Reading: On the Economics of Offline Password Cracking

Link to the paper: https://www.cs.purdue.edu/homes/jblocki/papers/SP18EconomicsOfOfflinePasswordCracking.pdf

Summary:

This paper is aimed more toward technology practitioners simulating the aftermath of a data breach of an authentication server. The authors frame the paper in the context of a world where most companies use slow password hashing algorithms like BCRYPT coupled with key stretching methods to make password guessing expensive for attackers. It is important to note the studies assumption that attackers will be only economically rational - so it might not be comprehensive by any means. Moreover the assumptions made by the attacker are the attacked is informed, untargeted, and economically rational. The key take away in this paper is the idea that memory hard functions - whose computation requires large amounts of memory is what the cybersecurity should move to in regards to the gold standard.

 What I liked:

  1. The recommendation of using memory hard functions. Their analysis suggests it could be possible to reduce the % of cracked passwords below 22.2% without increasing authentication delays to a full second.

  2. Contrasting the results of the current NIST 2017 minimum recommendations and pointing out in their analysis why even orders of magnitudes of this standard may be inadequate.

  3. The real novelty in their Zipf's law discoveries is that they applied analysis to the Yahoo pass word breach which is 2x bigger than any other dataset past authors have had the chance to study.

  4. Analysis that creates an upper and lower bound for a percentage of passwords cracked by their assumption of a rational adversary.

  5. "Password composition policies also introduce a high usability cost [57], [65], [66], [59], and they typically do not increase password strength significantly. In fact, sometimes these policies result in weaker user passwords"

 

What I didn’t like

  1. A lot of this is just a rehash of what Wang and Wang did essentially with a data set that is twice as big.

  2. The entire study is hinged on what the value of the information is on the black market - the flaw being it's really hard to price the information as a practitioner before a data breach. Which makes it hard to act on this information

  3. The focus of the paper assumes that we are dealing with a rational adversary - but with the rise of nation states conducting cyber attacks I don't think it’s a good idea to focus solely on adversaries where profit is the driving factor. More over the paper specifically states that they treat the value of all passwords equally, I'd pay a lot more for Trump's twitter password compared to some random person.

  4. I feel as if this paper should have really focused more on the memory hard functions, because at certain points like 7.1 "Key-Stretching"  the author goes into why MHF is such an attractive choice in security but doesn't really flesh into it

  5. Lack of analysis on the black market for passwords in the aftermath of the yahoo attack.

 Points to talk about:

  1. Why can’t we move to memory hard functions? Why aren't more developers moving toward it? Naiakshina et al. points out that in a survey of developers none chose memory hard functions

  2. What percentage of cyberattacks are happening from rational adversaries who have cost as their major concern, as a opposed to adversaries who don't have cost as a major concern

  3. Does the black market actually have a law of diminishing returns?

  4. Despite the cost of a honeywords strategy what percentage companies use them to secure their data? What is the difference in cost of a honeywords defense strategy as compared to the cost of an expected data breach?

  5. How does a data independent memory hard function work?

New Ideas:

  1. Exploration of how memory hard functions would fare for an attacker who was not economically rational

  2. Case study how each of the different security measures in separate and in conjunction with each other would change under a rational attacker

  3. If the password guidelines we have been given in the past haven't been

  4. Explore the effect of password guidelines on Zipf's law. Before when people were allowed to choose their password compared to when they were given guidelines. Was there a significant change?

  5. Is there a metric to determine how in demand passwords and private information is to inform technology practitioners when the market determines that it might be economically viable to profit off a cybercrime