CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection

Jeremiah Blocki, Anupam Datta
{"title":"CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection","authors":"Jeremiah Blocki, Anupam Datta","doi":"10.1109/CSF.2016.33","DOIUrl":null,"url":null,"abstract":"An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses. This offline attacker is limited only by the resources he is willing to invest to crack the password. Key-stretching techniques like hash iteration and memory hard functions have been proposed to mitigate the threat of offline attacks by making each password guess more expensive for the adversary to verify. However, these techniques also increase costs for a legitimate authentication server. We introduce a novel Stackelberg game model which captures the essential elements of this interaction between a defender and an offline attacker. In the game the defender first commits to a key-stretching mechanism, and the offline attacker responds in a manner that optimizes his utility (expected reward minus expected guessing costs). We then introduce Cost Asymmetric Secure Hash (CASH), a randomized key-stretching mechanism that minimizes the fraction of passwords that would be cracked by a rational offline attacker without increasing amortized authentication costs for the legitimate authentication server. CASH is motivated by the observation that the legitimate authentication server will typically run the authentication procedure to verify a correct password, while an offline adversary will typically use incorrect password guesses. By using randomization we can ensure that the amortized cost of running CASH to verify a correct password guess is significantly smaller than the cost of rejecting an incorrect password. Using our Stackelberg game framework we can quantify the quality of the underlying CASH running time distribution in terms of the fraction of passwords that a rational offline adversary would crack. We provide an efficient algorithm to compute high quality CASH distributions for the defender. Finally, we analyze CASH using empirical data from two large scale password frequency datasets. Our analysis shows that CASH can significantly reduce (up to 50%) the fraction of password cracked by a rational offline adversary.","PeriodicalId":6500,"journal":{"name":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","volume":"2012 1","pages":"371-386"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2016.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 27

Abstract

An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses. This offline attacker is limited only by the resources he is willing to invest to crack the password. Key-stretching techniques like hash iteration and memory hard functions have been proposed to mitigate the threat of offline attacks by making each password guess more expensive for the adversary to verify. However, these techniques also increase costs for a legitimate authentication server. We introduce a novel Stackelberg game model which captures the essential elements of this interaction between a defender and an offline attacker. In the game the defender first commits to a key-stretching mechanism, and the offline attacker responds in a manner that optimizes his utility (expected reward minus expected guessing costs). We then introduce Cost Asymmetric Secure Hash (CASH), a randomized key-stretching mechanism that minimizes the fraction of passwords that would be cracked by a rational offline attacker without increasing amortized authentication costs for the legitimate authentication server. CASH is motivated by the observation that the legitimate authentication server will typically run the authentication procedure to verify a correct password, while an offline adversary will typically use incorrect password guesses. By using randomization we can ensure that the amortized cost of running CASH to verify a correct password guess is significantly smaller than the cost of rejecting an incorrect password. Using our Stackelberg game framework we can quantify the quality of the underlying CASH running time distribution in terms of the fraction of passwords that a rational offline adversary would crack. We provide an efficient algorithm to compute high quality CASH distributions for the defender. Finally, we analyze CASH using empirical data from two large scale password frequency datasets. Our analysis shows that CASH can significantly reduce (up to 50%) the fraction of password cracked by a rational offline adversary.
现金:最优密码保护的成本非对称安全哈希算法
获得用户密码的加密哈希值的攻击者可以通过将该哈希值与可能猜测的密码的加密哈希值进行比较来进行离线攻击以破解密码。这种离线攻击者只受到他愿意投入的资源来破解密码的限制。已经提出了哈希迭代和内存硬函数等密钥扩展技术,通过增加攻击者验证每个密码的成本来减轻离线攻击的威胁。但是,这些技术也增加了合法身份验证服务器的成本。我们引入了一个新颖的Stackelberg游戏模型,该模型捕捉了防御者和离线攻击者之间这种交互的基本元素。在游戏中,防御者首先使用密钥扩展机制,而离线攻击者则以优化其效用(预期奖励减去预期猜测成本)的方式做出回应。然后,我们引入了成本非对称安全散列(CASH),这是一种随机密钥扩展机制,可以在不增加合法身份验证服务器的平摊身份验证成本的情况下,最大限度地减少被合理的离线攻击者破解的密码比例。CASH的动机是观察到合法身份验证服务器通常会运行身份验证过程来验证正确的密码,而脱机攻击者通常会使用错误的密码猜测。通过使用随机化,我们可以确保运行CASH验证正确密码猜测的平摊成本明显小于拒绝错误密码的成本。使用我们的Stackelberg游戏框架,我们可以根据一个理性的离线对手可能破解的密码的比例来量化底层CASH运行时间分布的质量。我们提供了一种高效的算法来为防御者计算高质量的现金分布。最后,我们使用两个大型密码频率数据集的经验数据来分析CASH。我们的分析表明,CASH可以显著降低(高达50%)被理性的离线攻击者破解的密码比例。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信