Bingo: A Semi-Centralized Password Storage System
Abstract
:1. Introduction
2. Limitations of Existing Solutions
2.1. Two-Factor Authentication
2.2. Password Aggregators
2.3. Biometric Identifiers
3. Threat Model
3.1. Brute Force
3.2. Rainbow Tables
3.3. Man in the Middle
4. Key Challenges
- As such, Bingo aims to leverage the best qualities of all of the aforementioned solutions for insecure password storage. We define a series of key design challenges for Bingo to ensure that it provides seamless usability while also employing best security practices:
- Bingo should never store a user’s password in a centralized manner. This means that the original plain text password should never be held in persistent storage, nor should Bingo independently store enough shares of a user’s password such that an attacker can recover all shares without attacking peers in the network.
- Bingo should never expose the user’s password to the online service for which it is middle manning. The online service is tasked with maintaining a profile for the user, as is the norm today. With that said, Bingo takes full ownership of a user’s password and acts as the single source of truth for confirming a user’s identity, thus offloading this responsibility from the online service.
- A retrieved password from a collection of peers in the network should be verifiable by Bingo, meaning that an attacker cannot inject fake information into the system.
- The user profiles stored in Bingo’s database should not provide a meaningful advantage to an attacker seeking to crack a user’s password.
- Bingo should provide strong security guarantees but not be an overly opinionated system. Online services which register with Bingo should be granted the ability to prioritize availability or security.
- Bingo should maintain the highest availability possible given a set of configurations, meaning that there should be as few instances as possible where a user cannot register or log in to an online service.
5. System Architecture
5.1. Cryptography
- (1)
- Murmurhash: Murmurhash (and its variant Murmurhash3) is a non-cryptographic hash function which can be seeded with a unique value to prevent offline rainbow table attacks so long as the seed remains a secret. We use a seeded Murmurhash3 implementation in Bingo to securely hash identifiers for data objects such that an attacker is unable to easily crack the hash. Furthermore, using Murmurhash3 provides the benefit of a consistent output for a given input (i.e., the basic property of hash functions), which aids in the repeated lookups of a plain text identifier. We define the Murmurhash3 function used in Bingo as M.
- (2)
- Bcrypt: Bcrypt is a secure password-hashing function with no proven attacks to date. The algorithm uses a defined number of salt rounds to increase entropy and prevent rainbow table attacks. A large number of websites which follow best security practices for hashing users’ passwords prior to storage utilize Bcrypt as their hash function. We define the Bcrypt function used in Bingo as B.
5.2. Data Objects
- (1)
- Domains: When an online service wishes to use Bingo for authentication of its users, the service is required to register itself with Bingo through a series of configuration details. We refer to a service registered with Bingo as a “Domain”. Domains are assigned a unique ID which is the Domain’s URL domain hashed with M. A unique hash ID prevents an attacker from being able to discern the site origin of a secret share on a stolen device. Figure 2a displays the attributes of a Domain object.
- (2)
- Users: Bingo associates users with the Domains for which they register and login. When a new user wishes to register with a given Domain, Bingo generates a “User” object containing a unique key, which is a tuple of the Domain’s unique ID and a hashed identifier for the user (e.g., an email) within the Domain. Figure 2b displays the attributes of a user object.
- (3)
- Secret Shares: A Secret Share is a fractional piece of a larger piece of secret information, such as a hashed password. Bingo distributes these shares among peers in the network alongside a tuple identifier consisting of a Domain ID and a user ID. Peers are tasked with storing these shares in a manner that allows them to later retrieve them given the same tuple identifier. Figure 2c displays the attributes of the Secret Share object.
5.3. Peers
5.4. Bingo Proxy
- (1)
- Communication: Bingo Proxy maintains all communications with peers through a dedicated Secure WebSocket Server (i.e., SWSS). Secure WebSockets communicate over TLS much like an HTTPS connection between clients and a given web browser. Secure communication over TLS guarantees that a man-in-the-middle a tempting to eavesdrop on the authentication workflow is unable to read more than encrypted traffic. When a peer becomes live in the network, Bingo adds said peer to a collection of “active” peers which may be tasked to store and retrieve password shares. Likewise, when a peer disconnects from the network, its state is set to inactive and is promptly removed from the collection of peers. Peers are never associated with a specific user at the server-side. As such, if an attacker is able to attain a list of active peers in the network, this list does not allow any backtracking to a specific device belonging to a given user, ensuring the desired principle of anonymity. Bingo Proxy requires that all peers listen to two main events, “distribute” and “retrieve”. Peers should acknowledge these events and include retrieved data as required. Furthermore, peers can inform Bingo Proxy of new registration or login workflows with the “action” event, to which Bingo Proxy responds with an “action-update” event once the workflow has been completed (i.e., a callback). Further details regarding action workflows and responses will be provided in upcoming sections. A full listing of the API events sent by Bingo Proxy can be seen in Table 1.
- (2)
- API Handler: Registered Domains are required to expose specific API methods to Bingo in order to facilitate registrations and logins. Domain objects should include a base API URL, a login route, and a registration route. For example, a Domain might provide a base API URL of https://my-service.com/api (accessed on 23 February 2022), a login route of user/login and a registration route of user/register. Furthermore, Domains must list which attribute in a user profile identifies the user, an ID Key, as well as which attribute serves as the password, a Secret Key. When registering a new user, Bingo makes an API call to a Domain’s registration route alongside the original request body from the user with the value of the Secret Key redacted. If the API call returns a success status, Bingo stores a new profile for the user with the Domain’s ID alongside the user’s ID Key hashed with M. While the tuple identifier allows Bingo to verify that a user is registered with a domain, an attacker that manages to steal this information is not aided in verifying that the user is registered with the Domain, nor in the cracking of the user’s password. Note that by only storing a profile for the user within Bingo if the API call is successful, the online service associated with the Domain is still given full authority to validate all remaining attributes of the request body, such as the email address or name. A similar workflow takes place during a login, except that naturally a different API route is used. Furthermore, the order of which secret sharing and retrieval takes place in regard to making API requests is dependent on the workflow. During registration, a secret is shared with the network after a successful API call to make sure that the secret should be shared at all. During login, the opposite ordering takes place, with the secret first being retrieved from the network in order to validate the user’s identity before sending a login API request. Note that Bingo does not take any responsibility for managing third-party API tokens for a user. It is the responsibility of an online service to assign credentials at login time such that any subsequent requests which are not handled by Bingo can be traced back to the user.
- (3)
- Secret Sharing: Bingo Proxy’s main functionality set is to distribute and retrieve shares of passwords. Bingo uses the tried and tested Shamir Secret Sharing algorithm, dubbed SSS, which divides a given password into a series of N shares such that the original password can be reconstructed given a set threshold T of these shares. For example, if N = 5 and T = 3, then a share is distributed one per set of five peers, while only three peers must return their shares to be able to reconstruct the password. A threshold allows one to control the desire for availability versus security. If a threshold is set too low, an attacker must only retrieve a small number of shares to crack the password, lowering security. If the threshold is too high, we require a larger amount of active peers to be present in the network for registration and login procedures, lowering availability. Figure 3 displays Shamir Secret Sharing for the given values of N and T.
- (4)
- Job Service: In order to limit the negative effects on system availability caused by a fluctuating number of active peers at any given time, Bingo Proxy implements user workflows as “jobs” which run asynchronously and deliver results upon completion. The current implementation of Bingo Proxy provides two job interfaces: Distribution Job for registrations and Retrieval Job for logins. During a workflow, a corresponding job is initialized with all necessary information to be provided to peers, along with a callback function which is used once the job either succeeds or fails. A job is instantiated with three retry attempts, with exponential backoff timing used to space out retries. Each attempt is assigned a timer, with the timer being stopped if the job succeeds. Each job also maintains the state of its required data, and uses retries to attempt to fill gaps in its success requirements. Both distribute and retrieve events contain a unique Job ID which peers include in their responses in order to map acknowledgements to their corresponding job.
- (5)
- Password Versioning: Bingo cannot be considered a practical medium of distributed secret storage if the shares stored for a given user cannot be replaced, such as during a password change. In order to achieve this goal, Bingo Proxy assigns a numerical version to each password share it distributes among peers. The most recent version count, denoted V, is stored alongside the hashed identifiers for a stored User in Bingo Proxy’s database. As such, during the retrieval of a user’s shares for reconstruction, V is included within the request body. Since all peers receive the distribution request in a broadcast, each peer may use the value of V to prune any stale data it may store for the user, thus preventing shares of any version {1…V − 1} from continuing to be stored or broadcasted. Furthermore, any peer which mistakenly or maliciously retrieves and returns a share older than V will be ignored, and the given share will not be counted towards the completion of a Retrieval Job. Note that the use of a primitive numerical counting system for share versioning is not without its flaws. Without mandatory integrity support, a malicious actor may tamper with the version of a share they store, as well as tamper with the version of an in-flight share either during distribution or retrieval. We leave the improvement of Bingo’s share versioning system to future work, and propose the use of unique hashes or encrypted version numbers to improve integrity.
5.5. Bingo Relays
5.6. Bingo Extension
5.7. Bingo UI
6. Demonstrating the Bingo Workflow
6.1. Peer Registration
6.2. Peer Login
7. Result and Discussion
7.1. Base Evaluation
7.2. Peer Uptime Simulator
7.3. Peer Uptime Simulator
8. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Gaw, S.; Felten, E.W. Password Management Strategies for Online Accounts. In Proceedings of the Second Symposium on Usable Privacy and Security, Pittsburgh, PA, USA, 12–14 July 2006; pp. 44–55. [Google Scholar]
- Sivertsen, B.; Knapstad, M.; Petrie, K.; O’Connor, R.; Lønning, K.J.; Hysing, M. Changes in mental health problems and suicidal behaviour in students and their associations with COVID-19-related restrictions in Norway: A national repeated cross-sectional analysis. BMJ Open 2022, 12, e057492. [Google Scholar] [CrossRef] [PubMed]
- Sushama, C.; Kumar, M.S.; Neelima, P. Privacy and security issues in the future: A social media. Mater. Today Proc. 2021, 11, 105. [Google Scholar] [CrossRef]
- Dubey, R.; Martin, M.V. Fool Me Once: A Study of Password Selection Evolution over the Past Decade. In Proceedings of the 18th International Conference on Privacy, Security and Trust (PST), Auckland, New Zealand, 13–15 December 2021; pp. 1–7. [Google Scholar]
- Venkatachalam, K.; Prabu, P.; Almutairi, A.; Abouhawwash, M. Secure biometric authentication with de-duplication on distributed cloud storage. PeerJ Comput. Sci. 2021, 7, e569. [Google Scholar]
- Luo, W.; Hu, Y.; Jiang, H.; Wang, J. Authentication by encrypted negative password. IEEE Trans. Inf. Forensics Secur. 2018, 14, 114–128. [Google Scholar] [CrossRef]
- Oesch, S.; Ruoti, S. That was then, this is now: A security evaluation of password generation, storage, and autofill in browser-based password managers. In Proceedings of the 29th USENIX Conference on Security Symposium, Boston, MA, USA, 12–14 August 2020; pp. 2165–2182. [Google Scholar]
- Morris, R.; Thompson, K. Password security: A case history. Commun. ACM 1979, 22, 594–597. [Google Scholar] [CrossRef]
- Gasti, P.; Rasmussen, K.B. On the security of password manager database formats. In Proceedings of the European Symposium on Research in Computer Security, Pisa, Italy, 10–12 September 2012; pp. 770–787. [Google Scholar]
- Provos, N.; Mazieres, D. A Future-Adaptable Password Scheme. In Proceedings of the USENIX Annual Technical Conference, FREENIX Track, Monterey, CA, USA, 6–11 June 1999; pp. 81–91. [Google Scholar]
- Gauravaram, P. Security Analysis of Salt|| Password Hashes. In Proceedings of the International Conference on Advanced Computer Science Applications and Technologies (ACSAT), Kuala Lumpur, Malaysia, 26–28 November 2012; pp. 25–30. [Google Scholar]
- Han, A.L.-F.; Wong, D.F.; Chao, L.S. Password cracking and countermeasures in computer security: A survey. arXiv 2014, arXiv:1411.7803. [Google Scholar]
- Belenko, A.; Sklyarov, D. “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? In Proceedings of the Blackhat Europe, Amsterdam, The Netherlands, 14–16 March 2012. 56p. [Google Scholar]
- Petsas, T.; Tsirantonakis, G.; Athanasopoulos, E.; Ioannidis, S. Two-factor authentication: Is the world ready? In Quantifying 2FA adoption. In Proceedings of the Eighth European Workshop on System Security, Bordeaux, France, 21 April 2015; pp. 1–7. [Google Scholar]
- Apriansyah, Y. Implementation of One Time Password (OTP) for Login Security on Web-Based Systems. Ph.D. Dissertation, University of Technology Yogyakarta, Daerah Istimewa Yogyakarta, Indonesia, 2022. [Google Scholar]
- Da Silva Torres, R.J. Identity Management: Analysis of Secure Authentication Propositions. Master’s Thesis, Universidade Do Porto, Porto, Portugal, 2020. [Google Scholar]
- Merdenyan, B.; Petrie, H. Perceptions of risk, benefits and likelihood of undertaking password management behaviours: Four components. In Proceedings of the IFIP Conference on Human-Computer Interaction, Paphos, Cyprus, 2–6 September 2019; pp. 549–563. [Google Scholar]
- Aziz, I.T.; Abdulqadder, I.H.; Alturfi, S.M.; Imran, R.M.; Flaih, F.M. A Secured and Authenticated State Estimation Approach to Protect Measurements in Smart Grids. In Proceedings of the International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT), Sakheer, Bahrain, 20–21 December 2020; pp. 1–5. [Google Scholar]
- Tomaszewska-Michalak, M. Biometric Technology 20 Years After 9/11–Opportunities and Threats. Studia Politol. 2022, 63, 123–134. [Google Scholar] [CrossRef]
- Tzagarakis, G.; Papadopoulos, P.; Chariton, A.A.; Athanasopoulos, E.; Markatos, E.P. Øpass: Zero-storage password management based on password reminders. In Proceedings of the 11th European Workshop on Systems Security, Porto, Portugal, 23–26 April 2018; pp. 1–6. [Google Scholar]
- Youssou, N.; Barais, O.; Blouin, A.; Bouabdallah, A.; Aillery, N. Requirements for preventing logic flaws in the authentication procedure of web applications. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, Limassol Cyprus, 8–12 April 2019; pp. 1620–1628. [Google Scholar]
- Rodríguez-Barroso, N.; López, D.J.; Luzón, M.; Herrera, F.; Martínez-Cámara, E. Survey on Federated Learning Threats: Concepts, taxonomy on attacks and defences, experimental study and challenges. arXiv 2022, arXiv:2201.08135. [Google Scholar]
- Aron, G. Improving attacks on round-reduced speck32/64 using deep learning. In Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 18–22 August 2019; Springer: Cham, Switzerland; pp. 150–179. [Google Scholar]
- Singh, A.; Tiwari, V.; Naidu, A.S.; Tentu, A.N.; Raju, K.S.; Saxena, A. Analysis of Password Protected Documents Using Statistical Approaches on High Performance Computing. In Advances in Micro-Electronics, Embedded Systems and IoT; Springer: Singapore, 2022; pp. 533–545. [Google Scholar]
- Kampourakis, V.; Kambourakis, G.; Chatzoglou, E.; Zaroliagis, C. Revisiting man-in-the-middle attacks against HTTPS. Netw. Secur. 2022, 2022. [Google Scholar] [CrossRef]
- Goulart, A.; Chennamaneni, A.; Torre, D.; Hur, B.; Al-Aboosi, F.Y. On Wide-Area IoT Networks, Lightweight Security and Their Applications—A Practical Review. Electronics 2022, 11, 1762. [Google Scholar] [CrossRef]
Bingo Proxy Event | Description | Bingo Peer Response |
---|---|---|
ID | Assign a unique identifier to a connected Peer | None |
retrieve | Retrieve any password shares stored for a tuple of a Domain ID and User ID | retrieved |
distribute | Store a share associated with a tuple of a Domain ID and User ID | distributed |
action-update | A callback function indicating an action (login or register) has succeeded or failed | None |
Peers | Local Only (s) | Remote (s) |
---|---|---|
10 | 2.43 | 3.21 |
50 | 1.96 | 2.86 |
100 | 1.78 | 2.31 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Al-Aboosi, A.F.; Broner, M.; Al-Aboosi, F.Y. Bingo: A Semi-Centralized Password Storage System. J. Cybersecur. Priv. 2022, 2, 444-465. https://doi.org/10.3390/jcp2030023
Al-Aboosi AF, Broner M, Al-Aboosi FY. Bingo: A Semi-Centralized Password Storage System. Journal of Cybersecurity and Privacy. 2022; 2(3):444-465. https://doi.org/10.3390/jcp2030023
Chicago/Turabian StyleAl-Aboosi, Abdullah F., Matan Broner, and Fadhil Y. Al-Aboosi. 2022. "Bingo: A Semi-Centralized Password Storage System" Journal of Cybersecurity and Privacy 2, no. 3: 444-465. https://doi.org/10.3390/jcp2030023
APA StyleAl-Aboosi, A. F., Broner, M., & Al-Aboosi, F. Y. (2022). Bingo: A Semi-Centralized Password Storage System. Journal of Cybersecurity and Privacy, 2(3), 444-465. https://doi.org/10.3390/jcp2030023