ErsatzPasswords - Ending Password Cracking
Apr 27, 2016
Download: MP4 Video Size:
Watch on YouTube
In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes, rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server to prevent off-site password discovery as well as a deception mechanism to alert administrators of such attempts. Our scheme can be easily integrated with legacy systems without the need for any additional servers, changing the structure of the hashed password file or any client modifications. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme. However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords she will get are the ErsatzPasswords— the “fake passwords”. When an attempt to login using these ErsatzPasswords is detected an alarm is triggered. Even with an adversary who knows about the scheme, cracking cannot be launched without physical access to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. ErsatzPassword is flexible by design, enabling the proposed scheme to be integrated to existing authentication systems without changes to user experience. The proposed scheme is integrated into the pam_unix module as well as two client/server authentication schemes: LDAP authentication and the Pythia PRF Service [Everspaugh et al. 2015]. The core library to support ErsatzPassword in C and Python required 255 and 103 lines of code, respectively. The integration of ErsatzPassword for each explored authentication systems required less than 100 lines of code. Experimental evaluation of ErsatzPassword shows an increase of authentication latency in the order of 100 ms, which may be acceptable for end user experience. A framework for implementing ErsatzPassword using the Trusted Platform Module (TPM) provides a greater sense of machine-dependent functionality to resist offline attacks.