Upload
claire-mason
View
216
Download
1
Embed Size (px)
Citation preview
Duress Detection for Authentication Attacks
AgainstMultiple Administrators
Emil StefanovUC Berkeley
uMikhail Atallah
Purdue [email protected]
Remedies for Authentication Attacks• Guessing
passwordso Require strong
passwords.
• Eavesdroppingo Encrypt traffic
(e.g., TSL/SSH).
• Man in the middleo Pre-shared secrets,
certificate based authentication.
• Spywareo Intrusion
detection systems / antivirus
• Phishingo TSL, web filters.
• Shoulder surfingo Common sense.
• Physical Coerciono Duress Detection
Physical Coercion
• Alice has an account on a server.
• To use the server she must log in with her password.
• One day, Oscar threatens Alice and demands to know her password.
Duress Signaling• What should Alice do?
o Provide the correct password?• Oscar wins.
o Refuse to cooperate?• Oscar carries out his threat.
o Provide an invalid password?• Oscar tries the password and determines that Alice refused to cooperate.
o Provide a duress password?• The attacker logs in but unknowingly signals a silent alarm.
Two-Password Schemes
• Alice has two passwords:o A correct password
• She always uses this one to log in when she is not under duress.
o A duress passwords• She gives this one to Oscar during duress.
• Advantages?o Simple to explain and implement.
• Problems?o Oscar can ask for both passwords Succeeds with
probability .o Alice will likely forget her duress password because
she never uses it.
N-Password Schemes• Alice has N passwords:
o One correct password• She always uses this one to log in when she is
not under duress.o N-1 duress passwords
• She gives this one to Oscar during duress.
• Advantages?o Oscar’s probability of success is smaller: .
• Problems?o Alice has to remember passwords, and she never
uses of them! This is not practical.
PIN Schemes• Alice has:
o A strong password (e.g., “VHz3xK*bL8”)• This must be correct during normal and duress
authentications.o A PIN (e.g., “8394”)
• Alice uses her PIN for a normal authentication.• She gives Oscar any other PIN during duress.
• Advantages?o Less for Alice to remember.o Oscar’s probability of success is low.
• Problems?o Recall attack – Oscar can ask her to repeat the PIN later.
• Alice might forget the PIN she gave Oscar.o Typos – Easy to mistype a PIN and cause a false alarm.
Our Approach• We split the authentication secret into two:
o A strong password – just like usual.o A keyword from a dictionary.
• Carefully choose a keyword dictionary.o Specify requirements.o Give an example.
• Allows for Alice to be an administrator.o Has access to the password/keyword store.o Can intercept network traffic.
• Allows multiple users/administrators.o Alice, Bob, etc.
Single Administrator Scheme
• A single administrator (Alice) is being attacked.
• Server stores passwords and keywords (hashed & salted).
• Incorrect keyword server notifies authorities.
Single Administrator Scheme
• Problem:oOscar gains administrator access.oOscar can verify the keyword.
• Solution:1. The server notifies the authorities.2. The server overwrites the correct
keyword.
Single Administrator Scheme
• Not secure for multiple administrators!
• Attack:• Alice and Bob are administrators.• Oscar attacks both of them.• Oscar authenticates as one of them
and checks the keyword of the other one.
o Solution?• Our multiple administrator scheme.
Multiple Administrator Scheme
• Oscar attacks Alice.• Alice provides a correct password and
an incorrect keyword.• The server receives the credentials.
Multiple Administrator Scheme
• Authentication server:o Has purposely “forgotten” the correct
keyword.o Creates a privacy-preserving record.o Sends it to the monitoring server.
Multiple Administrator Scheme
• Monitoring server:o Checks the authentication record.o If duress notifies monitoring personnel.
Multiple Administrator Scheme
• Monitoring personnel:o Notify the authorities.
• Similar to existing alarm system companies.
• Key ideas:oThe authentication server never
knows the correct keyword.oThe monitoring server can only
decrypt duress authentication records.
oKeywords are picked from a carefully selected dictionary (more on this later).
Multiple Administrator Scheme
Keyword Dictionary Requirements
• Well definedo Implicitly defined by a topic.oAlice can randomly pick a keyword
by only memorizing the topic.
• Hard to make a typoo Large edit distance between
keywords.
Keyword Dictionary Example: U.S. States
# Keyword Closest Keyword Edit Distance
1 arkansas kansas 22 kansas arkansas 23 northcarolina southcarolina 24 northdakota southdakota 25 southcarolina northcarolina 26 southdakota northdakota 27 alabama Alaska 3
…45 rhodeisland louisiana 646 washington michigan 647 newhampshire newmexico 748 connecticut kentucky 849 pennsylvania indiana 850 massachusetts arkansas 9