Xunhua Wang

An intrusion-tolerant password authentication system

In a password-based authentication system, to authenticate a user, a server typically stores password verification data (PVD), which is a value derived from the users password using publicly known functions. For those users whose passwords fall within an attackers dictionary, their PVDs, if stolen (for example, through server compromise), allows the attacker to mount off-line dictionary attacks. We describe a password authentication system that can tolerate server compromises. The described system uses multiple (say n) servers to share password verification data and never reconstructs the shared PVD during user authentications. Only a threshold number (say t, t/spl les/n) of these servers are required for a user authentication and compromising up to (t-1) of these servers will not allow an attacker to mount off-line dictionary attacks, even if a users password falls within the attackers dictionary. The described system can still function if some of the servers are unavailable. We give the system architecture and implementation details. Our experimental results show that the described system works well. The given system can be used to build intrusion-tolerant applications.

Enabling secure on-line DNS dynamic update

Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. We point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: the online storage of a zone security key, creating a single point of attack for both inside and outside attackers; and the violation of the role separation principle, which in the context of DNSSEC separates the roles of zone security managers from DNS server administrators. To address these issues, we propose a secure DNS architecture that is based on threshold cryptography. We show that the architecture adheres to the role separation principle without presenting any single point of attack. Our experimental results reveal that, in terms of signature computation times, our architecture incurs negligible performance penalty when using RSA/MD5 signatures but significant overhead when using DSA signatures. It is our belief that the high level of security that can be achieved by the proposed architecture far outweighs its potential overhead, especially in critical DNS zones, such as the .com zone.

A JCA-based implementation framework for threshold cryptography

The Java Cryptography Architecture, JCA in short, was created to allow JCA-compliant cryptography providers to be plugged into a JCA-aware application at run time. This configurable feature makes JCA widely used and assures its success. However, the public key cryptographic service interfaces defined by JCA are based on the conventional public key cryptography, which is a single-sender-single-receiver model, and does not accommodate the group-based public key cryptography well. Especially, it does not support the threshold cryptography (TC), an important type of group-based public key cryptography, which has been shown to be a useful tool to enhance system security. As a step towards the systematic application of group-based public key cryptography, this article proposes an extension to the JCA framework to integrate threshold cryptography. Under this extension, various TC providers implementing different TC primitives can be plugged into a security application at run-time. This extension also makes it easy for a existing JCA-aware application to be migrated to use threshold cryptography. An example provider of threshold RSA is implemented under this framework extension. It is our belief that such an extension would help speed up the adoption of threshold cryptography.

PAKE on the Web

Unlike existing password authentication mechanisms on the web that use passwords for client-side authentication only, password-authenticated key exchange (PAKE) protocols provide mutual authentication. In this article, we present an architecture to integrate existing PAKE protocols to the web. Our integration design consists of the client-side part and the server-side part. First, we implement the PAKE client-side functionality with a web browser plug-in, which provides a secure implementation base. The plug-in has a log-in window that can be customized by a user when the plug-in is installed. By checking the user-specific information in a log-in window, an ordinary user can easily detect a fake log-in window created by mobile code. The server-side integration comprises a web interface and a PAKE server. After a successful PAKE mutual authentication, the PAKE plug-in receives a one-time ticket and passes it to the web browser. The web browser authenticates itself by presenting this ticket over HTTPS to the web server. The plug-in then fades away and subsequent web browsing remains the same as usual, requiring no extra user education. Our integration design supports centralized log-ins for web applications from different web sites, making it appropriate for digital identity management. A prototype is developed to validate our design. Since PAKE protocols use passwords for mutual authentication, we believe that the deployment of this design will significantly mitigate the risk of phishing attacks.

Improving the Efficiency of Capture-Resistant Biometric Authentication Based on Set Intersection

Traditional biometric authentication systems store biometric reference templates in cleartext on an authentication server, making them vulnerable to theft. Fuzzy extractors allow an authentication server to store biometric verification data that are resistant to capture. It is hard to recover the reference templates from these biometric verification data, thus increasing the privacy of the reference templates. In this paper, we improve the efficiency of a set intersection-based fuzzy extractor in two ways. First, we speed up the computation of verifying a biometric sample under some parameter combinations through integrating a Reed-Solomon decoding algorithm. Second, we propose a new function to improve the storage efficiency of the fuzzy extractor. A prototype implementation is developed to validate our improvements and it shows that our first improvement could speed up computation as many as 2.29 times 106 times.

Security analysis of a fingerprint-protected USB drive

Fingerprint-protected Universal Serial Bus (USB) drives have seen increasing deployment recently to protect mobile data. Compared to regular USB drives, a fingerprint-protected USB drive has an integrated optical scanner and a private partition/drive (for example, drive G: on MS Windows), which is not accessible before a successful fingerprint authentication. This paper studies the security of a representative fingerprint-protected USB drive called AliceFDrive. Our results are twofold. First, through black-box reverse engineering and manipulation of binary code in a DLL, we bypassed AliceF-Drives fingerprint authentication and accessed the private drive without actually presenting a valid fingerprint. This authentication bypass is a class attack in that the modified DLL can be distributed to any naive users to bypass AliceF-Drives fingerprint authentication. Second, in our security analysis of AliceFDrive, we developed a program to automatically recover fingerprint reference templates from AliceFDrive, which may make AliceF-Drive worse than a regular USB drive: when Alice loses her fingerprint-protected USB drive, she does not only lose her data, she also loses her good-quality fingerprints, which are hard to recover as Alices fingerprints do not change much over a long period of time.

Secure Online DNS Dynamic Updates: Architecture and Implementation

Domain Name System (DNS) is the Internet infrastructure for mapping human-friendly domain names into IP addresses. To provide data-origin authentication for DNS, the DNS Security Extension (DNSSEC) standard was developed. In this article, we point out two drawbacks of DNSSEC in its handling of DNS dynamic updates: 1) creating a single point of attack with the on-line storage of a zone security key, and 2) violating the role separation principle by mixing up the roles of zone security managers and DNS name server administrators. To address these issues, we propose an alternative secure DNS architecture based on threshold cryptography. To demonstrate the feasibility of the proposed architecture, we developed a toolkit and built a proof-of-concept prototype. Our running results show that the performance of our architecture ranges from one to four times of DNSSEC’s performance. Thus, through small performance overhead, our architecture could achieve very high level of security.