Protecting Poorly Chosen Secrets from Guessing Attacks

In a security system that allows people to choose their own passwords, people tend to choose passwords that can be easily guessed. This weakness exists in practically all widely used systems. Instead of forcing users to choose secrets that are likely to be difficult for them to remember, solutions that maintain user convenience and a high level of security at the same time are proposed. The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not. Common forms of guessing attacks are examined, examples of cryptographic protocols that are immune to such attacks are developed, and a systematic way to examine protocols to detect vulnerabilities to such attacks is suggested. >

[1]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[3]  Donn Seeley Password cracking: a game of wits , 1989, CACM.

[4]  D. K. Branstad,et al.  Data Encryption Standard: past and future , 1988, Proc. IEEE.

[5]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6]  W. Palmer Case history. , 1953, McGill medical journal.

[7]  Li Gong A note on redundancy in encrypted messages , 1990, CCRV.

[8]  Roger M. Needham,et al.  Authentication revisited , 1987, OPSR.

[9]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[10]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[12]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[13]  Virgil D. Gligor,et al.  On message integrity in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  John Linn Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1987, RFC.

[15]  Ronald L. Rivest,et al.  The Design and Analysis of Computer Algorithms , 1990 .

[16]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[17]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.

[18]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[19]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[20]  Li Gong,et al.  A security risk of depending on synchronized clocks , 1992, OPSR.

[21]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[22]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[23]  Li Gong,et al.  Verifiable-text attacks in cryptographic protocols , 1990, Proceedings. IEEE INFOCOM '90: Ninth Annual Joint Conference of the IEEE Computer and Communications Societies@m_The Multiple Facets of Integration.

[24]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.