Sokratis Katsikas – Professor, School of Information and Communication Technologies, Department of Digital Systems, University of Piraeus. Sokratis Katsikas – Professor, School of Information and Communication Technologies, Department of Digital Systems, University of Piraeus Stefanos Gritzalis – Professor, School of Engineering, Department of Information & Communication Systems Engineering, University of the.
Introduction
Research Contribution and structure
The first part of this work (see section 2) focuses on the security study of currently used methodologies for user authentication. Based on a comprehensive security analysis, we have identified several vulnerabilities that could be exploited by an attacker to compromise the authenticity, privacy, availability, and integrity of the UAF protocol.
Password based authentication: A deficient approach
Background
- Password guessing attacks
- Hardware based password guessing
- CMS and web application frameworks
- Related Work
In addition, [18] performed empirical password analysis and compared the performance of dictionary password guessing attacks with PCFG and Markov based techniques. The results showed that most passwords are not secure enough to withstand password guessing attacks.
Password hashing schemes
Similar to BCRYPT, both SCRYPT and Argon2 use iterations in specific parts of the algorithm. Finally, MHF such as SCRYPT and Argon2 are specifically designed to resist hardware-equipped adversaries.
A mathematical model for cost estimation of password guessing attacks
- Mathematical parameters
- Effectiveness: Brute Force password guessing attacks
- Cost analysis: Brute Force password guessing attacks
- Effectiveness: Dictionary password guessing attacks
- Cost analysis: Dictionary password guessing attacks
The first step in the cost estimation is to calculate the average number of hashes that will be performed during a brute force password guessing attack, defined as hashesBF. The first step in the cost estimate is to calculate the number of hashes.
Password hashing scheme evaluation
Also, the rest of the CMS that uses iterations uses any number of iterations. The second part of this section examines the standard hashing schemes of the most commonly used web application frameworks.
Cost of password cracking
- Hashrates
- Comparative analysis
The reason for this calculation is that the number of iterations should not be set too high; otherwise the calculation of a hash value can be significantly delayed, disrupting the normal operation of the website. Here we use our cost analysis model that we presented in Section 2.3 to perform a comparative cost-time analysis between different CMS frameworks and web applications. To derive the numerical results for the cost time, we consider the values from Section 2.5.1 for hashrates, as well as Sections 2.3.2 and 2.3.4 for brute force and dictionary effectiveness.
From the CMS investigated we identified that most CMS do not implement a password policy by default, except for Magento CMS. So, for this comparison, we estimate the cost time of a brute force attack cost_timeBF for mixed alphanumeric passwords of 8 characters in length for Magento (due to the password policy) and small passwords of 8 characters in length for EspoCRM (due to of the absence of a password policy). For this reason, we chose OpenCart, which uses 1024 iterations, and the Zend framework, which uses the largest number of BCRYPT iterations among all CMS and web application frameworks (i.e. 16384).
In this group, the derived numerical results of the cost time are based on dictionary attack.
Misuse of password hashing schemes for denial of service attacks
This results in a denial of service at the application layer, as the web server cannot respond to new requests. This result is alarming considering that distributed denial of service attacks originating from botnets far exceeded the rates of our experiments. As mentioned in [51], the majority of the distributed denial of service attacks in 2017 were performed with 100 to 1000 requests per second.
In the next two experiments, we will investigate whether password length and repetitions can cause denial of service attacks even at very low speeds. The first and most important finding is that SHA512 with 65536 iterations (i.e. Drupal's default settings) is vulnerable to denial-of-service attacks, as CPU utilization reaches 100% for a password length equal to 6000. Based on the above results, we conclude that CMS and application frameworks should set a maximum acceptable password length policy by default to avoid denial of service with very long passwords.
On the other hand, BCRYPT and SCRYPT are not sensitive to denial of service with large passwords.
Recommendations on Password hashing
This solution is only feasible for a small number of users, otherwise it may take a very long time to achieve the migration to the new hash function. This way, a website can update a hash function at any time by simply adding a new layer of a hash function, eliminating the need to maintain two separate tables and wait for the users to first report H = scrypt (H, salt) (the new key hash function. Depending on the implementation SCRYPT output length can be several bytes).
In the Facebook example, the output of the legacy MD5 (i.e. step 1) is used as an input to multiple hash function, including a HMACSHA1 in step2, another HMAC value (with unknown hash function) in ' a remote crypto service (i.e. step 3), a SCRYPT (i.e. step 4), and finally a HMACsha256 (i.e. step 5). Thus, by using this layered approach, a hash function can be updated without causing interruptions to the normal operation of the website. A solution that is orthogonal to the actual hash function that a website uses and can significantly protect against offline password guessing attacks is called distributed hashing.
The main idea of this solution lies in delegating the calculation of the hash value to an external service.
Overcoming the limitation of passwords
Strong authentication with Fast IDentity Online
- Background
- Related Work
- FIDO UAF protocol operations
- Security analysis
- Threat analysis
- Results and discussion
Subsequently, the UAF client will check the authentication policy parameter and generate a key registration request for the set of UAF authenticators mandated by the policy. Subsequently, the UAF client checks the authentication policy parameter and sends a key authentication request to the set of UAF authenticators mandated by the policy. The first and most obvious attack vector in the UAF protocol is the authentication keys.
Finally, an attacker can also attempt to gain access to the authentication keys indirectly by completely compromising the UAF authenticator(s). The second critical entity of the UAF protocol that resides on a user's device is the UAF client. In addition, an attacker can indirectly compromise the secure operation of the UAF protocol by exploiting existing vulnerabilities (i) in the underlying operating system in which the UAF protocol runs, or (ii) in the trusted computing platform (usually the TrustZone platform), used for the hardware-assisted security of the encryption keys and the operation of the UAF authenticator(s).
Remember that these keys are used by the UAF authenticator to sign registration and authentication responses, respectively.
Real-time protection of user authentication credentials
- Related work
- Software level protection
- Operating System level protection
- Source code level protection
- Results and discussion
Also, stdin (eg keyboard input) is used to populate the array of the password variable. In the first scenario called "Running process", we performed memory dumps (all three types) while the process of the executable was running. This means that apart from the test application process itself (see Figure 8), the other processes running in the system did not use the password variable.
We found that this time we were unable to recover instances of the password variable after the process ended. We determined that the SecureZeroMemoy macro did indeed replace the contents of the password variable with zeros. We repeated the experiments from the previous section and we noticed that the memset function did not work as we expected, because the value of the password variable was detected in the process dumps.
It should be noted that the free command does not reset the memory data.
Continuous authentication and detection of malicious actions
Continuous authentication using biometric modalities
- Security and performance of Biometric based authentication
- Related Work
- Continuous authentication using the gait modality
- Feature Extraction
- Biohashing
- Initial experiments and observations
- Experiments and numerical results
- User registration and authentication using the gait modality
- Performance evaluation
- Results and discussion
After the gait features are extracted (using the CIT and RIT transforms), a biohash algorithm is used to protect them. In the first scheme, we enter the characteristics of walking, which are extracted from only one of the three considered types of human silhouettes. In the authentication process, the G silhouette of the user can be one of three types (ie, flat, coat, bag).
In this section, we evaluate the authentication performance of the two enrollment and authentication schemes. To investigate the authentication performance of the proposed scheme, we more specifically classify the users as: a) genuine and b) impostors. On the contrary, gait features derived from different silhouette types of the same user show large differences.
The first-level fusion module is invoked in the authentication process immediately after generating the authentication bitstreams.
Detection of malicious actions using machine learning
- Background
- Routing in mesh networks
- Blackhole attack: Acting as a sinkhole for all network traffic
- Related Work
- Blackhole attack intensity
- Using machine learning to detect malicious actions
- Results and discussion
Hop count (hop_count): represents the current distance to the destination node of the entry. Next hop node (next_hop): all packets sent to the destination node of the entry must be forwarded through this node. The value of the destination SQN in the RREQ message (the values of destination SQNs in the AODV messages are indicated as SQNdst_node) is taken from the related routing table entry of the source node for the specific destination that wants to discover a route.
The value of the destination SQN (ie, SQNdst_node) is obtained from the table stored in the routing table of the intermediate nodes. If none of the intermediate nodes possess a new route to the destination, then the RREQ eventually reaches the destination node. The destination SQN (ie, SQNdst_node) in the RREP message is equal to the value of the destination node's SQN.
Upon receiving the RREQ message, the malicious node M generates an RREP message (even though it does not have a route to the destination node D), used as a.
Conclusions
Publications
- Journal Articles
- Conference/Workshop Publications
Shmatikov, "Fast Dictionary Attacks on Passwords Using Time- Space Tradeoff," in Proceedings of the 12th ACM Conference on Computer and Communications Security, Virgina, 2005. Roudier, "Password Strength: An Empirical Analysis," in Proceedings of the 29th conference on Inligtingskommunikasie (INFOCOM. Mazières, "A Future-Adaptable Password Scheme," in Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference, 1999.
Smith, “Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. Neven, “Practical yet universally composable password-verified secret sharing on two servers, " in Proceedings of the 2012 ACM Conference on Computer and Communications Security, 2012. Solihin, "i-NVMM: A secure non-volatile main memory system with incremental encryption", in Proceedings of the International Symposium on Computer Architecture (ISCA), 2011.
Veeraraghavan, "Trust i mobile ad hoc-netværk," i Telecommunications and Malaysia International Conference on Communications, 2007.