From Attack to Defense: Building Systems Secure against Breached Credentials

213 pagesTargeted attacks using breached credentials exploit the fact that users reuse some semantic or syntactic structure of passwords across websites to make them easy to remember. The adversary tries to log in to a victim’s account using thestolen passwords or variants of these passwords. Protecting accounts from these attacks remains challenging. Adversaries have wide-scale access to billions of stolen credentials from breach compilations, while users and identity providers remain in the dark about which accounts require attention. Our contribution is to show that it is possible to build a large-scale system that allows users to check for vulnerabilities against these attacks without sacrificing the functionality, security, and performance properties. We initiate the work by addressing the core challenge — modeling how humans choose similar passwords. We train models using modern machine learning techniques and exhibit its efficacy by simulating the most damaging attack to date. Then we formalize the security goals for existing breach checking services that warn if the exact credential is publicly exposed. In the process we also propose novel exact-checking protocols with better security guarantees. All this helps educate the design of the second-generation, similarity-aware, and privacy-preserving credential checking service — Might I get Pwned (MIGP). Finally, we collaborate with Cloudflare to deploy MIGP as part of the web application firewall to notify login servers about potential attacks

Federated Detection of Cross-Site Credential Vulnerabilities and Attacks

Among the most prominent threats to web accounts today are cross-site credential attacks. A good example is the theft of a user’s password at one website—e.g., by a breach of that website’s credential database—and subsequent use of the stolen password to gain access to the same user’s accounts at other websites. These attacks, termed credential stuffing, are effective due to the fact that people tend to reuse passwords or their guessable variants across their accounts. Credential stuffing has become a primary cause of account takeovers, allowing the attacker to drain accounts of stored value, credit card numbers, and other personal information. Moreover, preventing, detecting, and cleaning up compromised accounts and the value thus stolen is a significant cost for service providers. Aside from direct harm imposed on users’ accounts, credential stuffing can also weaken other account defenses, e.g., the honeyword scheme to detect logins with passwords leaked from compromised databases. This dissertation aims to deal with these cross-site credential vulnerabilities and attacks by developing technical approaches to allow websites together to detect and mitigate these threats effectively and securely. In this dissertation, we propose (i) a framework by which websites can coordinate to make it difficult for users to reuse the same or similar passwords across different websites; (ii) a framework by which websites can coordinate to effectively detect active credential stuffing on individual user accounts; (iii) a framework, Amnesia, that uses decoy passwords to detect credential database breaches by detecting the local entry and remote stuffing of decoy passwords without relying on any secret state; and (iv) two efficient private set operation protocols to support the three proposed frameworks for achieving their security and practicality goals.Doctor of Philosoph

Detection of Password Reuse and Credential Stuffing: A Server-side Approach

Considering password-based authentication technique, password memorability is a real challenge on users. Hence, password reuse across different web applications is a common trend among users which makes websites vulnerable to credential stuffing attack. A solution as password manager helps the users to create random passwords for different websites on the user machine. However, it has practical challenges. Password database breach detection is another related and challenging task. Among recent developments for breach detection, honeyword-based approach is much appreciated by the research community. However, honeyword generation itself is a challenging part of the solution. In this work, we propose i) Password Reuse Detection (PRD) protocol for detecting password reuse using a secure two party private set intersection; ii) Breach Detection (BD) protocol that detects credential stuffing attacks using two party private set inclusion protocol based on random oblivious transfer. Both the proposals are designed for the authentication servers of the respective applications and need communication between multiple websites following the work by wang et al. Through analysis we show that our PRD protocol is around 2.8 times faster, and space efficient than existing works for 5000 honeywords. Our near to real-time BD protcol is around 2 times faster than existing works

Evaluation of Risk-based Re-Authentication Methods

Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usual ones in the login history. In state-of-the-art RBA re-authentication deployments, users receive an email with a numerical code in its body, which must be entered on the online service. Although this procedure has a major impact on RBA's time exposure and usability, these aspects were not studied so far. We introduce two RBA re-authentication variants supplementing the de facto standard with a link-based and another code-based approach. Then, we present the results of a between-group study (N=592) to evaluate these three approaches. Our observations show with significant results that there is potential to speed up the RBA re-authentication process without reducing neither its security properties nor its security perception. The link-based re-authentication via "magic links", however, makes users significantly more anxious than the code-based approaches when perceived for the first time. Our evaluations underline the fact that RBA re-authentication is not a uniform procedure. We summarize our findings and provide recommendations.Comment: 14 pages, 5 figures. Paper accepted for IFIP SEC 2020. Keywords: Risk-based Authentication (RBA), Re-authentication, Usable Securit

Breach Extraction Attacks: Exposing and Addressing the Leakage in Second Generation Compromised Credential Checking Services

Credential tweaking attacks use breached passwords to generate semantically similar passwords and gain access to victims\u27 services. These attacks sidestep the first generation of compromised credential checking (C3) services. The second generation of compromised credential checking services, called Might I Get Pwned (MIGP), is a privacy-preserving protocol that defends against credential tweaking attacks by allowing clients to query whether a password or a semantically similar variation is present in the server\u27s compromised credentials dataset. The desired privacy requirements include not revealing the user\u27s entered password to the server and ensuring that no compromised credentials are disclosed to the client. In this work, we formalize the cryptographic leakage of the MIGP protocol and perform a security analysis to assess its impact on the credentials held by the server. We focus on how this leakage aids breach extraction attacks, where an honest-but-curious client interacts with the server to extract information about the stored credentials. Furthermore, we discover additional leakage that arises from the implementation of Cloudflare\u27s deployment of MIGP. We evaluate how the discovered leakage affects the guessing capability of an attacker in relation to breach extraction attacks. Finally, we propose MIGP 2.0, a new iteration of the MIGP protocol designed to minimize data leakage and prevent the introduced attacks

A Security Risk Assessment Method for Distributed Ledger Technology (DLT) based Applications: Three Industry Case Studies

Distributed ledger technologies have gained significant attention and adoption in recent years. Despite various security features distributed ledger technology provides, they are vulnerable to different and new malicious attacks, such as selfish mining and Sybil attacks. While such vulnerabilities have been investigated, detecting and discovering appropriate countermeasures still need to be reported. Cybersecurity knowledge is limited and fragmented in this domain, while distributed ledger technology usage grows daily. Thus, research focusing on overcoming potential attacks on distributed ledgers is required. This study aims to raise awareness of the cybersecurity of distributed ledger technology by designing a security risk assessment method for distributed ledger technology applications. We have developed a database with possible security threats and known attacks on distributed ledger technologies to accompany the method, including sets of countermeasures. We employed a semi-systematic literature review combined with method engineering to develop a method that organizations can use to assess their cybersecurity risk for distributed ledger applications. The method has subsequently been evaluated in three case studies, which show that the method helps to effectively conduct security risk assessments for distributed ledger applications in these organizations

Latency Analysis of Blockchain-Based SSI Applications

Several revolutionary applications have been built on the distributed ledgers of blockchain (BC) technology. Besides cryptocurrencies, we can find many other application fields in smart systems exploiting smart contracts and Self Sovereign Identity (SSI) management. The Hyperledger Indy platform is a suitable open-source solution for realizing permissioned BC systems for SSI projects. SSI applications usually require short response times from the underlying BC network, which may vary highly depending on the application type, the used BC software, and the actual BC deployment parameters. To support the developers and users of SSI applications, we present a detailed latency analysis of a private permissioned BC system built with Indy and Aries. To streamline our experiments, we developed a Python application using containerized Indy and Aries components from official Hyperledger repositories. We deployed our experimental application on multiple virtual machines in the public Google Cloud Platform and on our local, private cloud using a Docker platform with Kubernetes. We evaluated and compared their performance with the metrics of reading and writing response latency. We found that the local Indy ledger reads 30–50% faster, and writes 65–85% faster than the Indy ledger running on the Google Cloud Platform

Practical Hash-based Anonymity for MAC Addresses

Given that a MAC address can uniquely identify a person or a vehicle, continuous tracking over a large geographical scale has raised serious privacy concerns amongst governments and the general public. Prior work has demonstrated that simple hash-based approaches to anonymization can be easily inverted due to the small search space of MAC addresses. In particular, it is possible to represent the entire allocated MAC address space in 39 bits and that frequency-based attacks allow for 50% of MAC addresses to be enumerated in 31 bits. We present a practical approach to MAC address anonymization using both computationally expensive hash functions and truncating the resulting hashes to allow for k-anonymity. We provide an expression for computing the percentage of expected collisions, demonstrating that for digests of 24 bits it is possible to store up to 168,617 MAC addresses with the rate of collisions less than 1%. We experimentally demonstrate that a rate of collision of 1% or less can be achieved by storing data sets of 100 MAC addresses in 13 bits, 1,000 MAC addresses in 17 bits and 10,000 MAC addresses in 20 bits.Comment: Accepted at the 17th International Conference on Security and Cryptography (SECRYPT 2020). To be presented between 8-10 July 202