Using amnesia to detect credential database breaches
Publication
, Conference
Wang, KC; Reiter, MK
Published in: Proceedings of the 30th USENIX Security Symposium
January 1, 2021
Known approaches for using decoy passwords (honeywords) to detect credential database breaches suffer from the need for a trusted component to recognize decoys when entered in login attempts, and from an attacker's ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites. Amnesia is a framework that resolves these difficulties. Amnesia requires no secret state to detect the entry of honeywords and additionally allows a site to monitor for the entry of its decoy passwords elsewhere. We quantify the benefits of Amnesia using probabilistic model checking and the practicality of this framework through measurements of a working implementation.
Duke Scholars
Published In
Proceedings of the 30th USENIX Security Symposium
Publication Date
January 1, 2021
Start / End Page
839 / 855
Citation
APA
Chicago
ICMJE
MLA
NLM
Wang, K. C., & Reiter, M. K. (2021). Using amnesia to detect credential database breaches. In Proceedings of the 30th USENIX Security Symposium (pp. 839–855).
Wang, K. C., and M. K. Reiter. “Using amnesia to detect credential database breaches.” In Proceedings of the 30th USENIX Security Symposium, 839–55, 2021.
Wang KC, Reiter MK. Using amnesia to detect credential database breaches. In: Proceedings of the 30th USENIX Security Symposium. 2021. p. 839–55.
Wang, K. C., and M. K. Reiter. “Using amnesia to detect credential database breaches.” Proceedings of the 30th USENIX Security Symposium, 2021, pp. 839–55.
Wang KC, Reiter MK. Using amnesia to detect credential database breaches. Proceedings of the 30th USENIX Security Symposium. 2021. p. 839–855.
Published In
Proceedings of the 30th USENIX Security Symposium
Publication Date
January 1, 2021
Start / End Page
839 / 855