Protocols for Checking Compromised Credentials

To prevent credential stuffing attacks, industry best practice now proactively checks if user credentials are present in known data breaches. Recently, some web services, such as HaveIBeenPwned (HIBP) and Google Password Checkup (GPC), have started providing APIs to check for breached passwords. We refer to such services as compromised credential checking (C3) services. We give the first formal description of C3 services, detailing different settings and operational requirements, and we give relevant threat models. One key security requirement is the secrecy of a user's passwords that are being checked. Current widely deployed C3 services have the user share a small prefix of a hash computed over the user's password. We provide a framework for empirically analyzing the leakage of such protocols, showing that in some contexts knowing the hash prefixes leads to a 12x increase in the efficacy of remote guessing attacks. We propose two new protocols that provide stronger protection for users' passwords, implement them, and show experimentally that they remain practical to deploy.

[1]  Catherine A. Meadows,et al.  A More Efficient Cryptographic Matchmaking Protocol for Use in the Absence of a Continuously Available Third Party , 1986, 1986 IEEE Symposium on Security and Privacy.

[2]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[3]  Hao Chen,et al.  Fast Private Set Intersection from Homomorphic Encryption , 2017, CCS.

[4]  Daniel Lowe Wheeler zxcvbn: Low-Budget Password Strength Estimation , 2016, USENIX Security Symposium.

[5]  Haining Wang,et al.  A study of personal information in human-chosen passwords and its security implications , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[6]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.

[7]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[8]  Marie-Sarah Lacharité,et al.  Frequency-smoothing encryption: preventing snapshot attacks on deterministically encrypted data , 2018, IACR Trans. Symmetric Cryptol..

[9]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[10]  Vladimir Kolesnikov,et al.  Efficient Batched Oblivious PRF with Applications to Private Set Intersection , 2016, CCS.

[11]  Benny Pinkas,et al.  Efficient Circuit-based PSI via Cuckoo Hashing , 2018, IACR Cryptol. ePrint Arch..

[12]  Nikita Borisov,et al.  The Tangled Web of Password Reuse , 2014, NDSS.

[13]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[14]  Zengjian Hu,et al.  On weighted balls-into-bins games , 2005, Theor. Comput. Sci..

[15]  Dan Boneh,et al.  Protecting accounts from credential stuffing with password breach alerting , 2019, USENIX Security Symposium.

[16]  Lujo Bauer,et al.  Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat , 2017, CCS.

[17]  Yevgeniy Dodis,et al.  A New Distribution-Sensitive Secure Sketch and Popularity-Proportional Hashing , 2017, CRYPTO.

[18]  Arvind Narayanan,et al.  I never signed up for this! Privacy implications of email tracking , 2018, Proc. Priv. Enhancing Technol..

[19]  Zeev Dvir,et al.  2-Server PIR with Sub-Polynomial Communication , 2014, STOC.

[20]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[21]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[22]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[23]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[24]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[25]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[26]  Benny Pinkas,et al.  Private Set Intersection for Unequal Set Sizes with Mobile Applications , 2017, Proc. Priv. Enhancing Technol..

[27]  Sushil Jajodia,et al.  Information disclosure under realistic assumptions: privacy versus optimality , 2007, CCS '07.

[28]  Thomas Ristenpart,et al.  Beyond Credential Stuffing: Password Similarity Models Using Neural Networks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).