication servers who fail to adopt proper password storage practices like key-stretching. Password managers can help mitigate these risks by adopting key stretching procedures like hash iteration or memory hard functions to derive site specific passwords from the user's master password on the client-side. While key stretching can reduce the offline adversary's success rate, these procedures also increase computational costs for a legitimate user. Motivated by the observation that most of the password guesses of the offline adversary will be incorrect, we propose a client side cost asymmetric secure hashing scheme (clientcash). clientcash~randomizes the runtime of client-side key stretching procedure in a way that the expected computational cost of our key derivation function is greater when run with an incorrect master password. We make several contributions. First, we show how to introduce randomness into a client-side key stretching algorithms through the use of halting predicates which are selected randomly at the time of account creation. Second, we formalize the problem of finding the optimal running time distribution subject to certain cost constraints for the client and certain security constrains on the halting predicates. Finally, we demonstrate that Client-CASH can reduce the adversary's success rate by up to 21%. These results demonstrate the promise of the Client-CASH mechanism.

References

[1]

R. Biddle, S. Chiasson, and P. van Oorschot. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR), 44(4):19, 2012.

Digital Library

[2]

A. Biryukov, D. Dinu, and D. Khovratovich. Fast and tradeoff-resilient memory-hard functions for cryptocurrencies and password hashing. Cryptology ePrint Archive, Report 2015/430, 2015. http://eprint.iacr.org/.

[3]

J. Blocki, M. Blum, and A. Datta. Naturally rehearsing passwords. In K. Sako and P. Sarkar, editors, Advances in Cryptology - ASIACRYPT 2013, volume 8270 of Lecture Notes in Computer Science, pages 361--380. Springer Berlin Heidelberg, 2013.

[4]

J. Blocki and A. Datta. Cash: A cost asymmetric secure hash algorithm for optimal password protection. CoRR, abs/1509.00239, 2015.

[5]

J. Blocki, S. Komanduri, L. F. Cranor, and A. Datta. Spaced repetition and mnemonics enable recall of multiple strong passwords. In 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8--11, 2014, 2015.

[6]

J. Blocki, S. Komanduri, A. Procaccia, and O. Sheffet. Optimizing password composition policies. In Proceedings of the fourteenth ACM conference on Electronic commerce, pages 105--122. ACM, 2013.

Digital Library

[7]

J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 538--552. IEEE, 2012.

Digital Library

[8]

J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In IEEE Symposium on Security and Privacy, pages 553--567. IEEE, 2012.

Digital Library

[9]

J. Bonneau and S. Preibusch. The password thicket: technical and market failures in human authentication on the web. In Proc. of WEIS, volume 2010, 2010.

[10]

J. Bonneau and S. Schechter. "toward reliable storage of 56-bit keys in human memory". In Proceedings of the 23rd USENIX Security Symposium, August 2014.

Digital Library

[11]

X. Boyen. Halting password puzzles. In Proc. Usenix Security, 2007.

[12]

S. Boztas. Entropies, guessing, and cryptography. Department of Mathematics, Royal Melbourne Institute of Technology, Tech. Rep, 6, 1999.

[13]

J. G. Brainard, A. Juels, B. Kaliski, and M. Szydlo. A new two-server approach for authentication with short secrets. In USENIX Security, volume 3, pages 201--214, 2003.

Digital Library

[14]

S. Brostoff and M. Sasse. Are Passfaces more usable than passwords: A field trial investigation. In People and Computers XIV-Usability or Else: Proceedings of HCI, pages 405--424, 2000.

[15]

J. Camenisch, A. Lysyanskaya, and G. Neven. Practical yet universally composable two-server password-authenticated secret sharing. In Proceedings of the 2012 ACM conference on Computer and Communications Security, pages 525--536. ACM, 2012.

Digital Library

[16]

M. Dürmuth and T. Kranz. On password guessing with gpus and fpgas.

[17]

C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. In Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17--21, 2003, Proceedings, volume 2729 of Lecture Notes in Computer Science, pages 426--444. Springer, 2003.

[18]

C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography, pages 265--284. Springer, 2006.

Digital Library

[19]

C. Dwork and A. Roth. The algorithmic foundations of differential privacy. Theoretical Computer Science, 9(3--4):211--407, 2013.

Digital Library

[20]

D. Florencio and C. Herley. A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web, pages 657--666. ACM, 2007.

Digital Library

[21]

C. Forler, S. Lucks, and J. Wenzel. Catena: A memory-consuming password scrambler. IACR Cryptology ePrint Archive, 2013:525, 2013.

[22]

I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In Proceedings of the 8th conference on USENIX Security Symposium - Volume 8, pages 1--1, Berkeley, CA, USA, 1999. USENIX Association.

Digital Library

[23]

B. Kaliski. Pkcs# 5: Password-based cryptography specification version 2.0. 2000.

[24]

K. Kim, S. Lee, D. Hong, and J.-C. Ryou. Gpu-accelerated password cracking of pdf files. KSII Transactions on Internet and Information Systems (TIIS), 5(11):2235--2253, 2011.

[25]

S. Komanduri, R. Shay, P. Kelley, M. Mazurek, L. Bauer, N. Christin, L. Cranor, and S. Egelman. Of passwords and people: measuring the effect of password-composition policies. In Proceedings of the 2011 annual conference on Human factors in computing systems, pages 2595--2604. ACM, 2011.

Digital Library

[26]

U. Manber. A simple scheme to make passwords based on one-way functions much harder to crack. Computers & Security, 15(2):171--176, 1996.

Digital Library

[27]

J. Massey. Guessing and entropy. In Information Theory, 1994. Proceedings., 1994 IEEE International Symposium on, page 204. IEEE, 1994.

[28]

F. McSherry and K. Talwar. Mechanism design via differential privacy. In Foundations of Computer Science, 2007. FOCS'07. 48th Annual IEEE Symposium on, pages 94--103. IEEE, 2007.

Digital Library

[29]

R. Morris and K. Thompson. Password security: A case history. Communications of the ACM, 22(11):594--597, 1979.

Digital Library

[30]

C. Percival and S. Josefsson. The scrypt password-based key derivation function. 2012.

[31]

J. Pliam. On the incomparability of entropy and marginal guesswork in brute-force attacks. Progress in Cryptology-INDOCRYPT 2000, pages 113--123, 2000.

Digital Library

[32]

N. Provos and D. Mazieres. Bcrypt algorithm.

[33]

D. Reichl. Keepass password safe, 2013. Retrieved July, 10, 2013.

[34]

B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In Usenix security, pages 17--32. Baltimore, MD, USA, 2005.

Digital Library

[35]

R. Shay, P. Kelley, S. Komanduri, M. Mazurek, B. Ur, T. Vidas, L. Bauer, N. Christin, and L. Cranor. Correct horse battery staple: Exploring the usability of system-assigned passphrases. In Proceedings of the Eighth Symposium on Usable Privacy and Security, page 7. ACM, 2012.

Digital Library

Cited By

Zhu YFang YHu XYang R(2024)Design and FPGA Implementation of a Password Management System Utilizing RO PUF2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT61980.2024.10581776(303-307)Online publication date: 29-Mar-2024
https://doi.org/10.1109/AINIT61980.2024.10581776
Hou ZWang D(2023)New Observations on Zipf’s Law in PasswordsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.317618518(517-532)Online publication date: 2023
https://doi.org/10.1109/TIFS.2022.3176185
Mohammadinodoushan MCambou BPhilabaum CHely DBooher D(2019)Implementation of Password Management System Using Ternary Addressable PUF Generator2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)10.1109/SAHCN.2019.8824792(1-8)Online publication date: Jun-2019
https://doi.org/10.1109/SAHCN.2019.8824792
Show More Cited By

Index Terms

Client-CASH: Protecting Master Passwords against Offline Attacks
1. Security and privacy
  1. Cryptography
    1. Symmetric cryptography and hash functions
      1. Hash functions and message authentication codes
  2. Security services
    1. Authentication

Recommendations

The count-min sketch is vulnerable to offline password-guessing attacks

The count-min sketch is used to prevent users from selecting popular passwords so as to increase password-guessing attackers' cost and difficulty. This approach was proposed by Schechter et al. (2010) at USENIX Conference on Hot Topics in Security in ...
Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications
DNS poisoning attacks inject malicious entries into the DNS resolution system, allowing an attacker to redirect clients to malicious servers. These attacks typically target a DNS resolver allowing attackers to poison a DNS entry for all machines that use ...
Provably Secure Untraceable Electronic Cash against Insider Attacks

Although a great deal of research has been done on electronic cash schemes with blind multisignatures to prevent an insider attack, there is no discussion of a formal security model in the literature. Firstly we discussed the security model of e-cash ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation
PNC Center for Financial Services Innovation

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
649
Total Downloads

Downloads (Last 12 months)106
Downloads (Last 6 weeks)18

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhu YFang YHu XYang R(2024)Design and FPGA Implementation of a Password Management System Utilizing RO PUF2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT61980.2024.10581776(303-307)Online publication date: 29-Mar-2024
https://doi.org/10.1109/AINIT61980.2024.10581776
Hou ZWang D(2023)New Observations on Zipf’s Law in PasswordsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.317618518(517-532)Online publication date: 2023
https://doi.org/10.1109/TIFS.2022.3176185
Mohammadinodoushan MCambou BPhilabaum CHely DBooher D(2019)Implementation of Password Management System Using Ternary Addressable PUF Generator2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)10.1109/SAHCN.2019.8824792(1-8)Online publication date: Jun-2019
https://doi.org/10.1109/SAHCN.2019.8824792
Zeidler CAsghar M(2018)AuthStore: Password-Based Authentication and Encrypted Data Storage in Untrusted Environments2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2018.00140(996-1001)Online publication date: Aug-2018
https://doi.org/10.1109/TrustCom/BigDataSE.2018.00140
Blocki JDatta A(2016)CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection2016 IEEE 29th Computer Security Foundations Symposium (CSF)10.1109/CSF.2016.33(371-386)Online publication date: Jun-2016
https://doi.org/10.1109/CSF.2016.33

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten