A New Distribution Sensitive Secure Sketch and a Comparison Between Approaches to Typo-Tolerant Authentication

Motivated by typo correction in password authentication, we investigate cryptographic error-correction of secrets in settings where the distribution of secrets is a priori (approximately) known. We refer to this as the distribution-sensitive setting. We design a new secure sketch called the layer-hiding hash (LHH) that offers the best security to date. Roughly speaking, we show that LHH saves an additional logH0(W ) bits of entropy compared to the recent layered sketch construction due to Fuller, Reyzin, and Smith (FRS). Here H0(W ) is the size of the support of the distribution W . When supports are large, as with passwords, our new construction offers a substantial security improvement. We provide two new constructions of typo-tolerant password-based authentication schemes. The first combines a LHH or FRS sketch with a standard slow-to-compute hash function, and the second avoids secure sketches entirely, correcting typos instead by checking all nearby passwords. Unlike the previous such brute-force-checking construction, due to Chatterjee et al., our new construction uses a hash function whose runtime is proportional to the popularity of the password (forcing a longer hashing time on more popular, lower entropy passwords). We refer to this as popularity-proportional hashing (PPH). We then introduce a framework for comparing different typo-tolerant authentication approaches. We show that PPH always offers a better time / security trade-off than the LHH and FRS constructions, and for certain distributions outperforms the Chatterjee et al. construction. Elsewhere, this latter construction offers the best trade-off. In aggregate our results suggest that the best known secure sketches are still inferior to simpler brute-force based approaches.

[1]  Leonid Reyzin,et al.  When Are Fuzzy Extractors Possible? , 2016, IEEE Transactions on Information Theory.

[2]  F. Frances Yao,et al.  Design and Analysis of Password-Based Key Derivation Functions , 2005, IEEE Trans. Inf. Theory.

[3]  Renato Renner,et al.  The Exact Price for Unconditionally Secure Asymmetric Cryptography , 2004, EUROCRYPT.

[4]  Vladimir Kolmogorov,et al.  On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model , 2016, EUROCRYPT.

[5]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[6]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[7]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Mihir Bellare,et al.  Multi-instance Security and Its Application to Password-Based Cryptography , 2012, CRYPTO.

[9]  Leonid Reyzin,et al.  Fuzzy Extractors ∗ , 2007 .

[10]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[11]  Claude Castelluccia,et al.  Adaptive Password-Strength Meters from Markov Models , 2012, NDSS.

[12]  Steven Skiena,et al.  Improving Usability Through Password-Corrective Hashing , 2006, SPIRE.

[13]  Boris Skoric,et al.  An efficient fuzzy extractor for limited noise , 2009, Foundations for Forgery-Resilient Cryptographic Hardware.

[14]  David Zhang,et al.  A comparative study on quality assessment of high resolution fingerprint images , 2010, 2010 IEEE International Conference on Image Processing.

[15]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[16]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[17]  Thomas Ristenpart,et al.  Honey Encryption: Encryption beyond the Brute-Force Barrier , 2014, IEEE Security & Privacy.

[18]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[19]  Thomas Ristenpart,et al.  pASSWORD tYPOS and How to Correct Them Securely , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[20]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[21]  Jeremiah Blocki,et al.  Efficiently Computing Data-Independent Memory-Hard Functions , 2016, CRYPTO.

[22]  Joseph Bonneau,et al.  Guessing human-chosen secrets , 2012 .

[23]  Daniel Lowe Wheeler zxcvbn: Low-Budget Password Strength Estimation , 2016, USENIX Security Symposium.

[24]  S. Boztaş Entropies, Guessing and Cryptography , 1999 .

[25]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[26]  Rafail Ostrovsky,et al.  Low distortion embeddings for edit distance , 2007, JACM.

[27]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[28]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[29]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .