Achieving Flatness: Selecting the Honey words from Existing User Passwords

Achieving Flatness: Selecting the Honey words from Existing User Passwords

                                      Abstract

Recently, proposed honey words (decoy passwords) to detect attacks against hashed password databases. For each user account, the legitimate password is stored with several honey words in order to sense impersonation. If honey words are selected properly, a cyber-attacker who steals a file of hashed passwords cannot be sure if it is the real password or a honey word for any account. Moreover, entering with a honey word to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 20 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinize the honey word system and present some remarks to highlight possible weak points. Also, we suggest an alternative approach that selects the honey words from existing user passwords in the system in order to provide realistic honey words – a perfectly flat honey word generation method – and also to reduce storage cost of the honey word scheme.                                 

                                       Existing System

Recently, Juels and Rivest proposed honeywords (decoy passwords) to detect attacks against hashed password databases. For each user account, the legitimate password is stored with several honeywords in order to sense impersonation. If honeywords are selected properly, a cyber-attacker who steals a file of hashed passwords cannot be sure if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 20 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, we scrutinize the honeyword system and present some remarks to highlight possible weak points. Also, we suggest an alternative approach that selects the honeywords from existing user passwords in the system in order to provide realistic honeywords – a perfectly flat honeyword generation method – and also to reduce storage cost of the honeyword scheme.

Proposed System

Proposed model is still based on use of honey words to detect password-cracking. However, instead of generating the honey words and storing them in the password file, we suggest to  benefit from existing passwords to simulate honey words. In order to achieve this, for each account k - 1 existing password indexes, which we call honey indexes, are randomly assigned to a newly created account of ui, where k >= 2. Moreover, a random index number is given to this account and hash of the correct password is kept with the correct index in a list. On the other hand, in another list ui is stored with an integer set which is consisted of the honey indexes and the                                     correct index. So, when an adversary analyzes the two lists, she recognizes that each username is paired with k numbers as sweet indexes and each of which points to real passwords in the system. The tentative password indexes hamper an adversary to make a correct guess and she cannot be easily sure about which index is the correct one. It is equivalent to say that to create uncertainty about the correct password, we propose to use indexes that map to valid passwords in the system. The contribution of our approach is twofold. First, this method requires less storage compared to the original study. Second, in the previous sections we argue that effectiveness of the honey word system directly depends on how Gen() flatness is provided and how it is close to human behavior in choosing passwords. Within our approach passwords of other users are used as the fake passwords, so guess of which password is fake and which is correct becomes more complicated for an adversary.

                                     

                Problem Statement

In this respect, there are two issues that should be considered to overcome these security problems:

     First, passwords must be protected by taking appropriate precautions and storing with their hash values computed through salting or some other complex mechanisms. Hence, for an adversary it must be hard to invert hashes to acquire plaintext passwords.

     The second point is that a secure system should detect whether a password file disclosure incident happened or not to take appropriate actions. In this study, we focus on the latter issue and deal with fake passwords or accounts as a simple and cost effective solution to detect compromise of passwords.

      Honey pot is one of the methods to identify occurrence of a password database breach. In this approach, the administrator purposely creates deceit user accounts to lure adversaries and detects a password disclosure, if any one of the honey pot passwords get used.

we analyze the honey word approach and give some remarks about the security of the system. Furthermore, we point out that the key item for this method is the generation algorithm of the honey words such that they shall be indistinguishable from the correct passwords. Therefore, we propose a new approach that uses passwords of other users in the system for honey word sets, i.e. realistic honey words are provided. Moreover, this technique also reduces the storage cost compared with the honey word method.

                                                 Scope

In the future,

Ø  we would like to refine our model by involving hybrid generation algorithms to also make the total hash inversion process harder for an adversary in getting the passwords in plaintext form from a leaked password hash file.

Ø  Hence, by developing such methods both of two security objectives – increasing the total effort in recovering plaintext passwords from the hashed lists and detecting the password disclosure – can be provided at the same time.

Ø  In our approach, the auxiliary service honey checker is employed to store correct indexes for each account and we assume that it communicates with the main server through a secure channel in an authenticated manner.

Ø   Indeed, it can be assumed that security enhancements for honey checker and the main server presented in are applied, but it is out scope of this study.

Ø The role and primary processes of the honey checker are the same as described in the original study.

                                  Implementation of modules

     Authentication

Authentication  is the act of confirming the truth of an attribute of a single piece of data (datum) or entity. In contrast with identification which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by validating their identity documents verifying the validity of a Website with a digital certificate, tracing the age of an artifact by carbon dating or ensuring that a product is what its packaging and labeling claim to be. In other words, authentication often involves verifying the validity of at least one form of identification.

     Honey Pot

A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. In computer terminology, a honey pot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honey pot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. This is similar to the police baiting a criminal and then conducting undercover surveillance. Honey pots can be classified based on their deployment (use/action) and based on their level of involvement. Based on deployment, honey pots may be classified as: production honey pots research honey pots Production honey pots are easy to use, capture only limited information, and are used primarily by companies or corporations. Production honey pots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honey pots are low-interaction honey pots, which are easier to deploy. They give less information about the attacks or attackers than research honey pots do. Research honey pots are run to gather information about the motives and tactics of the Black hat community targeting different networks. These honey pots do not add direct value to a specific organization; instead, they are used to research the threats that organizations face and to learn how to better protect against those threats. Research honey pots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.

   Honey words:

Basically, a simple but clever idea behind the study is the insertion of false passwords – called as honey words – associated with each user’s account. When an adversary gets the password list, she recovers many password candidates for each account and she cannot be sure about which word is genuine. Hence, the cracked password files can be detected by the system administrator if a login attempt is done with a honey word by the adversary. We use the notations and definitions depicted in Table 1 to simplify the description of the honey word scheme. Honey word generator algorithm Gen(). Note that strength and effectiveness of the method indeed is directly related to how the Gen() is constructed. Therefore, the authors introduce a definition as the flatness of Gen() such that it measures the chance of an adversary in picking the correct password from the sweet words.

Honey word Generation Methods and Discussions:

      The authors categorize the honey word generation methods into two groups. The first category consists of the legacy-UI (user interface) procedures and the second one includes modified-UI procedures whose password-change UI is modified to allow better password/honey word generation. Take-a-tail method is given as an example of the second category. According to this approach a randomly selected tail is produced for the user to append this suffix to her entered password and the result becomes her new password. For instance, let a user enter password games01, and then system let propose ’413’ as a tail. So the password of the user now becomes games01413. Although this method strengthens the password, to our point of view, it is impractical – some users even forget the passwords that they determined. Therefore in the remaining parts, the analysis that we conducted is limited with the legacy-UI procedures. Note that some discussed points are indeed mentioned in, but we emphasize those to address the paramount importance of the selected generator algorithm in terms of security.

     Security Analysis of Honey words:

Denial-of-service Attack: Denial-of-service (DoS) attack is discussed for the following scenario: Adversary knows the used Gen() procedure and can produce all possible honey words for a given a password. For example, if the chaffing by- tweaking-digits is employed in the system and with a small t adversary may generate whole possible honey words from a known password. Consider the case, let password of a user be test42, then for t = 2 she can generate 100 possible   and k of these honey words are stored in the system password list. Let Pr(g = w I j pi) denote the probability of correctly guessing a valid honey word of Wi, where correct password pi is available to the adversary. Hence if this probability is a non negligible value, the adversary may attempt to login with the guessed honey word to trigger an alarm condition. In fact, this may be serious, if a strong policy is set by the administrator e.g. a global password reset in response to a single honey word hit. user should deploy the described attack even she possesses a single account by following the Algorithm 2. In this case, an adversary solely knows a single username and password ui and pi respectively. Also, we suppose that the system limits for unsuccessful, login attempts as n, i.e. after n consecutive wrong password trials the account will be blocked. Nonetheless, if the correct password is entered before n is reached, then system resets the wrong password counter. Hence, as illustrated in the procedure, the adversary logins with the correct password at each nth attempt to avoid blocking of the account. For example, if the used technique for the honeyword generation is the chaffing-by-tail-tweaking and the honeywords are produced by tweaking the characters in the selected last t positions, e.g. t = 3, then the adversary should select a password such that last t positions only involve digits to reduce entropy about possible characters.

Brute-force Attack: In the previous attack, we point out that if a strict policy is executed in a  honey word detection, system may be vulnerable to DoS attacks affecting the whole system. On the other hand, a soft policy weakens the influence of honey words. In this regard, we describe the following attack to demonstrate an adversary can capture an amount of accounts in case of a light policy. We suppose an adversary has obtained a password file F and cracked numerous user passwords. Then, she tries to login with any accounts in the list instead of compromising a specific account. Furthermore, we assume that the adversary has no advantage in guessing the correct password by analyzing corresponding honey words, i.e. Pr(g = pi) = 1=k. Last, if one of the user’s honey words is entered, the system takes the appropriate action according to one of the example policies as follows:

Ø  Login proceeds as usual,

Ø   User’s account is shut down until the user establishes a new password

     Honey checker:

The honey word mechanism works simply as follows: For each user ui, the   list Wi is generated using the honey word generation algorithm Gen(k). This procedure takes input k as the number of sweet words and outputs both the password list Wi = (wi;1;wi;2; : : : ;wi;k) and ci, where ci is the index of the correct password (sugar word). The username and the hashes of the sweet words as < ui; (vi;1; vi;2; : : : ; vi;k) > tuple is kept in the database of the main server, whereas ci is stored in another server called as honey checker. By diversifying the secret information in the system – storing password hashes in one server and ci in the honey checker – makes it harder to compromise the system as a whole, i.e. providing a basic form of distributed security [9]. Notice that in a traditional password technique < ui;H(pi) > pair is stored for each account, while for this system < ui; Vi > tuple is kept in the database, where Vi = (vi;1; vi;2; : : : ; vi;k). The login procedure of the scheme is summarized below:

v User ui enters a password g to login to the system.

v  Server firstly checks whether or not H(g) is in list Vi. If not, then login is denied.

v  Otherwise system checks to verify if it is a honey word or the correct password.

v  Let v(i; j) = H(g). Then j value is delivered to the honey checker in an authenticated secure communication.

v  The honey checker checks whether j = ci or not. If the equality holds, it returns a TRUE value, otherwise it responses FALSE and may raise an alarm depending on security policy of the system

Algorithm:    MD5(Message-Digest Algorithm)

The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity.

Steps:

• A message digest algorithm is a hash function that takes a bit sequence of any length and produces a bit sequence of a fixed small length.
• The output of a message digest is considered as a digital signature of the input data.
• MD5 is a message digest algorithm producing 128 bits of data.
• It uses constants derived to trigonometric Sine function.
• It loops through the original message in blocks of 512 bits, with 4 rounds of operations for each block, and 16 operations in each round.
• Most modern programming languages provides MD5 algorithm as built-in functions.

                                          Conclusion:

In this study, we have analyzed the security of the honey word system and addressed a number of flaws that need to be handled before successful realization of the scheme. In this respect, we have pointed out that the strength of the honey word system directly depends on the generation algorithm, i.e. flatness of the generator algorithm determines the chance of distinguishing the correct password out of respective sweet words. Another point that we would like to stress is that defined reaction policies in case of a honey word entrance can be exploited by an adversary to realize a DoS attack. This will be a serious threat if the chance of an adversary in hitting a honey word given the respective password is not negligible. To combat such a problem, also known as DoS resistance, low probability of such an event must be guaranteed. This can be achieved by employing unpredictable honey words or altering system policy to minimize this risk. Hence, we have noted that the security policy should strike a balance between DoS vulnerability and effectiveness of honey words. Furthermore, we have demonstrated the weak and strong points of each method introduced in the original study.