1,096 research outputs found
Crumpled and Abraded Encryption: Implementation and Provably Secure Construction
Abraded and crumpled encryption allows communication software such as messaging platforms to ensure privacy for their users while still allowing for some investigation by law enforcement. Crumpled encryption ensures that each decryption is costly and prevents law enforcement from performing mass decryption of messages. Abrasion ensures that only large organizations like law enforcement are able to access any messages. The current abrasion construction uses public key parameters such as prime numbers which makes the abrasion scheme difficult to analyze and allows possible backdoors. In this thesis, we introduce a new abrasion construction which uses hash functions to avoid the problems with the current abrasion construction. In addition, we present a proof-of-concept for using crumpled encryption on an email server
GOTCHA Password Hackers!
We introduce GOTCHAs (Generating panOptic Turing Tests to Tell Computers and
Humans Apart) as a way of preventing automated offline dictionary attacks
against user selected passwords. A GOTCHA is a randomized puzzle generation
protocol, which involves interaction between a computer and a human.
Informally, a GOTCHA should satisfy two key properties: (1) The puzzles are
easy for the human to solve. (2) The puzzles are hard for a computer to solve
even if it has the random bits used by the computer to generate the final
puzzle --- unlike a CAPTCHA. Our main theorem demonstrates that GOTCHAs can be
used to mitigate the threat of offline dictionary attacks against passwords by
ensuring that a password cracker must receive constant feedback from a human
being while mounting an attack. Finally, we provide a candidate construction of
GOTCHAs based on Inkblot images. Our construction relies on the usability
assumption that users can recognize the phrases that they originally used to
describe each Inkblot image --- a much weaker usability assumption than
previous password systems based on Inkblots which required users to recall
their phrase exactly. We conduct a user study to evaluate the usability of our
GOTCHA construction. We also generate a GOTCHA challenge where we encourage
artificial intelligence and security researchers to try to crack several
passwords protected with our scheme.Comment: 2013 ACM Workshop on Artificial Intelligence and Security (AISec
- …