Password-based Authentication: Attacks & Defenses (Sommersemester 2022)
Dozent:
Prof. Dr. Anja Lehmann
(Cyber Security - Identity Management)
,
Dennis Dayanikli
(Cyber Security - Identity Management)
Allgemeine Information
- Semesterwochenstunden: 2
- ECTS: 3
- Benotet:
Ja
- Einschreibefrist: 01.04.2022 - 30.04.2022
- Prüfungszeitpunkt §9 (4) BAMA-O: 12.08.2022
- Lehrform: Seminar
- Belegungsart: Wahlpflichtmodul
- Lehrsprache: Englisch
- Maximale Teilnehmerzahl: 10
Studiengänge, Modulgruppen & Module
- CYAD: Cyber Attack and Defense
- HPI-CYAD-K Konzepte und Methoden
- CYAD: Cyber Attack and Defense
- HPI-CYAD-T Techniken und Werkzeuge
- CYAD: Cyber Attack and Defense
- HPI-CYAD-S Spezialisierung
- IDMG: Identity Management
- HPI-IDMG-K Konzepte und Methoden
- IDMG: Identity Management
- HDI-IDMG-T Techniken und Werkzeuge
- IDMG: Identity Management
- HPI-IDMG-S Spezialisierung
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-T Techniken und Werkzeuge
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-K Konzepte und Methoden
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-S Spezialisierung
- DSEC: Data Security
- DSEC-Konzepte und Methoden
- DSEC: Data Security
- DSEC-Techniken und Werkzeuge
- DSEC: Data Security
- HDAS: Health Data Security
- HPI-HDAS-C Concepts and Methods
- HDAS: Health Data Security
- HPI-HDAS-T Technologies and Methods
- HDAS: Health Data Security
- HPI-HDAS-S Specialization
Beschreibung
Password-based authentication is the process of gaining access to resources, which one is entitled to, with the help of a set of credentials containing username and password. The credentials are typically stored in a service provider’s database during registration and used to authenticate an end user when he tries to login. Despite prolonged claims that the concept of passwords is ''dead'', password-based authentication remains the most widely used user authentication mechanism due to its user experience and convenience.
Password-based authentication poses challenges both for end users and for service providers. On the one hand, end users struggle with the task of choosing “good” passwords for each service and securely managing all of their credentials. On the other hand, service providers struggle with the task of keeping their databases secret.
Topics
In this seminar, we will explore different attacks and defense mechanisms for password-based authentication methods, and investigate their progress in current cryptographic research. These topics include:
- Password Cracking / Password Modeling (How to effectively guess user passwords.)
- Password Managers (How password managers help end users to use better passwords and to manage them.)
- Password Hashing (How a service provider can strengthen the security of his database by hashing the passwords using slow hash functions.)
- Password Authenticated Key Exchange (How end users can authenticate to the service provider without leaking any information about their passwords.)
- Honey Passwords (How to include imitated password files in a server’s database to detect data breaches.)
- Password Protected Secret Sharing (How to share a high entropy secret on multiple servers protected by a password.)
Organization
Each participant will be assigned a research paper and present its topic in a talk. After the kick-off phase, participants will have time to study their assigned paper and prepare their presentation. We will then meet every two weeks. In each meeting, two participants will present their assigned paper. At the end of the semester, participants also hand in a brief written report about their findings.
The course is limited to max. 10 participants. Priority is given to Cybersecurity students.
Voraussetzungen
Basic knowledge in cryptography.
Literatur
The detailed list of research papers will be in the course Moodle: https://moodle.hpi.de/course/view.php?id=290
In coordination with the teaching staff, other password-related research papers can also be presented.
Leistungserfassung
The grade will be based on the presentation (70%), the written report (20%) and active participation in the seminar (10%).
Termine
The seminar will be held Thursdays, 11.00-12.30 in G3.E.15/16
Preliminary Schedule:
- Week 1: Kick-off lecture introducing the different problem statements and relevant literature
- Week 2: Topic assignment
- Bi-weekly from week 6: presentation of papers and discussion (each participant 45 min).
- End of semester: Hand in Written Report
Zurück