Automated Protocol to Restrict Password Guessing Attacks

3323 words (13 pages) Essay

9th Apr 2018 Computer Science Reference this

Tags:

Disclaimer: This work has been submitted by a university student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

  • D.Ganesh
  • Dr.V.V.RamaPrasad

 

ABSTRACT Password login services are now widespread and ever increasing. Attacks that take place on password-only remote login services are brute force and dictionary attack. Providing convenient login for legitimate user.In the proposed system we use Password Guessing Resistant Protocol (PGRP) which improves more security by restricting the number of attempts. PGRP allows a high number of failed attempts from known machines. PGRP uses either cookies or IP addresses, or both for tracking legitimate users. Tracking users through their IP addresses also allows PGRP to increase the number of ATTs for password guessing attacks and meanwhile to decrease the number of ATTs for legitimate login attempts.

Key WordsOnline password guessing attacks, brute force attacks, password dictionary, ATTs.

1. INTRODUCTION:

Online password guessing attacks are the most commonly observed against web applications & SSH logins. SANS report observed that password guessing attack is the top cyber security risk. SSH servers that doesn’t allow some standard password authentication suffer the guessing attacks. Online attacks have some disadvantages compared to offline attacks i.e., the attacking machines must use an effective & interactive protocol which allows a easier detection of malicious attacks.Malicious attackers try only limited no. of password guesses from a single machine being that account is being locked or before being challenged to answer an ATT. An attacker will employ a large number of machines to avoid locking out. Generally users choose weak passwords. As malicious attackers control large bot nets online attacks became much easier.Restricting the no. of failed trails without ATT’s to a very small number is the effective defense system that can be used against automated online password guessing attacks. Also limiting automated programs(or bots) used by attackers for password guesses for a targeted account, even many different machine from a bot net are used. This method inconveniences & offers a legitimate user to answer an ATT on next login attempt after the malicious attackers guesses.

Other techniques deployed in practice includes:

Even though from a given machine when a certain number of failed attempts occur,it allows login attempts without ATTs from a different machine. After a certain time-out period, it allows more attempts without ATTs and also time-limited account lockinMany existing techniques & proposals involve ATT’s, assuming that the challenges provided by the ATTs are difficult for bots&easy for people(legitimate users). Users are increasing disliking ATTs and feels it as an unnecessary extra step. Successful attacks are being made which break ATTs without human solvers. ATTs that are to be more difficult.As a consequence, present-day ATTs are becoming more difficult for human users. Therefore, we focus more on reducing user inconvenience by challenging users with fewer ATTs and at the same time subjecting bot logins to more ATT’s, to drive up economic cost to attackers.Two well-known proposals using ATTs to limit online guessing attacks are Pinkas and Sander (PS protocol) and Van Oorschot and Stubblebine (VS protocol). The PS proposal reduces the ATTs. The VS proposal reduces this but a significant cost to usability.. The PGRP is being developed by using both PS & VS proposals.

On the other side, PGRP allows high number of failed attempts from known machines without answering any ATTs. Known machines are defined as those from which successful login has occurred over a fixed time period. These known machines are identified by their IP addresses which are saved on the login server as white list or else in the cookies stored on client. Both the white listed IP address and client cookie expire after a time-period.

In both graphical user interface(e.g., browser-based logins) & character-based interface(e.g.,SSH logins) PGRP can be accommodated). Both PS and VS proposals, requires the use of browser cookies. PGRP uses either cookies or IP address or both for tracking legitimate users. PGRP increases the number of ATTs for password guessing by tracking users through their IP address & also to decrease the number of ATTs for legitimate login attempts.In recent years, the trend of logging in to online account through multiple personal devices (e.g., PC, laptop’s,smartphones ) is growing. When used from home environment, these devices often share a single IP address which makes IP-based history tracking more user friendly than cookies.

2. Related work:

From the early days of the internet the online password guessing attacks have been known to everyone. Account locking is a mechanism which prevents a malicious attacker from multiple passwords particular username.

Although account locking is temporary remedy, an attacker can mount a DOS (denial of service) in some amount of time for a particular username can be done by delaying server response after receiving user credentials, whether the password is correct or incorrect.

However, for an attacker with access to a botnet, this above mechanism is ineffective. Prevention techniques that depend on requesting the user machine to perform extra computations before replying to the entered credentials are not effective with such adversaries.

To prevent the automated programs (brute force & dictionary attacks) ATT challenges are used in some protocols.PS presented a login protocol which challenges ATTs to protect against online password guessing attacks. PS protocol reduces the number of ATTs that authorized users must correctly answer, so that a user with a valid browser cookie will be rarely asked to answer an ATT.

A deterministic function AskATT() of the entered user credentials is used to decide whether to ask the user an ATT or not. To improve the security features of the PS protocol, Van Oorschot & stubblebine defined a modified protocol in which ATTs are always required, once the no. of failed login attempts for a particular username exceeds a threshold.

For both PS and VS protocols, the function AskATT() requires a careful design, because the ‘known function attack’ of poor design of this function AskATT() makes the login protocol vulnerable to attacks and also ‘change password attack’.

Because of these attacks, the authors proposed a secure non-deterministic keyed hash function as AskATT() so that each username is associated with one key that changes whenever the corresponding password is changed. This proposed function requires extra server-side storage per username & atleast one cryptographic hash operation per login attempt.

2.2 Functions

PGRP uses the following functions. They are

1.Read Credential.

It shows a login prompt to the user and it returns the entered user name and password and also the cookie received from the user’s browser.

2. Login Correct

If the provided user name-password is valid, the function return true otherwise it returns false.

3. Grant Access

This function sends the cookies to the user’s browser and then gives the permission to access the specified user account.

4. Message

It displays the text message.

5. ATT Challenge

This function challenges the user with an ATT. If the answer is correct, it returns “pass” otherwise, it returns “fails”

Input:

t1(def=30d),t2(def=1d),t3(def=1d),k1(def=30),k2(def=3)

//The keyword ‘def’ denotes the default parameter value and ‘d’ denotes day,k1,k2≥0

//For an explanation of the use of expiry interval

Un, pw, cookie//username, password, and remote host’s browser cookie if any

W(global variable, expires after t1) //white list of IP addresses with successful login

FT(global variable, def=0, expires after t2)//table of number of failed logins per username

FS(global variable, def=0, expires after t3)//table of number of failed logins indexed by (srcIP, username) for hosts in W or hosts with valid cookies

begin:

ReadCredential(un, pw, cookie)//login prompt to enter username/password pair

if LoginCorrect(un, pw)then//username/password pair is correct

if((Valid(cookie, un, k1, true)√((srcIP, un)£W))^(FS[srcIP, un]then

FS[srcIP, un]<=0//add source IP address to the white list

Add srcIP to W//this function also sends the cookie if applicable

GrantAccess(un, cookie)

else

if(ATTChallenge()=Pass) then

FS[srcIP, un]<=0

Add srcIP to W

GrantAccess(un, cookie)

else

Message(‘The answer to the ATT challenge is incorrect’)

else//username/password pair is incorrect

if((Valid(cookie, un, k1, false)√((srcIP, un)£W))^(FS[srcIP, un]then

FS[srcIP, un]<=FS[srcIP, un]+1

Message(‘The username or password is incorrect’)

else if(ValidUsername(un)^(FT[un]then

FT[un]<=FT[un]+1

Message(‘The username or password is incorrect’)

else

if(ATTchallenge()=Pass)then

Message(‘The username or password is incorrect’)

else

Message(‘The answer to the ATT challenge is incorrect’)

end

7. Valid

This function checks the validity of the cookie and it is considered invalid in the following cases:

  1. The cookie username doesn’t match with the login username.
  2. The expired time of the cookie.
  3. The cookie counter is equal to or greater than K1. This function returns true only when a valid cookie is received.

3. Cookies versus Source IP addresses

PGRP keeps track of user machines from which successful logins have been initiated previously. If the login server offers a web-based interface, for this purpose choose a browser cookies as a good choice.

The login server unable to identify the user in all cases, if the user uses multiple browser or more than one OS on the same machine. Cookies may also be deleted by users, or automatically enabled by the most modern browsers.Cookie theft(eg., through session hijacking)might enable an adversary to impersonate a user who has been successfully authenticated in the past. In addition cookies requires a browser interface.A user machine can be identified by the sourceIP address. To trace users depending on sourceIP address may result in inaccurate identification. This can be done because of various reasons including.

1) The same machine might be assigned different IP addresses.

2) A group of machines might be represented by a small number or a single internet-addressable IP address if NAT mechanism is in place.Drawbacks of identifying a user by means of either a browser cookie or a source IP address include:

3) Failing to identify a machine from which the user has authenticated successfully in the past.

4) Wrongly identifying a machine the user has not authenticated before.

Case 1) Decreases usability since the user might be asked to answer an ATT challenge for both correct and incorrect login credentials.

Case 2) Affects security since some users/attackers may not be asked to answer an ATT challenge even though they have not logged in successfully from those machines in the past.However, the probability of launching a dictionary or brute force attack from these machines appears to be low. Therefore, we choose to use both browser cookies and source IP address in PGRP to minimize user inconvenience during login process.

3.1. Decision function for requesting ATT’s:

The decision to challenge the user with an ATT depends on two factors:

1) Whether the user has authenticated successfully from the machine previously.

2) The total number of failed login attempts for a specified useraccount

begin

if ATTChallenge()=Pass then

ReadCredential(un,pw) //login prompt to enter username/password pair

if LoginCorrect(un,pw) then //username/password pair is correct

Access is granted to the account

else

Message(‘The username or password is incorrect’)

else

Message(‘ATT answer is incorrect’)

end

Fig. 2.Secure but inconvenient login protocol

3.4.1Username-Password Pair Is Valid

After entering a correct username-password pair. In the following cases the user will not be asked to answer an ATT challenge.

1. A valid cookie is received from the user machine and the number of failed login attempts from the user machines IP address for that username, FS[srcIP,un], is less than k1 over a time period determined by t3.

2. The user machine’s IP address is in the whitelist W and the number of failed login attempts from this IP address for that username, FS[srcIP,un], is less than k1 over a time period determined by t3.

begin

ReadCredential(un,pw,cookie) //login prompt to enter username/password pair

if LoginCorrect(un,pw) then //username/password pair is correct

if Valid(cookie,un) then//cookie unexpired and matches username

GrantAccess(un) //access is granted to the account

else//no cookie or the cookie is invalid

if ATTChallenge()=Pass then GrantAccess(un) //access is granted

to the account

else Message(‘login fails’)

else // username/password pair is incorrect

if AskATT(un,pw) =True then

if ATTChallenge()=Pass then Message(‘login fails’)

else Message(‘login fails’)

else

Message(‘login fails’)

end

3.The number of failed login attempts from any ,machine for that username, FT[un], is below a threshold k2 over a time period determined by t2

3.4.2Username-Password Pair Is Invalid

After entering a incorrect username-password pair. In the following cases the user will not be asked to answer an ATT challenge.

  1. A valid cookie is received from the user machine and the number of failed login attempts from the user machines IP address for that username, FS[srcIP,un], is less than k1 over a time period determined by t3.
  2. The user machine’s IP address is in the whitelist W and the number of failed login attempts from this IP address for that username, FS[srcIP,un], is less than k1 over a time period determined by t3.
  3. The username is valid and the number of failed login attempts for that username, FT[un], is below a threshold k2 over a time period determined by t2.

4 System Resources

No list’s are maintained in the PS protocol because of this there is no extra memory overhead on the login server. In VS protocol only FT is maintained. In PGRP, three tables must be maintained. First, the white list, W is expected to grow linearly with the number of user’s. W contains a list of{source IP address, username}pairs that have been successfully authenticated in the last t1 units of time. Second, the number of entries in FT increase by one whenever a remote host makes a failed login attempt using a valid user name, if entry is added to FS only when a valid{user name, password} pair is provided from an IP address not used before for this user name. Therefore, the number of entries in FS is proportional to the number of IP addresses legitimate users successfully authenticated from.

4.1 Background On Previous ATT Based Protocols

Pinkas and Sander introduced the topic based upon a strawman login protocol that requires answering an ATT challenge first before entering the {user name, password}pair. If the user falling to answer the ATT correctly prevents the user from proceeding further. This

protocol requires the adversary to pass an ATT challenge for each password guessing attempt.

Simple protocol is effective against online dictionary attacks assuming that the used ATT’s are secure, legitimate users must also pass an ATT challenge for every login attempt. Therefore, this protocol affects user convenience and requires the login server to generate an ATT challenge for every login attempt.

Pinkas and Sander proposed a new protocol that reduces the number of ATT’s for legitimate user’s are required to pass. This protocol stores a browser cookie on the machine of users who had previously logged in successfully. Once the user requests the login server URL, the user’s browser sense the cookie back to the server. The protocol then requests the user to enter a {user name, password} pair. If the pair is correct and a valid cookie is received from the browser then the protocol gives permission to access the account. If the pair is correct but no valid cookie is received, then an ATT challenge must be answered before account access is granted.

Otherwise, if the pair is incorrect then according to a function AskATT(), an ATT challenge might be required before informing the user that the pair is incorrect. With this protocol, legitimate user must passATT’s in the following cases:1) When the user logs in from a machine for the first time.

2) When the user’s pair is incorrect and AskATT() triggers an ATT.

For each password guessing attempt an automated program needs to correctly answer ATT except in one case i.e.,when the {username, password} pair is incorrect and a function AskATT() didn’t request an ATT. Van oorschot and stubblebine proposed modifications to the previous protocol which stores failed login’s per username to impose ATT challenges after exceeding a configurable threshold of failures. Hence, for an incorrect {username, password}pair, the decision to request an ATT not only depends on the function AskATT() but also on the number of failed login attempts for the username.After entering correct credentials in the absence of a valid cookie, the user is asked whether the machine in use is trustworthy and if the user uses it regularly .The cookie is stored in the user’s machine only if the user responds yes to the question. This approach aims to reduce the possibility of cookie theft since a negative answer is expected if the user was from a public machine .The user account is set be in non-owner mode for a specified time window when a login is successful without receiving a valid cookie from the user machine; otherwise the account is set to owner mode.

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please:

Related Lectures

Study for free with our range of university lectures!