References of "Vazquez Sandoval, Itzel 50025539"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL et al

in Information Systems Security and Privacy (2019, July)

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and ... [more ▼]

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and Rivest introduced the Honeywords System in 2013. The core idea is to store the password with a list of decoy words that are ``indistinguishable'' from the password, called honeywords. An adversary that obtains the password file and, by dictionary attack, retrieves the honeywords can only guess the password when attempting to log in: but any incorrect guess will set off an alarm, warning that file has been compromised. In a recent conference paper, we studied the security of the Honeywords System in a scenario where the intruder also manages to corrupt the server's code (with certain limiting assumptions); we proposed an authentication protocol and proved it secure despite the corruption. In this extended journal version, we detail the analysis and we extend it, under the same attacker model, to the other two protocols of the original Honeywords System, the setup and change of password. We formally verify the security of both of them; further, we discuss that our design suggests a completely new approach that diverges from the original idea of the Honeywords System but indicates an alternative way to authenticate users which is robust to server's code-corruption. [less ▲]

Detailed reference viewed: 62 (2 UL)
Full Text
Peer Reviewed
See detailDetecting misalignments between system security and user perceptions: a preliminary socio-technical analysis of an E2E email encryption system
Stojkovski, Borce UL; Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL

in 4th European Workshop on Usable Security - 2019 IEEE European Symposium on Security and Privacy Workshops (2019)

The set of impressions that a user has about distinct aspects of a system depends on the experience perceived while interacting with the system. Considering the effects of these interactions in a security ... [more ▼]

The set of impressions that a user has about distinct aspects of a system depends on the experience perceived while interacting with the system. Considering the effects of these interactions in a security analysis allows for a new class of security properties in terms of misalignments between the system’s technical guarantees and the user’s impressions of them. For instance, a property that we call “false sense of insecurity” identifies a situation in which a secure system injects uncertainty in users, thus improperly transmitting the degree of protection that it actually provides; another, which we call “false sense of security”, captures situations in which a system instills a false sense of security beyond what a technical analysis would justify. Both situations leave room for attacks. In this paper we propose a model to define and reason about such socio-technical misalignments. The model refers to and builds on the concept of security ceremonies, but relies on user experience notions and on security analysis techniques to put together the information needed to verify misalignment properties about user’s impressions and system’s security guarantees. We discuss the innovative insight of this pilot model for a holistic understanding of a system’s security. We also propose a formal model that can be used with existing model checkers for an automatic analysis of misalignments. We exemplify the approach by modelling one specific application for end-to-end email encryption within which we analyze a few instances of misalignment properties. [less ▲]

Detailed reference viewed: 88 (23 UL)
Full Text
Peer Reviewed
See detailA Protocol to Strengthen Password-Based Authentication
Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL; Stojkovski, Borce UL

in Emerging Technologies for Authorization and Authentication (2018, November)

We discuss a password-based authentication protocol that we argue to be robust against password-guessing and o -line dictionary attacks. The core idea is to hash the passwords with a seed that comes from ... [more ▼]

We discuss a password-based authentication protocol that we argue to be robust against password-guessing and o -line dictionary attacks. The core idea is to hash the passwords with a seed that comes from an OTP device, making the resulting identity token unpredictable for an adversary. We believe that the usability of this new protocol is the same as that of password-based methods with OTP, but has the advan- tage of not burdening users with having to choose strong passwords. [less ▲]

Detailed reference viewed: 132 (60 UL)
Full Text
Peer Reviewed
See detailExperience report: How to extract security protocols’ specifications from C libraries
Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL

in 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Volume 2 (2018, June)

Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code ... [more ▼]

Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little or no help from the developers to better understand it. Security protocols implementations frequently use services provided by libraries coded in the C programming language; automatic tools for codelevel reverse engineering offer good support to comprehend the behavior of code in object-oriented languages but are ineffective to deal with libraries in C. Here we propose a systematic, yet human-dependent approach, which combines the capabilities of state-of-the-art tools in order to help the analyst to retrieve, step by step, the security protocol specifications from a library in C. Those specifications can then be used to create the formal model needed to carry out the analysis. [less ▲]

Detailed reference viewed: 109 (29 UL)
Full Text
Peer Reviewed
See detailA Security Analysis, and a Fix, of a Code-Corrupted Honeywords System
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL et al

in Proceedings of the 4th International Conference on Information Systems Security and Privacy (2018)

In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together ... [more ▼]

In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable decoy words so when an intruder steals the file, retrieves the words, and tries to log-in, he does not know which one is the password. By guessing one from the decoy words, he may not be lucky and reveal the leak. Juels and Rivest left a problem open: how to make the system secure even when the intruder corrupted the login server’s code. In this paper we study and solve the problem. However, since “code corruption” is a powerful attack, we first define rigorously the threat and set a few assumptions under which the problem is still solvable, before showing meaningful attacks against the original Honeywords System. Then we elicit a fundamental security requirement, implementing which, we are able to restore the honeywords System’s security despite a corrupted login service. We verify the new protocol’s security formally, using ProVerif for this task. We also implement the protocol and test its performance. Finally, at the light of our findings, we discuss whether it is still worth using a fixed honeywords-based system against such a powerful threat, or whether it is better, in order to be resilient against code corruption attacks, to design afresh a completely different password-based authentication solution. [less ▲]

Detailed reference viewed: 294 (44 UL)