Better Security for Password and Two-Factor Authentication

Transcription

1 Better Security for Password ad Two-Factor Autheticatio Staislaw Jarecki (Uiversity of Califoria Irvie) Nitesh Saxea (Uiversity of Alabama Birmigham) Mai collaborators: Aggelos Kiayas (U Ediburgh) Hugo Krawczyk (IBM Research) PhD studets o the project: Maliheh Shirvaia (UA Birmigham) Jiayu Xu (UC Irvie) 1

2 Password (I)Security Passwords: MAIN autheticatio tool i the digital era Protect our lives ad social order, coveietly ad Isecurely

3 Password (I)Security Uacceptable State of Affairs Attackers routiely compromise servers Steal password-related data Recover user s password via Offlie Dictioary Attack BILLIONS of passwords stole MySpace 360M, LikedI 165M, ebay 145M,, Yahoo 3B (!!) Twitter, RSA, Google, Dropbox, PayPal, Soy, Curret Two-Factor Autheticatio schemes do ot stop this leakage TFA reduces to 2 d factor (e.g. cell phoe) security if password leaks But curret TFA s do othig to protect passwords from leakage 3

4 Cryptography Ca Help! We show ways to stregthe password ad two-factor protocols Usig simple, well-established techiques Mostly blided Diffie-Hellma [Chaum, Ford-Kaliski, Boye, ] Efficiet. Mature. Applicable to the ifrastructure used today. Ready for deploymet i the real world. Please talk to me if you are iterested to lear more (esp. if you see where we ca improve, or if you wat to trasfer this to practice). 4

5 Attacks o Password Autheticatio #1: Offlie Dictioary Attack (ODA) ODA is the mai source of password compromise: Deadly combiatio of huma memory limitatio (à low etropy passwords) ad server compromise Stealig the password file allows testig password guesses agaist stored hashes; millios++ of password per secod (from s/w to dedicated h/w) Goal: Reder these uavoidable exhaustive attacks ieffective! How: Eforce high-etropy passwords usig additioal devices/servers 5

6 Attacks o Password Autheticatio #1: Offlie Dictioary Attack (ODA) ODA is the mai source of password compromise Goal: Reder these uavoidable exhaustive attacks ieffective! How: Eforce high-etropy passwords usig additioal devices/servers What Devices? Cell phoe, USB stick: Already used i Two-Factor Autheticatio! What Servers? Ca be hosted by ay cloud service Ed-users ca utilize it trasparetly to web servers Web servers ca utilize it trasparetly to ed-users 6

7 Attacks o Password ad Two-Factor Autheticatio #2,3,4, 2. Olie dict. attacks (uavoidable): Guess password; try it olie. Works w/weak pwds ad i targeted attacks (pers. ifo, sister pwd) 2 d factor helps, but we could do better eve here! 3. Phishig/PKI attack: User tricked to sed password to the attacker paypa1.com, overwritte liks i , URL-browser maipulatio, Cert siged by rogue CA (do you kow your browser s CA s?) A certificate flagged by the browser but user accepts ( clickig through ) 4. Malware o the cliet (termial, laptop, phoe), e.g. keyloggers Goal: Elimiate, eutralize, or reduce exposure to these attacks How: Additioal devices/servers help, ad better cryptography helps! 7

8 Better Security for Password ad Two-Factor Autheticatio Staislaw Jarecki (UC Irvie), Nitesh Saxea (UA Birmigham) PASSWORD AUTHENTICATION with 2 d FACTOR Ed-to-ed security = each compoet ca be compromised: (2 d Factor Device, Cliet, Server, commuicatio liks) pwd MOTIVATION: Password autheticatio is a security bottleeck Web services routiely compromised, hashed passwords leak Hackers recover passwords via Offllie Dictioary Attack Curret Pwd/TFAuth isecure agaist this (ad other attacks) MAIN OBJECTIVES: Achieve ed-to-ed (maximal) security i all attack scearios Elimiate hashed passwords o servers Protect passwords eve if servers are compromised SECONDARY OBJECTIVES: Improve TFA usability (e.g. PIN-copyig is ot ecessary) REQUIREMENTS: Browser Extesio o Cliet Data-Coectivity o 2 d Factor Device (= Cell Phoe) SOLUTION TECHNIQUES / SPECS: Stadard Diffie-Hellma, e.g. EC groups, as i TLS/SSL Computatioal cost = 2-3 exp s/party (» TLS hadshake) SEVER-TRANSPARENT MODE: Cliet gais strog autheticatio toke from 2 d Factor Device ad/or 3 rd -party Security Service CLIENT-TRANSPARENT MODE: Server iteracts with 3 rd -party Security Service POTENTIAL ADOPTERS: Ay iteret user: PwdAuth/TFA trasparet to web server Ay iteret service: PwdAuth/TFA trasparet to ed-user FIST ADOPTERS (PILOTS): Iteret ed-users usig 3 rd party service Educatioal Istitutio logo server? Idustry PwdAuth / TFA providers as parters? TECHNOLOGY TRANSFER: Software libraries will be made available CONTACT : Staislaw Jarecki, UC Irvie, sjarecki@uci.edu Nitesh Saxea, UA Birmigham, saxea@uab.edu