how to not share a password
play

How to (not) Share a Password: Privacy preserving protocols for - PowerPoint PPT Presentation

Dec 06, 2022 •143 likes •747 views

How to (not) Share a Password: Privacy preserving protocols for finding heavy vy hit itters with adversarial behavior Moni Naor Benny Pinkas Eyal Ronen Passwords First modern use in MIT's CTSS (1961) Passwords First

  1. How to (not) Share a Password: Privacy preserving protocols for finding heavy vy hit itters with adversarial behavior Moni Naor Benny Pinkas Eyal Ronen

  2. Passwords • First “ modern ” use in MIT's CTSS (1961)

  3. Passwords • First “ modern ” use in MIT's CTSS (1961) • “ Passwords are dead ” ?

  4. Passwords • First “ modern ” use in MIT's CTSS (1961) • “ Passwords are dead ” ? • User tend to choose passwords with low min – entropy • Easy to guess

  5. Compromise a User, Attack the Eco System • Bad passwords do not only compromise the users

  6. Compromise a User, Attack the Eco System • Bad passwords do not only compromise the users • Weak and popular passwords can be used for large scale attacks

  7. Compromise a User, Attack the Eco System • Bad passwords do not only compromise the users • Weak and popular passwords can be used for large scale attacks • E.g. the Mirai attack • Easy to find IoT devices with Shodan like search engines • Unique weak passwords might be ok, popular passwords are bad

  8. Compromise a User, Attack the Eco System • Bad passwords do not only compromise the users • Weak and popular passwords can be used for large scale attacks • E.g. the Mirai attack • Easy to find IoT devices with Shodan like search engines • Unique weak passwords might be ok, popular passwords are bad • Service provider liability?

  9. California Guideline for IoT • “ Security of Connected Devices ” signed in California Law October 2018 As of 2020 manufacturers required to either include : • "a preprogrammed password unique to each device manufactured" or • "a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time. “

  10. California Guideline for IoT • “ Security of Connected Devices ” signed in California Law October 2018 As of 2020 manufacturers required to either include : • "a preprogrammed password unique to each device manufactured" or • "a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time. “ Force users to change passwords, but to what?

  11. Possible Solutions • It is hard to even decide the ideal guidelines for passwords

  12. Possible Solutions

  13. Possible Solutions • Two factor authentication (2FA)

  14. Possible Solutions • Two factor authentication (2FA)

  15. Possible Solutions • Two factor authentication (2FA) • Server saves a list of all users ’ passwords and blacklists the popular passwords

  16. Possible Solutions • Two factor authentication (2FA) • Server saves a list of all users ’ passwords and blacklists the popular passwords • Put users ’ passwords at risk: new single point of failure

  17. Possible Solutions • Two factor authentication (2FA) • Server saves a list of all users ’ passwords and blacklists the popular passwords • Put users ’ passwords at risk: new single point of failure • Blacklisting known popular passwords • From previous breaches • Known lists of popular passwords

  18. Passwords Distribution Over Time

  19. Passwords Distribution Over Time • password -> passw0rd -> p@assw0rd->password

  20. Passwords Distribution Over Time • password -> passw0rd -> p@assw0rd->password • superman -> wonderwoman

  21. Passwords Distribution Over Time • password -> passw0rd -> p@assw0rd->password • superman -> wonderwoman • Different populations

  22. Passwords Distribution Over Time • password -> passw0rd -> p@assw0rd->password • superman -> wonderwoman • Different populations

  23. Primum Non Nocere First do (almost) no harm

  24. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers

  25. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers • Attacker can use auxiliary data to guess password distribution

  26. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers • Attacker can use auxiliary data to guess password distribution • Publishing the blacklist is like publishing a code vulnerability

  27. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers • Attacker can use auxiliary data to guess password distribution • Publishing the blacklist is like publishing a code vulnerability • Leaking password information can hurt the user

  28. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers • Attacker can use auxiliary data to guess password distribution • Publishing the blacklist is like publishing a code vulnerability • Leaking password information can hurt the user • Gathering statistics requires some password information

  29. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers • Attacker can use auxiliary data to guess password distribution • Publishing the blacklist is like publishing a code vulnerability • Leaking password information can hurt the user • Gathering statistics requires some password information • One bit leakage doesn ’ t hurt the user a lot (next slide)

  30. Primum Non Nocere First do (almost) no harm • Publishing passwords blacklist can also help attackers • Attacker can use auxiliary data to guess password distribution • Publishing the blacklist is like publishing a code vulnerability • Leaking password information can hurt the user • Gathering statistics requires some password information • One bit leakage doesn ’ t hurt the user a lot (next slide) • Differential privacy can also help

  31. The Password Game • PGame(L): Attacker A wants to attack device D • Publishes a list with L guesses for passwords • Wins if the password of D is in the list • Effect of one bit leakage on password: • If A wins PGame(L) w.p at least 𝜀 using a 1 bit leak implies • There is A ’ that wins PGame(2L) w.p 𝜀 without a leak • 𝜗 -Differential Privacy • If A wins PGame(L) w.p at least 𝜀 using 𝜗 -DP information then • There is A ’ wins PGame(L) w.p at least 𝜀 ⋅ 𝑓 −𝜗 without a leak

  32. How to (not) Share a Password: Desiderata • Identify and blacklist popular passwords (heavy hitters) • Those chosen by more than a fraction τ of the users • Server should not learn ``more than 1 bit ” on any user ’ s password • This (at most) halves the number of password guesses • Probability of False Negatives (pFN) must be negligible • No popular password is missed • Probability of False Positives (pFP) should be small • A legitimate password may be rejected with low probability • Most legit passwords OK

  33. Previous Work • Finding heavy hitters in many settings - [DNP+10,DNPR10,CSS11,CLSX12, HKR12,DNRR15] • Semi-honest version [BS15,BNST17] • Non colluding mix servers – [MS17] • DP password list with trusted server – [BDB16] • Similar motivation, no DP – [SHM10] Why is this work different from all the other works?

  34. The Malicious World • Both users and server might be malicious • A malicious server wants to learn the passwords • Malicious users want to “ hide ” popular passwords • Adversary controls a coalition of users • Want to hide weak passwords of other users

  35. MPC Meets DP DP in the Mali licious World Security requirements in the protocol are asymmetric : • Relatively easy to protect users ’ privacy from server • Harder to protect against colluding malicious users • E.g. how we can prevent cheating in randomized response • Use efficient 2PC protocol tailored to the system ’ s correctness requirements

  36. Correctness • Password used by at least a 1 + 𝜀 𝜐 fraction of the users: identified as a heavy hitter w.p at least (1-pFN) • Even at the presence of malicious user coalition • Password used by at most a 1 − 𝜀 𝜐 fraction of the users: identified as a heavy hitter w.p at most pFP

  37. Creating the Hash Black List • Password used by at least a 1 + 𝜀 𝜐 fraction of the users: identified as a heavy hitter w.p at least (1-pFN) • Even at the presence of malicious user coalition • Password used by at most a 1 − 𝜀 𝜐 fraction of the users: identified as a heavy hitter w.p at most pFP

  38. Bassily, Nissim, Stemmer, The Semi Honest Solution Thakurta • Similar to the heavy hitters solution of [BNSTS17] • Hash the passwords to l bits values • “ Naïve ” hash function • We identify popular hash values • Ban all passwords hashed to these values • May have a small chance of collisions • Server initializes to zero a counter histogram T of size 2 l

  39. The Semi-Honest Protocol • For every user: random 𝑠 ∈ 0,1 l Server User 𝑤 = 〈𝐼 𝑞𝑏𝑡𝑡 , 𝑠〉 • Server iterates over all possible value of 𝑦 ∈ 0,1 l • If 𝑤 = 𝑦, 𝑠 : 𝑈 𝑦 += 1 • Else: 𝑈 𝑦 −= 1

  40. The Semi-Honest Protocol

  41. The Semi-Honest Protocol

  42. The Semi-Honest Protocol

  43. The Semi-Honest Protocol

  44. The Semi-Honest Protocol

  45. The Semi-Honest Protocol

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

i PC x 0.5K 2 f d Z i 2 PCX X 2 o s PIX 8 4 x 2 properties of Polynomials zero

i PC x 0.5K 2 f d Z i 2 PCX X 2 o s PIX 8 4 x 2 properties of Polynomials zero

CS 70 July 8,2020 of the day go Question a gift someone gives to Yining Khalidand Amin a locked chest with The gift is a long Password in How should some information about the we share such that with the instructors least two at Password of

300 views • 14 slides
Authentication Scenarios 2. Users share a password with a trusted authority (authentication

Authentication Scenarios 2. Users share a password with a trusted authority (authentication

Authentication Scenarios 2. Users share a password with a trusted authority (authentication servers) Kerberos Challenge-response Symm.Key What do we learn from previous attacks? Timestamps: are valid only in a small time window

334 views • 22 slides
Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides
Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides
LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your Master Key When you forget a password, they send a reset link to your email. Anyone with access to your email has the power to reset your other

549 views • 31 slides
Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides
Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was created, CHANGE IT NOW! (It can be the same as your email password.) Day 3 Steps in compiling: (Optional preprocessing) Lexical analysis

483 views • 17 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

11/17/09 1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm pretty sure it doesn't work. 3 3 11/17/09 - basic outline -problems with password usability and security -how various graphical

1.55k views • 86 slides
PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory Masters Students The Center for Education and Research in Information Assurance and Security CURRENT STATUS Problem Statement Stringent

286 views • 15 slides
A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks Bauhaus-Universitt Weimar www.webis.de NDSS 2017, February 27 th 2017 Mnemonic Password Creation Password: Show password Random

684 views • 17 slides
Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is

Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is

Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is weak authentication mechanism. Use Brute Force to find the password. We are using Hashing and Salt to protect the password. Passwords: Two factors

559 views • 51 slides
The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The

The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The

The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The University of Chicago Maximilian Golla, Ruhr University Bochum Blase Ur, The University of Chicago Baltimore, USA | August 12, 2018

474 views • 25 slides
CDW Corporation Webcast Conference Call August 5, 2020 CDW.com | 800.800.4239 Disclaimers

CDW Corporation Webcast Conference Call August 5, 2020 CDW.com | 800.800.4239 Disclaimers

CDW Corporation Webcast Conference Call August 5, 2020 CDW.com | 800.800.4239 Disclaimers Forward-Looking Statements Statements in this presentation that are not statements of historical fact are forward-looking statements within the meaning

523 views • 28 slides
We reviewed properties of the SVD. Currently no slides for this part of the lecture. We also saw

We reviewed properties of the SVD. Currently no slides for this part of the lecture. We also saw

We reviewed properties of the SVD. Currently no slides for this part of the lecture. We also saw Kaileighs presentation on an application of principal components analysis to a problem in population genetics. Her slides come next. Principal

312 views • 9 slides
Producing slides with L A T EX2 Frank Mittelbach 2020/02/20 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2020/02/20 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2020/02/20 1 Introduction With L A T EX 2 it is now no longer necessary to maintain a special format for producing overhead slides. Instead the standard format may be used and internally

492 views • 36 slides
Uploading Your PowerPoint Slides Navigate to Your Profile to Find Your Tasks List

Uploading Your PowerPoint Slides Navigate to Your Profile to Find Your Tasks List

SVS ONLINE Uploading Slides and Recording Audio Before You Begin SVS staff are ready to assist or answer questions. education@vascularsociety.org You must include a disclosure slide as the second slide in your slide deck. If you have

307 views • 5 slides
no- more PowerPoint Examples: Notes To Slides no- more | Nytorv 3. 1 st floor, 1450 Kbenhavn

no- more PowerPoint Examples: Notes To Slides no- more | Nytorv 3. 1 st floor, 1450 Kbenhavn

no- more no- more PowerPoint Examples: Notes To Slides no- more | Nytorv 3. 1 st floor, 1450 Kbenhavn K, Denmark | CVR: 37549223 | E: info@no-more.dk | +45 78 76 25 00 | www.no-more.dk NoMore ApS Introduction The main focus

590 views • 38 slides
No Training Hurdles: Fast Training- Agnostic Attacks to Infer Your Typing Song Fang * , Ian

No Training Hurdles: Fast Training- Agnostic Attacks to Infer Your Typing Song Fang * , Ian

No Training Hurdles: Fast Training- Agnostic Attacks to Infer Your Typing Song Fang * , Ian Markwood , Yao Liu , Shangqing Zhao , Zhuo Lu , Haojin Zhu * University of Oklahoma University of South Florida Shanghai

559 views • 37 slides
NO X AND NO Y IN THE TROPICAL MARINE BOUNDARY LAYER AT CAPE VERDE C . R E E D , J . D . L E E ,

NO X AND NO Y IN THE TROPICAL MARINE BOUNDARY LAYER AT CAPE VERDE C . R E E D , J . D . L E E ,

NO X AND NO Y IN THE TROPICAL MARINE BOUNDARY LAYER AT CAPE VERDE C . R E E D , J . D . L E E , L . J . C A R P E N T E R , K . R E A D A N D L . N . M E N D E S W O L F S O N AT M O S P H E R I C C H E M I S T R Y L A B O R A T O R I

493 views • 26 slides
Just Say NO to Paxos Overhead: Replacing Consensus with Network Ordering Jialin Li , Ellis

Just Say NO to Paxos Overhead: Replacing Consensus with Network Ordering Jialin Li , Ellis

Just Say NO to Paxos Overhead: Replacing Consensus with Network Ordering Jialin Li , Ellis Michael, Naveen Kr. Sharma, Adriana Szekeres, Dan R. K. Ports Server failures are the common case in data centers Server failures are the common case

836 views • 66 slides

More recommend