Paul Grubbs, R. McPherson, Muhammad Naveed, T. Ristenpart, Vitaly Shmatikov
We develop a systematic approach for analyzing client-server applications that aim to hide sensitive user data from untrusted servers. We then apply it to Mylar, a framework that uses multi-key searchable encryption (MKSE) to build Web applications on top of encrypted data. We demonstrate that (1) the Popa-Zeldovich model for MKSE does not imply security against either passive or active attacks; (2) Mylar-based Web applications reveal users' data and queries to passive and active adversarial servers; and (3) Mylar is generically insecure against active attacks due to system design flaws. Our results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved. We conclude with general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers.
{"title":"Breaking Web Applications Built On Top of Encrypted Data","authors":"Paul Grubbs, R. McPherson, Muhammad Naveed, T. Ristenpart, Vitaly Shmatikov","doi":"10.1145/2976749.2978351","DOIUrl":"https://doi.org/10.1145/2976749.2978351","url":null,"abstract":"We develop a systematic approach for analyzing client-server applications that aim to hide sensitive user data from untrusted servers. We then apply it to Mylar, a framework that uses multi-key searchable encryption (MKSE) to build Web applications on top of encrypted data. We demonstrate that (1) the Popa-Zeldovich model for MKSE does not imply security against either passive or active attacks; (2) Mylar-based Web applications reveal users' data and queries to passive and active adversarial servers; and (3) Mylar is generically insecure against active attacks due to system design flaws. Our results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved. We conclude with general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124546307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Stephen Checkoway, Shaanan N. Cohney, Christina Garman, M. Green, N. Heninger, Jacob Maskiewicz, E. Rescorla, H. Shacham, R. Weinmann
In December 2015, Juniper Networks announced multiple security vulnerabilities stemming from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers. The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator. In this paper, we describe the results of a full independent analysis of the ScreenOS randomness and VPN key establishment protocol subsystems, which we carried out in response to this incident. While Dual EC is known to be insecure against an attacker who can choose the elliptic curve parameters, Juniper had claimed in 2013 that ScreenOS included countermeasures against this type of attack. We find that, contrary to Juniper's public statements, the ScreenOS VPN implementation has been vulnerable since 2008 to passive exploitation by an attacker who selects the Dual EC curve point. This vulnerability arises due to apparent flaws in Juniper's countermeasures as well as a cluster of changes that were all introduced concurrently with the inclusion of Dual EC in a single 2008 release. We demonstrate the vulnerability on a real NetScreen device by modifying the firmware to install our own parameters, and we show that it is possible to passively decrypt an individual VPN session in isolation without observing any other network traffic. We investigate the possibility of passively fingerprinting ScreenOS implementations in the wild. This incident is an important example of how guidelines for random number generation, engineering, and validation can fail in practice.
{"title":"A Systematic Analysis of the Juniper Dual EC Incident","authors":"Stephen Checkoway, Shaanan N. Cohney, Christina Garman, M. Green, N. Heninger, Jacob Maskiewicz, E. Rescorla, H. Shacham, R. Weinmann","doi":"10.1145/2976749.2978395","DOIUrl":"https://doi.org/10.1145/2976749.2978395","url":null,"abstract":"In December 2015, Juniper Networks announced multiple security vulnerabilities stemming from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers. The more sophisticated of these vulnerabilities was a passive VPN decryption capability, enabled by a change to one of the elliptic curve points used by the Dual EC pseudorandom number generator. In this paper, we describe the results of a full independent analysis of the ScreenOS randomness and VPN key establishment protocol subsystems, which we carried out in response to this incident. While Dual EC is known to be insecure against an attacker who can choose the elliptic curve parameters, Juniper had claimed in 2013 that ScreenOS included countermeasures against this type of attack. We find that, contrary to Juniper's public statements, the ScreenOS VPN implementation has been vulnerable since 2008 to passive exploitation by an attacker who selects the Dual EC curve point. This vulnerability arises due to apparent flaws in Juniper's countermeasures as well as a cluster of changes that were all introduced concurrently with the inclusion of Dual EC in a single 2008 release. We demonstrate the vulnerability on a real NetScreen device by modifying the firmware to install our own parameters, and we show that it is possible to passively decrypt an individual VPN session in isolation without observing any other network traffic. We investigate the possibility of passively fingerprinting ScreenOS implementations in the wild. This incident is an important example of how guidelines for random number generation, engineering, and validation can fail in practice.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125583406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Secure multi-party computation (SMPC) is a cryptographic tool that enables a set of parties to jointly compute any function of their inputs while keeping the privacy of inputs. The paper "High Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority" in this ACM CCS 2016 [4] presents a new protocol which its implementation carried out over 1,300,000 AESs per second and was able to support 35,000 login queries of Kerberos authentication per second. This poster/demo presents the design of the implementation and demonstrates the Kerberos authentication over here. The design will show how this high-throughput three-party computation can be done using simple servers. The demonstration proves that secure multiparty computation of Kerberos authentications in large organizations is now practical.
安全多方计算(SMPC)是一种加密工具,它使一组各方能够共同计算其输入的任何函数,同时保持输入的隐私性。ACM CCS 2016[4]中的论文“High Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority”提出了一种新的协议,其实现每秒执行超过130万次aes,每秒能够支持35,000次Kerberos认证的登录查询。这个海报/演示展示了实现的设计,并在这里演示了Kerberos身份验证。该设计将展示如何使用简单的服务器来完成这种高吞吐量的三方计算。该演示证明,在大型组织中Kerberos身份验证的安全多方计算现在是可行的。
{"title":"DEMO: High-Throughput Secure Three-Party Computation of Kerberos Ticket Generation","authors":"Toshinori Araki, Assaf Barak, Jun Furukawa, Yehuda Lindell, Ariel Nof, Kazuma Ohara","doi":"10.1145/2976749.2989035","DOIUrl":"https://doi.org/10.1145/2976749.2989035","url":null,"abstract":"Secure multi-party computation (SMPC) is a cryptographic tool that enables a set of parties to jointly compute any function of their inputs while keeping the privacy of inputs. The paper \"High Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority\" in this ACM CCS 2016 [4] presents a new protocol which its implementation carried out over 1,300,000 AESs per second and was able to support 35,000 login queries of Kerberos authentication per second. This poster/demo presents the design of the implementation and demonstrates the Kerberos authentication over here. The design will show how this high-throughput three-party computation can be done using simple servers. The demonstration proves that secure multiparty computation of Kerberos authentications in large organizations is now practical.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122308919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Thomas Rupprecht, Xi Chen, D. H. White, J. Mühlberg, H. Bos, Gerald Lüttgen
As the complexity of malware grows, so does the necessity of employing program structuring mechanisms during development. While control flow structuring is often obfuscated, the dynamic data structures employed by the program are typically untouched. We report on work in progress that exploits this weakness to identify dynamic data structures present in malware samples for the purposes of aiding reverse engineering and constructing malware signatures, which may be employed for malware classification. Using a prototype implementation, which combines the type recovery tool Howard and the identification tool Data Structure Investigator (DSI), we analyze data structures in Carberp and AgoBot malware. Identifying their data structures illustrates a challenging problem. To tackle this, we propose a new type recovery for binaries based on machine learning, which uses Howard's types to guide the search and DSI's memory abstraction for hypothesis evaluation.
{"title":"POSTER: Identifying Dynamic Data Structures in Malware","authors":"Thomas Rupprecht, Xi Chen, D. H. White, J. Mühlberg, H. Bos, Gerald Lüttgen","doi":"10.1145/2976749.2989041","DOIUrl":"https://doi.org/10.1145/2976749.2989041","url":null,"abstract":"As the complexity of malware grows, so does the necessity of employing program structuring mechanisms during development. While control flow structuring is often obfuscated, the dynamic data structures employed by the program are typically untouched. We report on work in progress that exploits this weakness to identify dynamic data structures present in malware samples for the purposes of aiding reverse engineering and constructing malware signatures, which may be employed for malware classification. Using a prototype implementation, which combines the type recovery tool Howard and the identification tool Data Structure Investigator (DSI), we analyze data structures in Carberp and AgoBot malware. Identifying their data structures illustrates a challenging problem. To tackle this, we propose a new type recovery for binaries based on machine learning, which uses Howard's types to guide the search and DSI's memory abstraction for hypothesis evaluation.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114643292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Stephan Lau, Johannes Klick, S. Arndt, Volker Roth
Honeypots are a common tool to set intrusion alarms and to study attacks against computer systems. In order to be convincing, honeypots attempt to resemble actual systems that are in active use. Recently, researchers have begun to develop honeypots for programmable logic controllers (PLCs). The tools of which we are aware have limited functionality compared to genuine devices. Particularly, they do not support running actual PLC programs. In order to improve upon the interactive capabilities of PLC honeypots we set out to develop a simulator for Siemens S7-300 series PLCs. Our current prototype XPOT supports PLC program compilation and interpretation, the proprietary S7comm protocol and SNMP. While the supported feature set is not yet comprehensive, it is possible to program it using standard IDEs such as Siemens' TIA portal. Additionally, we emulate the characteristics of the network stack of our reference PLC in order to resist OS fingerprinting attempts using tools such as Nmap. Initial experiments with students whom we trained in PLC programming indicate that XPOT may resist cursory inspection but still fails against knowledgeable and suspicious adversaries. We conclude that high-interactive PLC honeypots need to support a fairly complete feature set of the genuine, simulated PLC.
{"title":"POSTER: Towards Highly Interactive Honeypots for Industrial Control Systems","authors":"Stephan Lau, Johannes Klick, S. Arndt, Volker Roth","doi":"10.1145/2976749.2989063","DOIUrl":"https://doi.org/10.1145/2976749.2989063","url":null,"abstract":"Honeypots are a common tool to set intrusion alarms and to study attacks against computer systems. In order to be convincing, honeypots attempt to resemble actual systems that are in active use. Recently, researchers have begun to develop honeypots for programmable logic controllers (PLCs). The tools of which we are aware have limited functionality compared to genuine devices. Particularly, they do not support running actual PLC programs. In order to improve upon the interactive capabilities of PLC honeypots we set out to develop a simulator for Siemens S7-300 series PLCs. Our current prototype XPOT supports PLC program compilation and interpretation, the proprietary S7comm protocol and SNMP. While the supported feature set is not yet comprehensive, it is possible to program it using standard IDEs such as Siemens' TIA portal. Additionally, we emulate the characteristics of the network stack of our reference PLC in order to resist OS fingerprinting attempts using tools such as Nmap. Initial experiments with students whom we trained in PLC programming indicate that XPOT may resist cursory inspection but still fails against knowledgeable and suspicious adversaries. We conclude that high-interactive PLC honeypots need to support a fairly complete feature set of the genuine, simulated PLC.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123955285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nikolaj Volgushev, Malte Schwarzkopf, A. Lapets, Mayank Varia, Azer Bestavros
Secure multi-party computation (MPC) allows multiple parties to perform a joint computation without disclosing their private inputs. Many real-world joint computation use cases, however, involve data analyses on very large data sets, and are implemented by software engineers who lack MPC knowledge. Moreover, the collaborating parties -- e.g., several companies -- often deploy different data analytics stacks internally. These restrictions hamper the real-world usability of MPC. To address these challenges, we combine existing MPC frameworks with data-parallel analytics frameworks by extending the Musketeer big data workflow manager [4]. Musketeer automatically generates code for both the sensitive parts of a workflow, which are executed in MPC, and the remainder of the computation, which runs on scalable, widely-deployed analytics systems. In a prototype use case, we compute the Herfindahl-Hirschman Index (HHI), an index of market concentration used in antitrust regulation, on an aggregate 156GB of taxi trip data over five transportation companies. Our implementation computes the HHI in about 20 minutes using a combination of Hadoop and VIFF [1], while even "mixed mode" MPC with VIFF alone would have taken many hours. Finally, we discuss future research questions that we seek to address using our approach.
{"title":"DEMO: Integrating MPC in Big Data Workflows","authors":"Nikolaj Volgushev, Malte Schwarzkopf, A. Lapets, Mayank Varia, Azer Bestavros","doi":"10.1145/2976749.2989034","DOIUrl":"https://doi.org/10.1145/2976749.2989034","url":null,"abstract":"Secure multi-party computation (MPC) allows multiple parties to perform a joint computation without disclosing their private inputs. Many real-world joint computation use cases, however, involve data analyses on very large data sets, and are implemented by software engineers who lack MPC knowledge. Moreover, the collaborating parties -- e.g., several companies -- often deploy different data analytics stacks internally. These restrictions hamper the real-world usability of MPC. To address these challenges, we combine existing MPC frameworks with data-parallel analytics frameworks by extending the Musketeer big data workflow manager [4]. Musketeer automatically generates code for both the sensitive parts of a workflow, which are executed in MPC, and the remainder of the computation, which runs on scalable, widely-deployed analytics systems. In a prototype use case, we compute the Herfindahl-Hirschman Index (HHI), an index of market concentration used in antitrust regulation, on an aggregate 156GB of taxi trip data over five transportation companies. Our implementation computes the HHI in about 20 minutes using a combination of Hadoop and VIFF [1], while even \"mixed mode\" MPC with VIFF alone would have taken many hours. Finally, we discuss future research questions that we seek to address using our approach.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121901492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Identity and authentication solutions often lack usability and scalability, or do not provide high enough authentication assurance. The concept of Lucidman (Local User-Centric Identity Management) is an approach to providing scalable, secure and user friendly identity and authentication functionalities. In this context we demonstrate the use of an OffPAD (Offline Personal Authentication Device) as a trusted device to support different forms of authentication. The Lucidman/OffPAD approach consists of locating the identity management and authentication functionalities on the user side instead of on the server side or in the cloud. This demo aims to show how OffPAD strengthens authentication assurance, improves usability, minimizes trust requirements, and has the advantage that trusted online interaction can be achieved even on malware infected client platforms. The trusted device OffPAD has been designed as a phone cover, therefore not requiring the user to carry an extra gadget. We focus on six demonstrators, three useful in e-banking and three in the hospital domain where nurses, doctors, or patients are authenticated and access is granted in various situations base on the OffPAD. A video with the same title is available online at www.offpad.org.
{"title":"DEMO: OffPAD - Offline Personal Authenticating Device with Applications in Hospitals and e-Banking","authors":"Denis Migdal, Christian Johansen, A. Jøsang","doi":"10.1145/2976749.2989033","DOIUrl":"https://doi.org/10.1145/2976749.2989033","url":null,"abstract":"Identity and authentication solutions often lack usability and scalability, or do not provide high enough authentication assurance. The concept of Lucidman (Local User-Centric Identity Management) is an approach to providing scalable, secure and user friendly identity and authentication functionalities. In this context we demonstrate the use of an OffPAD (Offline Personal Authentication Device) as a trusted device to support different forms of authentication. The Lucidman/OffPAD approach consists of locating the identity management and authentication functionalities on the user side instead of on the server side or in the cloud. This demo aims to show how OffPAD strengthens authentication assurance, improves usability, minimizes trust requirements, and has the advantage that trusted online interaction can be achieved even on malware infected client platforms. The trusted device OffPAD has been designed as a phone cover, therefore not requiring the user to carry an extra gadget. We focus on six demonstrators, three useful in e-banking and three in the hospital domain where nurses, doctors, or patients are authenticated and access is granted in various situations base on the OffPAD. A video with the same title is available online at www.offpad.org.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115134614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jianjun Chen, Jian Jiang, Haixin Duan, N. Weaver, Tao Wan, V. Paxson
The Host header is a security-critical component in an HTTP request, as it is used as the basis for enforcing security and caching policies. While the current specification is generally clear on how host-related protocol fields should be parsed and interpreted, we find that the implementations are problematic. We tested a variety of widely deployed HTTP implementations and discover a wide range of non-compliant and inconsistent host processing behaviours. The particular problem is that when facing a carefully crafted HTTP request with ambiguous host fields (e.g., with multiple Host headers), two different HTTP implementations often accept and understand it differently when operating on the same request in sequence. We show a number of techniques to induce inconsistent interpretations of host between HTTP implementations and how the inconsistency leads to severe attacks such as HTTP cache poisoning and security policy bypass. The prevalence of the problem highlights the potential negative impact of gaps between the specifications and implementations of Internet protocols.
{"title":"Host of Troubles: Multiple Host Ambiguities in HTTP Implementations","authors":"Jianjun Chen, Jian Jiang, Haixin Duan, N. Weaver, Tao Wan, V. Paxson","doi":"10.1145/2976749.2978394","DOIUrl":"https://doi.org/10.1145/2976749.2978394","url":null,"abstract":"The Host header is a security-critical component in an HTTP request, as it is used as the basis for enforcing security and caching policies. While the current specification is generally clear on how host-related protocol fields should be parsed and interpreted, we find that the implementations are problematic. We tested a variety of widely deployed HTTP implementations and discover a wide range of non-compliant and inconsistent host processing behaviours. The particular problem is that when facing a carefully crafted HTTP request with ambiguous host fields (e.g., with multiple Host headers), two different HTTP implementations often accept and understand it differently when operating on the same request in sequence. We show a number of techniques to induce inconsistent interpretations of host between HTTP implementations and how the inconsistency leads to severe attacks such as HTTP cache poisoning and security policy bypass. The prevalence of the problem highlights the potential negative impact of gaps between the specifications and implementations of Internet protocols.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"403 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114933601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weining Yang, Ninghui Li, Omar Chowdhury, Aiping Xiong, R. Proctor
Mnemonic strategy has been recommended to help users generate secure and memorable passwords. We evaluated the security of $6$ mnemonic strategy variants in a series of online studies involving $5,484$ participants. In addition to applying the standard method of using guess numbers or similar metrics to compare the generated passwords, we also measured the frequencies of the most commonly chosen sentences as well as the resulting passwords. While metrics similar to guess numbers suggested that all variants provided highly secure passwords, statistical metrics told a different story. In particular, differences in the exact instructions had a tremendous impact on the security level of the resulting passwords. We examined the mental workload and memorability of 2 mnemonic strategy variants in another online study with $752$ participants. Although perceived workloads for the mnemonic strategy variants were higher than that for the control group where no strategy is required, no significant reduction in password recall after $1$ week was obtained.
{"title":"An Empirical Study of Mnemonic Sentence-based Password Generation Strategies","authors":"Weining Yang, Ninghui Li, Omar Chowdhury, Aiping Xiong, R. Proctor","doi":"10.1145/2976749.2978346","DOIUrl":"https://doi.org/10.1145/2976749.2978346","url":null,"abstract":"Mnemonic strategy has been recommended to help users generate secure and memorable passwords. We evaluated the security of $6$ mnemonic strategy variants in a series of online studies involving $5,484$ participants. In addition to applying the standard method of using guess numbers or similar metrics to compare the generated passwords, we also measured the frequencies of the most commonly chosen sentences as well as the resulting passwords. While metrics similar to guess numbers suggested that all variants provided highly secure passwords, statistical metrics told a different story. In particular, differences in the exact instructions had a tremendous impact on the security level of the resulting passwords. We examined the mental workload and memorability of 2 mnemonic strategy variants in another online study with $752$ participants. Although perceived workloads for the mnemonic strategy variants were higher than that for the control group where no strategy is required, no significant reduction in password recall after $1$ week was obtained.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129591154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wang et al. recently proposed a privacy-preserving biometric identification scheme. However, the security assumption of the scheme does not capture practical aspects of real world attacks. In this paper, we consider a practical attack model which results in the leakage of biometric data in Wang et al.'s scheme. We first show the feasibility of our attack model and demonstrate how an attacker is able to recover the biometric data. Then, we propose a new biometric identification scheme that is secure against the attack model.
{"title":"POSTER: Towards Privacy-Preserving Biometric Identification in Cloud Computing","authors":"Changhee Hahn, Junbeom Hur","doi":"10.1145/2976749.2989048","DOIUrl":"https://doi.org/10.1145/2976749.2989048","url":null,"abstract":"Wang et al. recently proposed a privacy-preserving biometric identification scheme. However, the security assumption of the scheme does not capture practical aspects of real world attacks. In this paper, we consider a practical attack model which results in the leakage of biometric data in Wang et al.'s scheme. We first show the feasibility of our attack model and demonstrate how an attacker is able to recover the biometric data. Then, we propose a new biometric identification scheme that is secure against the attack model.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129594483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: