Popularity Is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks
نویسندگان
چکیده
We propose to strengthen user-selected passwords against statistical-guessing attacks by allowing users of Internetscale systems to choose any password they want—so long as it’s not already too popular with other users. We create an oracle to identify undesirably popular passwords using an existing data structure known as a count-min sketch, which we populate with existing users’ passwords and update with each new user password. Unlike most applications of probabilistic data structures, which seek to achieve only a maximum acceptable rate false-positives, we set a minimum acceptable false-positive rate to confound attackers who might query the oracle or even obtain a copy of it.
منابع مشابه
Optimal authentication protocols resistant to password guessing attacks
Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authenti-cation protocols have been developed that protect user passwords from guessing attacks. These proposed protocols , however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protoc...
متن کاملGuess what? Here is a new tool that finds some new guessing attacks
" with a guess to get out, obtain in another way (possibly from a different message) and compare to verify the guess. Past efforts to address guessing attacks in terms of design or analysis always lacked a general definition and a general analysis approach for guessing attacks. Further, they always assumed that the protocols will be implemented without type-flaws and without interaction from ot...
متن کاملSome Remarks on Protecting Weak Keys and Poorly-Chosen Secrets from Guessing Attacks
Authentication and key distribution protocols that utilize weak secrets (such as passwords and PINs) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and veri es the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. In their recent work, Lomas et al. investigated ...
متن کاملPreventing Guessing Attacks Using Fingerprint Biometrics
Security protocols involving the use of poorly chosen secrets, usually low-entropy user passwords, are vulnerable to guessing attacks. Here, a penetrator guesses a value in place of the poorly chosen secret and then tries to verify the guess using other information. In this paper we develop a new framework extending strand space theory in the context of these attacks to analyze the effect using...
متن کاملSecure Authentication Protocols Resistant to Guessing Attacks
Users are normally authenticated via their passwords in computer systems. Since people tend to choose passwords that can be easily remembered, the systems are under the threat of guessing attacks. Many authentication and key distribution protocols have been proposed to protect user passwords from guessing attacks. However, these protocols either are limited to some specific environments or incu...
متن کامل