Advances in Information Security
Using Amnesia to Detect Credential Database Breaches
Publication
, Chapter
Wang, KC; Reiter, MK
January 1, 2023
Known approaches for using decoy passwords (honeywords) to detect credential database breaches suffer from the need for a trusted component to recognize decoys when entered in login attempts, and from an attacker’s ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites. Amnesia is a framework that resolves these difficulties. Amnesia requires no secret state to detect the entry of honeywords and additionally allows a site to monitor for the entry of its decoy passwords elsewhere. We quantify the benefits of Amnesia using probabilistic model checking and the practicality of this framework through measurements of a working implementation.
Duke Scholars
DOI
Publication Date
January 1, 2023
Volume
89
Start / End Page
183 / 215
Citation
APA
Chicago
ICMJE
MLA
NLM
Wang, K. C., & Reiter, M. K. (2023). Using Amnesia to Detect Credential Database Breaches. In Advances in Information Security (Vol. 89, pp. 183–215). https://doi.org/10.1007/978-3-031-16613-6_9
Wang, K. C., and M. K. Reiter. “Using Amnesia to Detect Credential Database Breaches.” In Advances in Information Security, 89:183–215, 2023. https://doi.org/10.1007/978-3-031-16613-6_9.
Wang KC, Reiter MK. Using Amnesia to Detect Credential Database Breaches. In: Advances in Information Security. 2023. p. 183–215.
Wang, K. C., and M. K. Reiter. “Using Amnesia to Detect Credential Database Breaches.” Advances in Information Security, vol. 89, 2023, pp. 183–215. Scopus, doi:10.1007/978-3-031-16613-6_9.
Wang KC, Reiter MK. Using Amnesia to Detect Credential Database Breaches. Advances in Information Security. 2023. p. 183–215.
DOI
Publication Date
January 1, 2023
Volume
89
Start / End Page
183 / 215