Beruflich Dokumente
Kultur Dokumente
./" .....
!! -- I!, {ndllns}6i,IV
^
(9)
Afer receiving the login sms the server recomputes OJ, to
decrypt and verif the authenticity of the login sms.
D. Recovery Phase
Te protocol is able to recover the setting on her new cell
phone asswning she still uses the same phone number (apply
a new SIM card with old phone number).Once user u
installs the protocol program on her new cellphone, she can
launch the program to send a recovery request with her
account IDu and requested server IDs to predefmed TSP
through a 3G connection. As we mentioned before, ID can be
the domain name or U link of server S.
Once server S receives the request, S probes the account
inforation in its database to conf if account u is
registered or not. If account IDu exists, the information used
Hacking Resistance Protocol for Securing Passwords Using Personal Device 4b1
to compute the secret credential c will be fetched and be
sent back to the user. The server S generates a fesh nonce
1 and replies a message which consists of ID, <, Ts, i, and
1.This message includes all necessary elements for
generating the next one-time passwords to the user u. When
the mobile program receives the message, like registration,
it forces the user u to enter her long-term password to
reproduce the correct one-time password o,, (assuming the
last successful login before u lost her cell phone is o,).
During the last step, the user's cell phone encrypts the
secret credential c and server nonce 1 to a cipher text. The
recovery SMS message is delivered back to the server S for
checking. Similarly, the server S computes o, and decrypts
this message to ensure that user u is already recovered. At
this point, her new cell phone is recovered and ready to
perform further logins. For the next login, one-time
password o,_will be used for user authentication.
TABLE 1: NOTATIONS
Name Description
IDx Identity of entity x.
Ty Entity y's phone number
0 Random seed
N Pre-defne length of hash chain ({ 00 o,).
n
z
Nonce generated by entity z.
P
u
User u 's long-term password.
Ksd Shared secret key between cell phone and the server.
c Secret shared credential between cell phone and the
a,
server
''
ith one-time password.
{
`
Concatenate operation.
/.|
Symmetric encryption) with key k.
IV
Hash function with input o.
HMAC1
Initialization vector of AES-CBC.
HMAC2
The HMAC-SHAI digest of IDIIIIIVII {c110 }ksd under
the Ksd
HMAC3
The HMAC-SHA 1 digest of IIII IIVI I {ndlln,}ai under
the ai.
The HMAC-SHA 1 digest of IIII IIVI I {clln,}ai+ 1
under the a,+ I.
I Symmetric encryption algorithm in protocol is AES-256.
2 Hash fnction is SHA-256.
V. EXPERIMENT DESIGN
We implemented a prototype and conducted a user study
to analyze the performance and usability.
/. Prototype Implementation
The prototype consists of three components: a mobile
program running on Android smart phones (Android OS
v2.1); an extension on Firefox browser; and a web server.
Te server ofers a web service by an Apache server rg
on a workstation with Windows XP, and SMS service
wit a GSM modem connected to itself Te communication
interface between the phone and the brwser extension is
based on a client/server model.
The client program is developed on Android OS due to its
populaity ad generalit. I the web server implementation,
we developed a server program which consists of main server
codes (PHP) and setup scripts for database (MYSQL).
Server program can be installed ad perfored on a Apache
HTTP server. On te oter had, capacit of sending/receiving
SMS via a GSM modem relies on an open source library
SMS Lib. For simulating TSP, partial PHP codes and
related information were also established by the database.
B. User Study
Before starting the study, participants are to be first asked to
complete a demographics questionnaire. They then to be
introduced to the protocol system. Then they would be
setting up the system, registering an account, and logging
in via a cell phone. Further, they have to be instructed t
choose a strong long-ter password that should be at least
eight digits long. They then have to proceed to complete a
formal test which consisted of the following steps:
1. Setting up the System: Different from the ordinary user
authentication system, users should install cell phone
sofware and a browser extension to setup the
protocol system.
2. Registering for an Account: Users frst open the
registration sofware on the cell phone. Users then fll
out a for, which includes an account id, a website's
id, and a long-term password, and submit it to the
website.
3. Logging into the Website: Users frst enter their
account id into the browser on the kiosk and submit
it to the server. Users then type their long-term
password into m cell- phone and submit to the server.
The login succeeds if a success message is shown on
the screen of cell phone. If login fails, participants
should try again until they are successful.
VI. RELATED WOR
A number of previous researchers have proposed to
protect user credentials from phishing attacks in user
authentication. The proposed systems leverage variable
technologies, f o r example, mobile devices, trusted
platfor module (TPM), or public key infastcture (PKI).
However, these solutions were short of considering the
negative infuence of human factors, such as password
4b2 Proceedings of7
h
International Conference on Intelligent Systems and Control (ISCO 2013)
reuse ad wea password problems. To stengthen password
based authentication in untrusted environment [9], MP
Auth forces the input of a long- term secret (typically a
user's text password) through a trusted mobile device.
Before sending the password to an untrusted kiosk, the
password is encrypted by a pre installed public key on
a remote server. MP-Auth is intended to guard passwords
fom attacks raised by untsted kiosks, including key loggers
and malware. On the other hand, some literature represents
different approaches to prevent phishing attacks [2]. Session
Magnifer enables an extended browser on a mobile device
and a regular browser on a public computer to
collaboratively secure a web session.
/. Comparisons between Resistance Protocol
and Other Systems
Many of proposed systems require user involvement in
certifcate confrmation (UICC) in order to setup a secure
SSL tunnel. However, prior research concluded that users
do not understand SSL and ofen ignore the SSL warings
caused by illegal certifcates [4], [5]. Consequently, users
ofen accept the received certifcates without verifcation.
This inattentive behavior causes users to suffer fom
potential attacks, such as MITM and DNS spoofng attacks.
From previous literature, users should pay attention to
confrming server certifcate validities by themselves. The
signifcant diference between resistance protocol and other
related schemes is that protocol reduces the negative impact
of user misbehaviors as much as possible.
In the protocol system, the SSL tunnel is established
between a TSP and a web site server. From the perspective
of users, they feel comfortable since there is no frther
need to verif the server certifcate by themselves. In
other words, overhead on verifying seer certifcates for
users is switching to the TSP. The TSP acts as a users'
agent to validate server certifcates and also establish SSL
tunnels correctly. Therefore, this protocol still resists
phishing attacks even if users misbehave.
VII. CONCLUSION
In this paper, hacking resistance protocol is developed
which leverages the cell phones and SMS to thwart
password stealing and password reuse attacks. It is assumed
that each website possesses a unique phone number. Also
assume that a telecommunication service provider
participates in the registration and recovery phases.
The design principle of this protocol is to eliminate the
negative as much as possible. Through protocol, each
user only needs to remember a long-term password which
has been used to protect her cell phone. Users are fee
fom typing any passwords into untrusted computers for
login on all websites. Compared with previous schemes,
this resistance protocol is the frst user authentication
protocol to prevent password stealing (i.e., phishing,
key logger, and malware) and password reuse attacks
simultaneously. The reason is that it adopts the one-time
password approach to ensure independence between each
login. To make the protocol fully functional, password
recovery is also considered and supported when users lose
their cell phones. They can recover our protocol system
with reissued SIM cards and long-tenn passwords.
A prototype of resistance protocol is also implemented to
measure its performance. The average time spent on
registration and login is 21.8 and 21.6 s, respectively.
According to the result, SMS delay occupies more than
40% of total execution time. The delay could be shorter by
using advanced devices. Besides, the perfonnance of
login of the protocol is better than graphical password
schemes, for example, Pass faces. The login time of Pass
faces is from 14 to 88s, which is longer than resistance
protocol. Therefore, we believe te prtol Lacceptable and
reliable for users. Most participants could easily operate all
procedures of the prot ocol system. The login success
rate is over 90%, except for a few typing errors.
Consequently, this protocol is more secure than the original
login system. Certainly, the participants prefer this
resistance protocol to the original system.
REFERENCES
[I] P. van Oorschot, A. Salehi-Abari, and J. Thorpe, "Purely
automated attacks on pass points-style graphical passwords,"
IEEE Trans. Information Forensics Security, vol. 5, no. 3,
pp. 393-405, Sep. 2010.
[2] B. Paro, C. Kuo, and A. Perig, "Phoolproof phishing
prevention", Financial Cryptography Data Security, pp. 1-19,
2006.
[3] Shepard, R.N., 1967. Recognition memory for words, sentences,
and pictures. Journal of Verbal Learning and Verbal
Behavior 6, 156-163.
[4] D. Wendlandt, D. G. Andersen, and A. Perrig, "Perspectives:
Improving ssh-style host authentication with multi-path
probing," in Proc. USENIX 2008 Annu. Tech. Conf.,
Berkeley, CA, 2008, pp. 321-334, USENIX Association.
[5] S. E. Schechter, R. Dhamia, A. Ozment, and I. Fischer,
"Emperor's new security indicators: An evaluation of
website austhentication and the effect of role playing on
usability studies," in Proc. 2007 IEEE Symp. Security
Privacy, 2007.
[6] K. J. Hole and V. Moen and T. Tjostheim. Case Study: Online
banking Security. IEEE Security & Privacy Magazine, 2006.
[7] Zviran, M. & Haga, W. J. Password Security: An Empirical
Study. Journal of Management Information Systems 15, 4
(1999), 161-185
[8] M Zviran, WJ Haga, "A comparison of password techniques for
multilevel authentication mechanisms", in Computer Journal
v 36 no 3 (93) pp 227{237
[9] M. Mannan and P. van Oorschot, "Using a personal device
to strengthen password authentication from an untrusted
computer," Financial Crptography Data Security, pp. 88-103,
2007.
Hacking Resistance Protocol for Securing Passwords Using Personal Device 4bJ
[10] S. Bellovin and M. Merritt. Encrypted key exchange:
password-based protocols secure against dictionary attacks.
In Proc. IEEE Security and Privacy Symposium, pages 72-S4.
IEEE Computer Society, 1992.
[11] I. T. Report, ITU Internet Rep. 2006: Digital. Life [Online].
Available: http://www.itu.inti
[12] L. O'Goran, "Comparing passwords, tokens, and biometrics
for user authentication," Proc. IEEE, vol. 91, no. 12, pp. 2021-
2040, Dec. 2003.
[13] D. Florencio and C. Herley, "A large-scale study of web
password habits," in WWW '07: Proc. 16th Int. Conf World
Wide Web., New York, 2007, pp. 657-666, ACM.
[14] S. GAW and E.W. Felten, "Password management strategies for
online accounts," in SOUPS '06: Proc. 2nd Symp. Usable
Privacy. Security, New York, 2006, pp. 44-55, ACM.
[15] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D.
Rubin, "The design and analysis of graphical passwords," in
SSYM'99: Proc. Sth Conf USENIX Security Symp.,
Berkeley, CA, 1999, pp. 1-1, USENIX Association.
[16] A. Perig and D. Song, "Hash visualization: A new technique to
improve real-world security," in Proc. Int. Workshop
Cryptographic Techniques E-Commerce, Citeseer, 1999, pp.
131-13S.
[17] TS 23.040: Technical Realization Short Message Service
(SMS) 3GPP [Online]. Available: http://www.3gpp.org/
[I S] B. Pinkas and T. Sander, "Securing passwords against
dictionary attacks," in CCS '02: Proc. 9th ACM Conf
Computer Communications Security, New York, 2002,
pp. 161-170, ACM.
[19] TS 35.202: Specifcation 3GPP Confdentialit Integrit
Algorithms Document 2: KASUMI Specifcation 3GPP
[Online]. Available: http://www.3gpp.org