Design and analysis of password-based authentication systems

Abstract

Passwords are the most widely deployed means of human-computer authentication since the early 1960s. The use of passwords, which are usually low in entropy, is delicate in cryptography because of the possibility of launching an offline dictionary attack. It is ever challenging to design a password-based cryptosystem that is secure against this attack. Password-based cryptosystems broadly cover two areas - 1) Password-based authentication, e.g., password hashing schemes and 2) Password-based encryption specifically used in password-based authenticated key exchange (PAKE) protocols. This thesis is devoted to the secure design of password hashing algorithm and the analysis of existing password-based authentication systems.

The frequent reporting of password database leakage in real-world highlights the vulnerabilities existing in the current password based constructions. In order to alleviate these problems and to encourage strong password protection techniques, a Password Hashing Competition (PHC) was held from 2013 to 2015. Following the announced criteria, we propose a password hashing scheme Rig that fulfills all the required goals. We also present a cryptanalytic technique for password hashing. Further, we focus on the improvement of a password database breach detection technique and on the analysis of Universal 2nd Factor protocol. This report tries to list and summarize all the important results published in the field of password hashing in recent years and understand the extent of research over password-based authentication schemes. Our significant results are listed below.

1. Following the design requirements for a secure password hashing scheme as mentioned at the PHC [16], we present our design Rig which satisfies all required criteria. It is a memory hard and best performing algorithm under cache-timing attack resistant category. As part of the results, we present the construction explaining the design rationale and the proof of its collision resistance. We also provide the performance and security analysis.

2. In practice, most cryptographic designs are implemented inside a Cryptographic module, as suggested by National Institute of Standards and Technology (NIST) in a standard, FIPS 140. A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it. We provide a cryptographic module based approach for password hashing. It helps to enhance the security of the existing password-based authentication framework. We also discuss the feasibility of the approach considering the submissions of PHC.

3. The increasing threat of password leakage from compromised password hashes demands a resource consuming algorithm to prevent the precomputation of the password hashes. A class of password hashing designs which ensure that any reduction in the memory leads to exponential increase in their runtime are called Memory hard designs. Time Memory Tradeoff (TMTO) technique is an effective cryptanalytic approach for such password hashing schemes (PHS). However, it is generally difficult to evaluate the \memory hardness" of a given PHS design. We present a simple technique to analyze TMTO for any password hashing schemes which can be represented as a directed acyclic graph.

4. Password database breach is a common practice among hackers; however, it is difficult to detect such breaches if not somehow disclosed by the attacker. A paper by Juels et al. provides a method for detecting password database breach known as `Honeyword'. Very less research has been reported in this direction. Realizing the importance, we analyse the limitations of existing honeyword generation techniques. We propose a new attack model and also present new and practical honeyword generation techniques.

5. A secure password hashing construction can prevent offline dictionary attack, but cannot provide resistance to common online attacks. Therefore requirement of augmenting a second factor to strengthen the simple password-based authentication is a recent trend. The U2F protocol proposed by Fast IDentity Online (FIDO) alliance in 2014 has been introduced as a strong augmentation that can prevent online attacks currently faced in practice. A thorough third-party analysis is required to verify the claim of U2F developers. Therefore we work on the analysis of U2F protocol and show that the protocol is not secure against side channel attacks. We then present a new variant of the U2F protocol that has improved security guarantees.

In terms of memory hardness and performance, the design Rig presented in the thesis is among the best-known algorithms for password hashing [15, 85, 140]. The other results presented are significant contributions to the previously published results.