loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Ziya Alper Genç ; Gabriele Lenzini ; Peter Y. A. Ryan and Itzel Vazquez Sandoval

Affiliation: University of Luxembourg, Luxembourg

Keyword(s): Honeywords, Password-based Authentication, Secure Protocols Design, Formal Analysis, ProVerif.

Abstract: In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable decoy words so when an intruder steals the file, retrieves the words, and tries to log-in, he does not know which one is the password. By guessing one from the decoy words, he may not be lucky and reveal the leak. Juels and Rivest left a problem open: how to make the system secure even when the intruder corrupted the login server’s code. In this paper we study and solve the problem. However, since “code corruption” is a powerful attack, we first define rigorously the threat and set a few assumptions under which the problem is still solvable, before showing meaningful attacks against the original Honeywords System. Then we elicit a fundamental security requirement, implementing which, we are able to restore the Honeywords System’s security despite a corrupted login service. We verify the new protocol’s security formally, using ProVerif for this task. We also implement the protocol and test its performance. Finally, at the light of our findings, we discuss whether it is still worth using a fixed honeywords-based system against such a powerful threat, or whether it is better, in order to be resilient against code corruption attacks, to design afresh a completely different password-based authentication solution. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.145.60.29

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Genç, Z.; Lenzini, G.; Ryan, P. and Sandoval, I. (2018). A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System. In Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-282-0; ISSN 2184-4356, SciTePress, pages 83-95. DOI: 10.5220/0006609100830095

@conference{icissp18,
author={Ziya Alper Gen\c{C}. and Gabriele Lenzini. and Peter Y. A. Ryan. and Itzel Vazquez Sandoval.},
title={A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP},
year={2018},
pages={83-95},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006609100830095},
isbn={978-989-758-282-0},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP
TI - A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System
SN - 978-989-758-282-0
IS - 2184-4356
AU - Genç, Z.
AU - Lenzini, G.
AU - Ryan, P.
AU - Sandoval, I.
PY - 2018
SP - 83
EP - 95
DO - 10.5220/0006609100830095
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic