ErsatzPasswords - Ending Password Cracking
Primary Investigator:
Gene Spafford
CHRISTOPHER N. GUTIERREZ, MOHAMMED H. ALMESHEKAH, EUGENE H. SPAFFORD, MIKHAIL J. ATALLAH, JEFF AVERY
Abstract
In this work we present a simple, yet effective and practical, scheme to improve the security of stored pass- word hashes, rendering their cracking detectable and insuperable at the same time. We utilize a machine- dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server to prevent off-site password discovery as well as a deception mechanism to alert administrators such attempts. Our scheme can be easily integrated with legacy systems without the need for any additional servers, changing the structure of the hashed password file or any client modifica- tions. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme.1However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ErsatzPasswords— the “fake passwords”. When an attempt to login using these ErsatzPasswords is detected an alarm is triggered. Even with an adversary who knows about the scheme, cracking cannot be launched without physical access to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. ErsatzPassword is flexible by design, enabling the proposed scheme to be integrated to existing authentication systems without changes to user experience. The proposed scheme is integrated into the pam unix module as well as two client/server authentication schemes: LDAP authenti- cation and the Pythia PRF Service [Everspaugh et al. 2015]. The core library to support ErsatzPassword in C and Python required 255 and 103 lines of code, respectively. The integration of ErsatzPassword for each explored authentication systems required less than 100 lines of code. Experimental evaluation of Ersatz- Password shows an increase of authentication latency in the order of 100 ms, which may be acceptable for end user experience. A framework for implementing ErsatzPassword using the Trusted Platform Module (TPM) provides a greater sense of machine-dependent functionality to resist offline attacks