1 / 25

Password Authentication

Improving Usability Through Password-Corrective Hashing Andrew Mehler www.cs.sunysb.edu/~mehler Steven Skiena www.cs.sunysb.edu/~skiena Stony Brook University 13 October 2006. =?. Password Authentication. User Entry:. Password Registry. mehler1979. mehler1979. =?. Password Authentication.

viveca
Download Presentation

Password Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Improving Usability Through Password-Corrective HashingAndrew Mehlerwww.cs.sunysb.edu/~mehlerSteven Skienawww.cs.sunysb.edu/~skienaStony Brook University13 October 2006

  2. =? Password Authentication User Entry: Password Registry mehler1979 mehler1979

  3. =? Password Authentication Users Not Perfect! User Entry Password Registry mehler1997 mehler1979 • Enter wrong password • Can’t remember • Data Entry error (every 30 keystrokes)

  4. Should passwords with entry errors be accepted? • Increase Usability. • Accept ‘close enough’ strings, little loss of security. • User will choose stronger passwords. • User won’t write down password. Idea: We accept Passwords that differ by a single error (substitution or transposition). Transposition: student -> studnet Substitution: student -> studint PROBLEM: How to implement this?

  5. =? Solution 1: Repeated Login For an entered password, simulate login with all possible passwords differing by a single transposition or substitution. aba baa aab abb … User Entry ‘aba’ PROBLEMS Requires n-1 attempts for transpositions Requires n*m attempts for substitutions

  6. =? Solution 2: Check Equivalence For an entered password, compare it to the password on file not just for equality, but if it differs by a transposition/substitution. sub? trans? Password Registry User Entry PROBLEMS • Password Registry not plain text! • Cant do transpositions/substitutions on • encrypted passwords. • Equality is really encrypted equality.

  7. =? Solution 3: Store All Variants For each user, store in the encrypted file, their password, and all acceptable variations. aba `aba` baa aab Password Registry User Entry PROBLEMS • Registry file will be large. • Malicious decryption easier.

  8. =? Our Solution: Corrective Hashing Reduce password space by a correcting hash function. Meh Meh h h Password Registry User Entry Mehler1979 Mehler1997 • Solves problems of previous methods. • Loss of recall and increase of false positives

  9. Want to accept mistakes (recall) • h(flpajack) = h(flapjack) • Don’t accept other strings (false positive rate) • h(pancake) ≠ h(flapjack) • We separately consider correcting single transposition errors and single substitution errors (most common entry error types) Password Corrective Hashing Notation n = password (string) length m = alphabet size

  10. Phonetic Hashing (Soundex, Metaphone, etc.) h(Smith) = S43 = h(Smyth) • SAMBA: repeated login to relax case and character order. • Personal Question Answering. • Semantic Pass-Phrase. Previous Work

  11. Idea: Sort the characters of a password. h(flpajack) = aacfjklp = h(flapjack) • Sorting a string imposes its own order. • All strings differing by a transposition are the same when sorted, so • Recall = 1 • But many False Positives • h(erika) = aeikr = h(keira) • Theorem: No other method will have fewer false positives with perfect recall Correcting Transposition Errors

  12. Assume some method M with recallM = 1 fpM < fpSort Then there are strings S,T such that Sort(S) = Sort(T) M(S) ≠ M(T) Thus there exists a sequence S, s1, s2, … , sj, T With each string differing by a transposition. (example: keira, ekira, eikra, eirka, erika) Since M(S)≠M(T), there is some i such that M(si) ≠ M(si+1) Contradicting M’s perfect recall. Proof

  13. Sorting’s high false positive rate makes it insecure. • Can we get a lower false positive rate with almost as good recall? • We consider 2 methods that partially sort a string. • Sorting Networks • Block Sorting Partial Sorting d a a a b a d b b d c b c c d c d a a d b b c c

  14. Sorting Networks • Correct Transpositions • Impose some order on the string, up to completely sorted • Take output of any stage as an operating point. 6 3 3 1 3 6 2 2 4 2 6 3 2 1 4 3 …. 5 1 4 4 1 5 3 4 3 3 5 5 4 4 4 6

  15. Sorting Network Analysis • 1-stage • All even Transpositions are corrected. Recall is • 2-stage • All even transpositions still corrected. • Some odd transpositions corrected also. • Consider ‘abcd’ and ‘acbd’. • Hashed together if a  b,c  d

  16. Block Sorting • Partition string into substrings, and sort the substrings. • Will correct all transposition errors except those occurring across substrings. 6 6 2 3 3 3 4 4 4 2 2 6 5 5 1 1 1 3 3 3 4 5 4 4

  17. Block Sorting Analysis • Does not correct transpositions across block boundaries. • Recall = (n-k)/(n-1) • False positive if each block is hashed together under complete sorting fp = 2k-1∏(fpsort(ni)+tpsort(ni)) + ∑fpsort(ni)mn-ni

  18. Example Domains

  19. Correcting Transposition Results Conclusion: Block Sorting can be used to match passwords, except on small alphabets.

  20. Hi/Low Weakening: Partition alphabet into two sets. • Ex: Low = [0-4] High = [5-9] • 1979 -> LHHH • Recall = (k(k-1) + (m-k)(m-k-1)) / m(m-1) • Weak Set • A subset of the alphabet is the weak set. • All members of the weak set get hashed • to the same symbol. • Ex: Weak-Set = {a,e,i,o,u} • Lawrence -> L.wr.nc. • Recall = k(k-1) / m(m-1) Correcting Substitution Errors

  21. Weak Set Results Conclusion: Too insecure for usability gains.

  22. Substitution Results

  23. Crack Lists Previous analysis assumed uniform distribution of passwords. Users tend to use dictionary words. One common way of breaking into systems is by using a ‘crack’ list of common words and names that might appear in a password. How much smaller of a crack list would be needed if corrective hashing was used? erika keira last salt h = sorting aeikr alst

  24. Crack Lists < 13% reduction of crack list for complete sorting. < 1% reduction of crack list for 50% recall.

  25. Conclusions • Usability increased with small security trade-off for correcting transposition errors • Substitution errors harder to correct • Crack list computational cost not significantly decreased • Open Problems • Better hash functions? • Correcting insert/deletion errors? • Empirical usability experiments?

More Related