1 / 17

CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005

CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005. The N/R One Time Password System By Vipul Goyal OSP Global Mumbai, India Coauthors: Ajith Abraham, Sugata Sanyal and Sang Yong Han. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005.

rusk
Download Presentation

CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 The N/R One Time Password System By Vipul Goyal OSP Global Mumbai, India Coauthors: Ajith Abraham, Sugata Sanyal and Sang Yong Han

  2. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Introduction • Authentication for mobile devices needs to be efficient and low cost • Needs to prevent against two major attacks: eavesdropping and server compromise

  3. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Introduction contd .. • Lamport used just one way hash functions to design a very efficient authentication scheme called one time passwords (OTP) • Interestingly, it is secure against both eavesdropping and server compromise without using public key cryptography • The only scheme of its type

  4. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 One time passwords • Setup phase: recursively hash the password n times to obtain a hash chain tip T T = h(h(….h(p)…)) (also denoted as hn(p) ) • The server stores T and client stores the password p • No need to keep T secret • n represents the number of times the client may login

  5. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 One time passwords contd.. • Operation Phase: For the i th authentication, user computes hn-i(p) and sends to the server as a one time password • Server hashes the received OTP and matches with the one stored in its own database (which would be the last OTP sent) • Match signifies success, server replaces the OTP in its database with the received one

  6. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 One time passwords contd.. • OTPs are secure because of non-invertiblity of the hash function used • Impossible to compute the next OTP by knowing all the previously used OTPs

  7. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Problems with OTPs • Computation might be prohibitive for mobile devices as its computation requires n/2 hash function evaluations on an average • System re-initialization required after n authentications • n cannot be made very large due to computational requirements

  8. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Our system • Basic idea is to have the server aid the client computation by sending a value whenever it attempts to login • Uses a new construction of hash chains in which, a ‘breakpoint’ is inserted after a fixed number of links • The server stores the links on which the breakpoint is inserted, one of these links is passed to client at the login time to aid computation

  9. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 System overview • Denote with N the number of times a user may login. This is equal to the length of the hash chain • R is the server storage required • N/R will be the maximum number of hash function evaluations required by the client (in contrast to N in OTPs0 • Average number of hash operations will be N/2R

  10. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Simplified system description • First define a function Иx(p) using the following recurrence relation: Иk+1(p) = h(Иk(p) + δ*p) where δ = 1 for k = i(N-N%R)/R = 0 for k ≠ i(N-N%R)/R and, И0(p) = p

  11. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 System description contd .. • Consider links where δ = 1 • Password knowledge will be required to find Иk+1(p) from Иk(p) for such links • Note that it is never possible to compute Иk-1(p) from Иk(p) • Thus, links with δ = 1 are not security sensitive

  12. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 System setup • Client computes the hash chain using the formula given (i.e. computes ИN(p) ) • Server stores the tip ИN(p) as well as all non-security sensitive links • No secrets stored at the server

  13. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 System operation (for tth login) • Client identifies himself • Server sends (n , Иk(p)) where n = (N-t)%R with n ≠ 0 and k = N-t-n • Client simply computes Иk+n(p) and sends it back as the OTP Иk+n(p) = hn(Иk(p) + p)

  14. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 System operation contd .. • Server hashes the received OTP and matches it with the last one stored in its database • In case of success, server overwrites the last OTP with that received • Value of t is incremented

  15. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Protocol figure

  16. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Comparison • Host computation decreases by a factor of R at the cost of increasing the server storage by the same factor. Hence value of R is a system tradeoff. • Server computation remains the same • Protocol is more practical for mobile devices and it becomes possible to choose a high value of N

  17. CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 Thank You

More Related