Transcript The content on this presentation are being reproduced

Authentication
Deniable Authentication
and
Protection Against Dictionary Attacks
Isidora Petreska
Dimitar Gosevski
Contents
•
•
•
•
•
•
Introduction to Authentication
Deniable Authentication
Deniable authentication
protocols
Adaptive Multi-Trapdoor
Commitment (AMTC) Scheme
ATMC – based authenticators
Decisional Diffie-Hellman
(DDH) Scheme
•
•
•
•
•
•
•
•
Passwords and
AuthenticationDeniable
Authentication
Countermeasures against
dictionary attacks and their
weaknesses
Reveres Turing Test (RTT)
Basic User Authentication
Protocol
Solving Protocol Drawbacks
Security Analysis
Analysis for a user account
Setting the parameters
Introduction to Authentication
• Formal definition
• Authentication technologies
• Concerns to:
– Deniable authentication
– Password security
Deniable Authentication
• Property of deniability
• Concept of deniable authentication
– Privacy concerns of the sender
• Need for deniable authentication:
– in private key cryptography?
– in public key cryptography?
Deniable authentication protocols
• Example of deniable protocol
• What if the sender changes his/her
mind?
• Need to forward deniability
• Proposal of new schemes based on:
– Adaptive Multi-Trapdoor Commitment
and
– Decisional Diffie-Hellman protocols
Adaptive Multi-Trapdoor
Commitment (AMTC) Scheme
• Notion of commitment
• Trapdoor Commitment Scheme (TCS)
• Adaptive Multi-Trapdoor Commitment
(AMTC) Scheme:
– CKG - a master key generation algorithm
– Sel - given a master public key (PK), it outputs an
equivalent key (pk)
– Tkg - having a triple (PK, pk, TK) it outputs a
trapdoor information (tk)
– Com - verify a commitment Com(PK, pk, M, R)
– Equiv - opening of a commitment C
ATMC – based authenticators
(1/2)
ATMC – based authenticators
(2/2)
Decisional Diffie-Hellman (DDH)
Scheme (1/2)
Decisional Diffie-Hellman (DDH)
Scheme (2/2)
Passwords and Authentication
• Passwords as authentication method
• Passwords convenient for both
service providers and users
• Dictionary attacks against passwords
• Password eavesdropping
Countermeasures against dictionary
attacks and their weaknesses
• Countermeasures
– Delayed response
– Account locking procedure
• Drawbacks of the countermeasures
– Global password attacks
– Denial of Service Attacks
– Customer service cost
Reveres Turing Test (RTT)
• Found by M.Naor
• Distinguish between human and
automated program
– Automated generation
– Easy for Humans
– Hard for machines
– Small probability of guessing the answer
correctly
RTT (Cont..)
• Used by large IT companies
– Yahoo
– AltaVista
– PayPal
• Possible drawbacks of RTTs
– Based on the visual capabilities of the
human
• Improvement of RTTs
– Audible RTTs
Basic User Authentication
Protocol
• Combines RTT with any password based
authentication system
– Slow down the execution of the automated
programs tying to break in the system
• Drawbacks of the Protocol
– Usability
• difficult for the user to answer RTT in every login
attempt
– Scalability
• not easy to generate and serve RTT per login attempt
Solving Protocol Drawbacks
• Limited set of computer used by the
user
– Small possibility of dictionary attack from
this computes
– Identify specific computer web browser
by using cookies
– No need of solving RTT by this
computers
• RTT required only for a fraction of the
login attempts
Security Analysis
• User Server Interaction
– Feedback no. 1
• Invalid username or password
– Feedback no. 2
• First answer RTT than you will be inform if
the username/password pair is correct
– Whether to ask for RTT is deterministic
function from username /password pair
– Same time delay regardless if the
entered password is correct or not
Analysis for a user account
• To verify fraction of correct or
incorrect passwords a RTT mast be
pass first
• Assume that all passwords has the
same probability to be correct
• Randomly chosen passwords
• Wining Ticket Game
Setting the parameters
• Steps to designee a successful
authentication protocol:
– Estimating the benefit that the attacker gain
from breaking into account
– Estimating the size of the domain of passwords
– Estimating the cost of solving single RTT by the
attacker
– The cost of breaking an account should be
higher than the potential gain from the break
The content on this presentation are
being reproduced without the original
author’s permission! 