Stronger Password Authentication Using Browser Extensions

Stronger Password Authentication Using Browser ExtensionsBlake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John MitchellStanford Universityhttp://crypto.stanford.edu/PwdHash2Password Phishing ProblemBank AFake SiteUser cannot reliably identify fake sitesCaptured password can be used at target sitepwdApwdA3Common Password ProblemBank Avulnerable sitehigh security sitepwdApwdB=pwdAPhishing attack or break-in at site B reveals pwd at A•Server-side solutions will not keep pwd safe•Solution: Strengthen with client-side supportSite B4Our Solution: PwdHashLightweight browser extensionImpedes password theft Invisible to serverInvisible to user Pwd PrefixPwd Hashing5Password HashingBank Ahash(pwdB, SiteB)hash(pwdA, BankA)Site BGenerate a unique password per site•HMACfido:123(banka.com) Q7a+0ekEXb•HMACfido:123(siteb.com) OzX2+ICiqcpwdApwdB=6Password Hashing: past attemptsHash pwd with realm provided by remote site:•HTTP 1.1 Digest Authentication•Kerberos 5•Does not prevent phishing, common pwdHash pwd with network service name:•Abadi, Bharat, Marais [PTO ‟97] Standalone.•Gabber, Gibbons, Mattias, Mayer [FC ‟97]. Proxy.•Relies on intercepting traffic can‟t handle https7Password Hashing: a popular ideaRecent password hashing projects:Similar hashing algorithmsOnly PwdHash defends against spoofingand is invisible to the userSite PasswordPassword MakerGenpassPasswdletPassword ComposerMagic Password GeneratorPwdHashPassword Generator Extension8The Spoofing ProblemJavaScript can display password fields or dialogs:Unhashed password sent to attacker in clear9Password PrefixOriginal pwdshould never be visibleto web pageOzX2+ICiqcSite B@@fido:123@@123@@abcdefgh10Password Prefix: How it worksNormal operation:Prefix in password fieldAbnormal operation:Prefix in non-password field•Can just ignore the prefix and not hash•Remind user not to enter password@@fido:123 @@abcdefgh **********abcdefgh fido:123HMACfido:123(siteb.com) Q7a+0ekEXb11Why use Password Prefix?Protection mechanism “built in” to passwordDoes not rely on user to make a decisionSame prefix works for everyoneDistinguishes secure passwords from•normal passwords•social security numbers•PINsOnly use it when you want to12Other Trusted Pwd InterfacesPassword prefixSecure attention sequenceTrusted image or phrase:•Passmark•DSSStarts with @@13Other ChallengesPassword ResetInternet CafesDictionary AttacksSpyware, DNS poisoning (no protection)Other issues (described in the paper)•Choosing salt for hash•Encoding hashed password•Additional attacks and defenses14After install, PwdHash can‟t protect existing pwds•Only passwords starting with @@are secure•User can choose where to use PwdHash•User must enter old password unhashed into password reset pagePwd Prefix makes it easy •Old passwords won‟t be accidentally hashed•New, secure passwords are automatically hashedPasswordResetStarts with @@15Internet CafesUsers cannot install software at Internet Cafes.Would not be a problem if PwdHash were universally availableInterim solution: A secure web site for remote hashing, e.g.https://www.pwdhash.comHash is computed usingJavaScript•Server never sees password•Resulting hash is copied into clipboard•Can also be used as a standalone password generatorInternet ExplorerFirefox16Dictionary attacksAfter phishing attack or break-in to low security site,attacker can repeatedly guess password and check hash. •Succeeds on 15% of passwords (unlike 100% today)•Less effective on longer, stronger passwordsSolution: better authentication protocol (SPEKE, SRP, etc.)•Requires server-side changesDefense: user specifies a global pwd to strengthen all pwd hashes•Creates a new pwd management problem for shared machinesDefense: slow hash function (Halderman, Waters, Felten „05)•Increases time of dictionary attackaardvark, aback, abacus, abandon…17PwdHash: Try it outPrototype for Internet Explorer and Mozilla Firefox Defends against spoofingInvisible to userInvisible to serverComplementary to other anti-phishing solutionsOnly use it when you want towww.pwdhash.com