Honeywords Making Password-Cracking Detectable By Ari Juels and - PowerPoint PPT Presentation

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Höllwirth

Setting Password Attacks • Passwords are a notoriously weak authentication mechanism • One significant attack scenario: stolen files of password hashes • Can be used to find password that corresponds to stored hash value offline by brute-force search

Setting Examples Hashed passwords of Evernote‘s 6 million hashed user passwords 50 million users stolen in 2013 stolen from LinkedIn in 2012

Setting Common Defense Approaches • Make password hashing more complex and time-consuming • “Salting”: Adding random digits to each hashed value • Example: Hashing passwords with complex cryptographic functions, salting them and then hashing the result again • However, also slows down authentication process for legitimate users • Set up fake user accounts (“honeypot accounts”) • Trap set to detect unauthorized use of information systems • However, does not detect attack on legitimate user accounts

Honeywords • Create additional “honeyword” passwords • Store the honeywords with the real passwords in a hash file • Incorporate an auxiliary secure server called a “honeychecker” • When a login is attempted, the main server verifies the request with the honeychecker

Honeywords A User Login Login Attempt User: Bob Password: RealPassword Honeychecker Main Server User Password Users Check Bob HoneywordA Alice 1 Check( 3 ) Bob HoneywordB James 5 Bob RealPassword Nick 5 Bob HoneywordC Bob 3 Bob HoneywordD Emily 4

Honeywords Malicious Login Login Attempt User: Bob Password: HoneywordA Honeychecker Main Server User Password Users Check Bob HoneywordA Alice 1 Check( 1 ) Bob HoneywordB James 5 Bob RealPassword Nick 5 Bob HoneywordC Bob 3 Bob HoneywordD Emily 4

Honeywords Design Principles • Distributed Security • No Additional Risk • Simplicity • Flexibility

Honeyword Generation Overview • Problem setting: make the user-chosen password undistinguishable from generated honeywords • Two classes of approaches split according to whether there is an impact on user interface (UI) • Legacy-UI: password-change UI is unchanged – user chooses real password • Modified-UI: password-change UI is modified to allow for a better honeyword generation

Honeyword Generation Legacy-UI Password Changes - Chaffing by Tweaking • “Tweak” selected character positions of the password to obtain the honeywords • For each selected position the character of the real password is replaced by a randomly-chosen character of the same type • Alternatives • Chaffing-by-tail-tweaking: tweak last t positions of password • Chaffing-by-tweaking-digits: tweak last t positions containing digits Example where t = 4 BG+ 1 a 745 -> BG+7a 305 BG+2a 177 BG+9a 587 BG+0a 602

Honeyword Generation Legacy-UI Password Changes – Chaffing-with-a-Password Model • Chooses honeywords from a given list of thousands/millions of passwords • Uses probabilistic model of real passwords • May not depend on user-chosen password • However, attacker might have access to the list of passwords Example mice3blind -> gold5rings name8honey flat7sorts

Honeyword Generation Modified-UI Password Changes – “take-a-tail” Method • Request password from user and then modify it with a randomized tail Generated honeywords: myPassword798 Propose a password: myPassword myPassword982 Append “413” to password. myPassword113 Enter new password: myPassword413 myPassword056 myPassword935 myPassword664

Honeyword Generation Hybrid Generation Methods • Combining several methods can result in better honeywords • Combine both legacy-UI techniques: • Require the user to use digits at the end of the password • Chaffing-with-a-password to generate new random words • Chaffing-by-tweaking-digits on all words abacad513 snurfle672 zinja897 abacad941 snurfle134 zinja320 abacad004 snurfle845 zinja461 abacad752 snurfle772 zinja389

Policy Choices Detected Password-Cracking • Honeyword entered – possible actions • Setting off an alarm or notifying a system adminstrator • Letting login proceed as usual • Letting the login proceed, but on a honeypot system • Tracing the source of the login carefully • Shutting down that user‘s account or the computer system • Per-user policies • Use honeypot accounts • Selective alarms: different policies across user population

Policy Choices More to Consider • Password eligibility • Require certain password syntax • Check for/disallow dictionary words, password re-use, most common and popular passwords • Failover mode • Logins can proceed if honeychecker becomes unreachable to prevent denial- of-service attacks • Honeywords are temporarily promoted to become acceptable passwords

Attack Scenarios Attacking the Honeychecker • All communication between honeychecker and main system needs to be authenticated • If an adversary takes down the honeychecker, the system will enter a failover state • Only, a small increase in password guessability • Requests to the honeychecker can be stored and sent when the honeychecker becomes available again

Attack Scenarios Likelihood Attack • The attacker can try to determine which passwords are honeywords • “NewtonSaid:F=ma” is likely a user generated password • Advise users to pick passwords that will will be similar to honeywords • The generator can be given a private list of passwords that look user generated and occasionally include them • The use of “tough nuts” that cannot be cracked makes it harder for the attacker to know for sure that the user generated password has been found

Attack Scenarios Denial-of-Service • An attacker can try to fake an attack • The attacker knows a single user password “kerfluffle346” • Sends a large number of requests • kerfluffle467, kerfluffle972, kerfluffle672, kerfluffle019, kerfluffle735, kerfluffle892, kerfluffle200, kerfluffle651, kerfluffle875, kerfluffle023 • Only use a small percentage of possible honeywords • The DoS attack will be recognizable from real attacks

Attack Scenarios Effect on Common Attack Scenarios • Against general password guessing, honeywords have no effect • Using targeted password guessing, the attacker may subvert the effectiveness of honeywords • Attacks on multiple systems • Modified UI techniques will provide users with different passwords • Legacy UI techniques have a chance of randomly generating the same honeyword on two different systems

Conclusion • Eventually, passwords should be supplemented with stronger and more convenient authentication methods • A simple and powerful new line of defence in the security of hashed passwords • Decreases the value of the stolen password hash files • Makes password cracking detectable