Mohammed H. Almeshekah, Chris Gutierrez, Mikhail J. Atallah and Eugene H. Spafford
[Paper] Annual Computer Security Applications Conference (ACSAC’15), Los Angeles, CA, USA, December 2015 (Outstanding Paper Award)
[Poster] 16th Annual Information Security Symposium, CERIAS, Purdue University, March 2015 (Best Poster Award)
Paper (full text) Implementation (GitHub) Poster
In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes, rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server to pre- vent off-site password discovery, and a deception mechanism to alert us if such an action is attempted. Our scheme can be easily integrated with legacy systems without the need of any additional servers, changing the structure of the hashed password file or any client modifications. When us- ing the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme.1 However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatzpasswords — the “fake passwords”. When an attempt to login using these ersatzpasswords is detected an alarm will be triggered in the system. Even with an adversary who knows about the scheme, cracking cannot be launched without physical ac- cess to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. We discuss our implementation and provide some discussion in comparison to the traditional authentication scheme.
Our work has been covered by many news articles in a number of different languages. Thanks for Jeremy Kirk for writing the <a href=”http://www.cio.com/article/2924014/login-system-supplies-fake-passwords-to-hackers.html” target=”_blank”>first story</a> that appeared at CIO.com. Below is a non-comprehensive list of these news articles.
Q. What was your motivation for this project?
There have been many high profile incidents involving the leak of hashed passwords files. Users are still using poor passwords, even with the existence of passwords policies that try to guide users towards choosing more secure passwords. However, passwords will remain in use for many users because of their convenience, ease of use, and ease of deployment. Our work enhances the security of password files, and by extension the security of users’ accounts. We eliminate the possibility of offline password cracking and, at the same time, deceive attackers when they try to crack stolen files by presenting them with fake passwords. System administrators gain two major advantages by deploying our scheme; (i) when an attacker unknowingly uses a fake “ersatz” password to login ti the system, system admins are altered that password files has been leaked, attempted to to be cracked and someone is currently trying to illegitimately login; and (ii) these attackers can be forwarded to fake accounts to learn more about their objectives and goals.
Q. What other schemes did you try or consider? Why did you settle on this particular method?
There has been some proposals that attempt to solve this problem. A number of algorithms have been developed to make the cracking process slower. However, since many studies continuously show that users choose poor passwords, attackers can eventually crack stolen passwords databases. Other attempts tries to confuse attackers by presenting them with multiple passwords files or multiple passwords entries per user. However, advanced adversary, and insiders, can possibly distinguish between real and fake entries. In our scheme, there is only one entry and if you have access to the physical machines you can verify the password, however, if you blindly crack the password file you get the fake “ersatz” password.
Q. How would physical access to the targeted machine change things for the attacker?
First, attackers can no longer successfully crack passwords files without physical access. Second, if attackers has physical access to the machine, e.g., in the case of an insider collusion, they need to extensively uses the hardware-decedent function (HDF) in that machine to try many possible alternatives to reach the real password. Usage monitoring tools can spot such abnormal spikes in using the HDF. Third, there are no clues in the passwords files in our scheme that tell attackers that they cannot crack without access to the HDF. The files generated in our scheme look the same as any other passwords file traditionally used by operating systems. When an adversary obtains one of those files and attempt to crack they will “successfully” crack it but get the fake “ersatz” passwords instead.
Q. How would you imagine this implemented commercially or elsewhere?
Our implementation can easily be integrated into productions system without continuous need of monitoring. A one-time change would alter the password files in the OS to be machine-dependent and render their cracking impossible, while presenting attackers with fake passwords. Another side benefit of our scheme is that it can distribute the underground market for stolen passwords. Adversaries will perceive an additional risk of using cracked passwords as they know of the existence of such scheme. This will add risk on their side and, hopefully, reduce the value of stolen passwords black market.
Q. Will this be released open source?
Currently all the source code is currently released in GitHub.