Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance

Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure against credential disclosure. Unfortunately, the relatively low tolerance of users to added latency places an upper bound on the deployment of this technique in most applications. In this paper, we present a multi-factor credential hashing function (MFCHF) that incorporates the additional entropy of multi-factor authentication into password hashes to provide asymmetric resistance to brute-force attacks. MFCHF provides full backward compatibility with existing authentication software (e.g., Google Authenticator) and hardware (e.g., YubiKeys), with support for common usability features like factor recovery. The result is a 10^6 to 10^48 times increase in the difficulty of cracking hashed credentials, with little added latency or usability impact

Attribute-Based, Usefully Secure Email

A secure system that cannot be used by real users to secure real-world processes is not really secure at all. While many believe that usability and security are diametrically opposed, a growing body of research from the field of Human-Computer Interaction and Security (HCISEC) refutes this assumption. All researchers in this field agree that focusing on aligning usability and security goals can enable the design of systems that will be more secure under actual usage. We bring to bear tools from the social sciences (economics, sociology, psychology, etc.) not only to help us better understand why deployed systems fail, but also to enable us to accurately characterize the problems that we must solve in order to build systems that will be secure in the real world. Trust, a critically important facet of any socio-technical secure system, is ripe for analysis using the tools provided for us by the social sciences. There are a variety of scopes in which issues of trust in secure systems can be stud- ied. We have chosen to focus on how humans decide to trust new correspondents. Current secure email systems such as S/MIME and PGP/MIME are not expressive enough to capture the real ways that trust flows in these sorts of scenarios. To solve this problem, we begin by applying concepts from social science research to a variety of such cases from interesting application domains; primarily, crisis management in the North American power grid. We have examined transcripts of telephone calls made between grid manage- ment personnel during the August 2003 North American blackout and extracted several different classes of trust flows from these real-world scenarios. Combining this knowl- edge with some design patterns from HCISEC, we develop criteria for a system that will enable humans apply these same methods of trust-building in the digital world. We then present Attribute-Based, Usefully Secure Email (ABUSE) and not only show that it meets our criteria, but also provide empirical evidence that real users are helped by the system

Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D