Pico without public keys

This document is the Accepted Manuscript version of the following paper: Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, and Quentin Stafford Fraser, 'Pico without Public Keys', Security Protocols XXIII, 23rd International Workshop Cambridge, March 31- April 2, 2015, Revised Selected Papers, pp. 195-211, part of the Lecture Notes in Computer Science book series (LNCS, Vol. 9379), first online 25 November 2015, ISBN: 978-3-319-26095-2. The final publication is available at Springer via: https://link.springer.com/chapter/10.1007%2F978-3-319-26096-9_21v.Pico is a user authentication system that does not require remembering secrets. It is based on a personal handheld token that holds the user’s credentials and that is unlocked by a “personal aura” generated by digital accessories worn by the owner. The token, acting as prover, engages in a public-key-based authentication protocol with the verifier. What would happen to Pico if success of the mythical quantum computer meant secure public key primitives were no longer available, or if for other reasons such as energy consumption we preferred not to deploy them? More generally, what would happen under those circumstances to user authentication on the web, which relies heavily on public key cryptography through HTTPS/TLS? Although the symmetric-key-vs-public-key debate dates back to the 1990s, we note that the problematic aspects of public key deployment that were identified back then are still ubiquitous today. In particular, although public key cryptography is widely deployed on the web, revocation still doesn’t work. We discuss ways of providing desirable properties of public-key-based user authentication systems using symmetric-key primitives and tamperevident tokens. In particular, we present a protocol through which a compromise of the user credentials file at one website does not require users to change their credentials at that website or any other. We also note that the current prototype of Pico, when working in compatibility mode through the Pico Lens (i.e. with websites that are unaware of the Pico protocols), doesn’t actually use public key cryptography, other than that implicit in TLS. With minor tweaks we adopt this as the native mode for Pico, dropping public key cryptography and achieving much greater deployability without any noteworthy loss in security

Enabling Automatic Password Change in Password Managers Through Crowdsourcing

Password managers can immensely increase password security, for laymen and experts alike. One reason for the low adaption is a lack of automatic password change. In this paper, we describe our work on extending password managers towards automatic password change on the web. The main idea is that users can teach the password managers how to change their password on a specific website using a recorder module and share this information (blueprints) with other users, effectively crowdsourcing  the  creation  of  these  blueprints.  Parts  of  the  proposal were implemented as an add-on for the Firefox browser and evaluated in a user study. Our results show that our proposal is viable and usable

Verified password generation from password composition policies

Password managers (PMs) are important tools that enable the use of stronger passwords, freeing users from the cognitive burden of remembering them. Despite this, there are still many users who do not fully trust PMs. In this paper, we focus on a feature that most PMs offer that might impact the user’s trust, which is the process of generating a random password. We present three of the most commonly used algorithms and we propose a solution for a formally verified reference implementation of a password generation algorithm. We use EasyCrypt to specify and verify our reference implementation. In addition, we present a proof-of-concept prototype that extends Bitwarden to only generate compliant passwords, solving a frequent users’ frustration with PMs. This demonstrates that our formally verified component can be integrated into an existing (and widely used) PM.This work was partially funded by the PassCert project, a CMU Portugal Exploratory Project funded by Fundação para a Ciência e Tecnologia (FCT), with reference CMU/TIC/0006/2019 and supported by national funds through FCT under project UIDB/50021/2020

Development of a Secure Model for Mobile Government Applications in Jordan

This paper develops a secure model for mobile government (M-G) applications using effective privacy methods and validates the model through semi-structured interviews with eight Jordanian e-government experts. The experts emphasized the importance of M-G applications in enhancing services such as bill payments, civil services, civil defense, and police services. To improve privacy, the experts suggested methods such as strong textual passwords, data encryption, login tracking, SMS login confirmation, and signup confirmation. Based on these suggestions, a prototype with suggested privacy features was developed using Android programming, and a questionnaire was administered to 150 Jordanian citizens who confirmed the ease of use and usefulness of the proposed privacy model. This paper expands the acceptance of M-G applications and recommends privacy methods to improve their security. The study highlights the importance of security and privacy as acceptance factors for M-G applications in developing countries and suggests that further studies can investigate advanced privacy and suitable security methods for M-G applications in other developing countries

Why Users (Don’t) Use Password Managers at a Large Educational Institution

We quantitatively investigated the current state of Password Manager (PM) usage and general password habits at a large, private university in the United States. Building on prior qualitative findings from SOUPS 2019, we survey n=277 faculty, staff, and students, finding that 77% of our participants already use PMs, but users of third-party PMs, as opposed to browser-based PMs, were significantly less likely to reuse their passwords across accounts. The largest factor encouraging PM adoption is perceived ease-of-use, indicating that communication and institutional campaigns should focus more on usability factors. Additionally, our work indicates the need for design improvements for browser-based PMs to encourage less password reuse as they are more widely adopted

A Secure Password Manager Governance Framework for Web User Authentication

Existing password management frameworks fall short of providing adequate functionality and mitigation strategies against prominent attacks. Unfortunately, the architecture of these frameworks is not aligned with the distributed nature of web applications and is vulnerable to credential theft attacks by network-side, e.g. TLS Proxy in the Middle (TPitM), or front-end, e.g. cross-site scripting (XSS), eavesdropping adversaries. Browser-side frameworks, HTML Autofill and Credential Management API, are inherently vulnerable to XSS-credential theft. ByPass, a manager-to-server paradigm, is inherently vulnerable to TPitM-credential theft. Furthermore, all of the aforementioned frameworks employ an inaccurate app-to-credential mapping strategy, domain-based credential mapping, and might inadvertently divulge user's credentials to unintended (e.g. deceitful) web applications. We propose Berytus, a novel browser-based governance framework that mediates between web applications and password managers to orchestrate secure and programmable authentication sessions. It is positioned between the web application and the password manager, operating natively in the browser, and providing an API for each party. Berytus harmonises multiple password manager usage by requiring available password managers to register with it. Present frameworks do not couple specialised security facilities with their approach, rather their credential transfer security depends on the application of standardised security measures in the web/browser landscape to mitigate against prominent attack vectors, e.g. Content Security Policy for XSS mitigation. Conversely, the Berytus architecture equips web applications with certified app-specific cryptographic keys to streamline an authenticated and accurate app-to-credential mapping strategy. Furthermore, Berytus mediates an authenticated key exchange between the web application and the password manager to achieve app-level end-to-end encryption of credentials, which as we show, can streamline a confidential credential transfer communication that is immune to credential theft attacks via phishing, XSS, malicious browser extension code injection and TPitM. To assess the feasibility of Berytus, we extend Firefox to incorporate Berytus and develop Secret*, a Berytus-compatible password manager for programmable authentication and registration sessions. We make our code artefacts publicly available, provide a comprehensive security and functionality evaluation and discuss possible future directions

Deploying authentication in the wild: Towards greater ecological validity in security usability studies

Abstract Pico is a token-based login method that claims to be simultaneously more usable and more secure than passwords. It does not ask users to remember any secrets, nor to type one-time passwords. We evaluate Pico’s claim with two deployments and user studies, one on a web-based service and another within an organization. Our main aim is to collect actionable intelligence on how to improve the usability and deployability of Pico. In our first study we team up with an established website, Gyazo, to offer this alternative login mechanism to users intent on performing a real task of image sharing. From the lessons of this first study, we retarget Pico’s focus from replacing web passwords to replacing desktop login passwords; and thus in our second study we engage with a government organization, Innovate UK, to offer employees the ability to lock and unlock their computer automatically based on proximity. We focus particularly on the ecological validity of the trials and we thereby gain valuable insights into the viability of Pico, not only through the actual responses from the participants but also through the many practical challenges we had to face and overcome. Reflecting on the bigger picture, from our experience we believe the security usability community would greatly benefit from pushing towards greater ecological validity in published work, despite the considerable difficulties and costs involved.This work was supported by the European Research Council (ERC) [StG 307224, Pico, to FMS] and the extended visits of Gyazo inventor and CTO Masui to Cambridge were supported by the Engineering and Physical Sciences Research Council (EPSRC) [EP/M019055/1, Future authentication systems, to FMS]

An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior. I begin my analysis by conducting the first security evaluation of the full password manager lifecycle (generation, storage, and autofill) on desktop devices, including the creation and analysis of a corpus of 147 million generated passwords. My results show that a small percentage of generated passwords are weak against both online and offline attacks, and that attacks against autofill mechanisms are still possible in modern managers. Next, I present a comparative analysis of autofill frameworks on iOS and Android. I find that these frameworks fail to properly verify webpage security and identify a new class of phishing attacks enabled by incorrect handling of autofill within WebView controls hosted in apps. Finally, I interview users of third-party password managers to understand both how and why they use their managers as they do. I find evidence that many users leverage multiple password managers to address issues with existing managers, as well as provide explanations for why password reuse continues even in the presence of a password manager. Based on these results, I conclude with recommendations addressing the attacks and usability issues identified in this work