口令Zipf分布对相关安全协议的影响分析

Impact of Zipf’s Law on Password-related Security Protocols

身份认证是确保网络与信息系统安全的第一道防线,口令则是最普遍的身份认证方式。现有研究通常假设用户构造的口令服从均匀分布,然而,最新的研究表明,口令服从Zipf分布,这意味着目前大部分口令相关安全协议都低估了攻击者优势,并不能达到所声称的安全性。针对上述问题,文中以Gjõsteen等提出的基于口令的签名(Password-Based Signatures,PBS)协议以及Jarecki等提出的口令保护秘密共享(Password-Protected Secret Sharing,PPSS)协议为典型代表,从口令服从Zipf分布这一基本假设出发,分析了这两个协议的安全性证明缺陷,并重新定义了其安全性。同时,文中给出了对上述两个协议的改进:对于PBS协议,重新计算了攻击者优势,并通过限制攻击者猜测次数和委托可信第三方保管密钥,使得改进后的PBS协议可以抵御恶意攻击者仿冒一般用户的攻击,以及恶意服务器猜测用户口令并伪造签名的攻击;对于PPSS协议,基于诱饵口令思想,在服务器端设置了Honey_List以检测并阻止在线口令猜测攻击。

Identity authentication is the first line of defense for the security of networks and information systems,and password is the most common method of identity authentication.Researches usually assume that user-constructed passwords obey uniform distribution.However,recent studies found that passwords obey Zipf’s law,which means that most password-related security protocols underestimate the advantage of an attacker and thus fail to achieve the claimed security.In response to the above problem,first of all,Password-Based Signatures(PBS)protocol proposed by Gjosteen,et al.and Password-Protected Secret Sharing(PPSS)protocol proposed by Jarecki,et al.are taken as typical representatives.Based on the basic assumption that passwords obey Zipf’s law,the security proofs of these two protocols are demonstrated to be flawed,and the security is redefined.Furthermore,the improvements to the two protocols are given respectively.In improved PBS protocol,an attacker’s advantage is recalculated.By limiting the guess number of an attacker and entrusting a trusted third party to keep the key,the protocol can prevent a malicious attacker from disguising a legitimate user,and can prevent a malicious server from guessing a user’s password and for-ging the signature.In improved PPSS protocol,a Honey_List is set on the server side based on honeywords to detect and prevent online password guessing attack.