210 likes | 320 Views
Duress Detection for Authentication Attacks Against Multiple Administrators. Emil Stefanov UC Berkeley emil@cs.berkeley.edu Mikhail Atallah Purdue University mja@cs.purdue.edu. Remedies for Authentication Attacks. Guessing passwords Require strong passwords. Eavesdropping
E N D
Duress Detection for Authentication Attacks AgainstMultiple Administrators Emil Stefanov UC Berkeley emil@cs.berkeley.edu Mikhail Atallah Purdue University mja@cs.purdue.edu
Remedies for Authentication Attacks • Guessing passwords • Require strong passwords. • Eavesdropping • Encrypt traffic (e.g., TSL/SSH). • Man in the middle • Pre-shared secrets, certificate based authentication. • Spyware • Intrusion detection systems / antivirus • Phishing • TSL, web filters. • Shoulder surfing • Common sense. • Physical Coercion • Duress Detection
Physical Coercion • Alice has an account on a server. • To use the server she must log in with her password. • One day, Oscar threatens Alice and demands to know her password.
Duress Signaling • What should Alice do? • Provide the correct password? • Oscar wins. • Refuse to cooperate? • Oscar carries out his threat. • Provide an invalid password? • Oscar tries the password and determines that Alice refused to cooperate. • Provide a duress password? • The attacker logs in but unknowingly signals a silent alarm.
Duress Password • What should it look like? • Let’s review a few possibilities.
Two-Password Schemes • Alice has two passwords: • A correct password • She always uses this one to log in when she is not under duress. • A duress passwords • She gives this one to Oscar during duress. • Advantages? • Simple to explain and implement. • Problems? • Oscar can ask for both passwords Succeeds with probability . • Alice will likely forget her duress password because she never uses it.
N-Password Schemes • Alice has N passwords: • One correct password • She always uses this one to log in when she is not under duress. • N-1 duress passwords • She gives this one to Oscar during duress. • Advantages? • Oscar’s probability of success is smaller: . • Problems? • Alice has to remember passwords, and she never uses of them! This is not practical.
PIN Schemes • Alice has: • A strong password (e.g., “VHz3xK*bL8”) • This must be correct during normal and duress authentications. • A PIN (e.g., “8394”) • Alice uses her PIN for a normal authentication. • She gives Oscar any other PIN during duress. • Advantages? • Less for Alice to remember. • Oscar’s probability of success is low. • Problems? • Recall attack – Oscar can ask her to repeat the PIN later. • Alice might forget the PIN she gave Oscar. • Typos – Easy to mistype a PIN and cause a false alarm.
Our Approach • We split the authentication secret into two: • A strong password – just like usual. • A keyword from a dictionary. • Carefully choose a keyword dictionary. • Specify requirements. • Give an example. • Allows for Alice to be an administrator. • Has access to the password/keyword store. • Can intercept network traffic. • Allows multiple users/administrators. • Alice, Bob, etc.
Single Administrator Scheme • A single administrator (Alice) is being attacked. • Server stores passwords and keywords (hashed & salted). • Incorrect keyword server notifies authorities.
Single Administrator Scheme • Problem: • Oscar gains administrator access. • Oscar can verify the keyword. • Solution: • The server notifies the authorities. • The server overwrites the correct keyword.
Single Administrator Scheme • Not secure for multiple administrators! • Attack: • Alice and Bob are administrators. • Oscar attacks both of them. • Oscar authenticates as one of them and checks the keyword of the other one. • Solution? • Our multiple administrator scheme.
Multiple Administrator Scheme • Oscar attacks Alice. • Alice provides a correct password and an incorrect keyword. • The server receives the credentials.
Multiple Administrator Scheme • Authentication server: • Has purposely “forgotten” the correct keyword. • Creates a privacy-preserving record. • Sends it to the monitoring server.
Multiple Administrator Scheme • Monitoring server: • Checks the authentication record. • If duress notifies monitoring personnel.
Multiple Administrator Scheme • Monitoring personnel: • Notify the authorities. • Similar to existing alarm system companies.
Multiple Administrator Scheme • Key ideas: • The authentication server never knows the correct keyword. • The monitoring server can only decrypt duress authentication records. • Keywords are picked from a carefully selected dictionary (more on this later).
Keyword Dictionary Requirements • Well defined • Implicitly defined by a topic. • Alice can randomly pick a keyword by only memorizing the topic. • Hard to make a typo • Large edit distance between keywords.