Password typographical error resilience in honey encryption

Hoyul Choi; Jongmin Jeong; Simon S. Woo; Kyungtae Kang; Junbeom Hur

doi:10.1016/j.cose.2018.07.020

Password typographical error resilience in honey encryption

Hoyul Choi, Jongmin Jeong, Simon S. Woo, Kyungtae Kang, Junbeom Hur

Research output: Contribution to journal › Article

Abstract

Honey encryption (HE) is a novel password-based encryption scheme that is secure against brute-force attacks even if users’ passwords have min-entropy. However, in HE, decryption with an incorrect key produces fake messages that appear valid. Hence, password typographical errors may confuse even legitimate users. This has been one of the most challenging problems in HE. To tackle this challenge, we propose three types of protocols that enable legitimate users to detect password typographical errors in HE. We conducted a theoretical analysis and performed an IRB-approved user study with 150 participants to compare the performance of each scheme. We also analyzed the security of the proposed schemes against online and offline brute-force attacks. The results from the user study and theoretical analysis show that the proposed schemes can effectively solve the typographical error problem of HE, which can detect typographical errors with 99% accuracy.

Original language	English
Journal	Computers and Security
DOIs	https://doi.org/10.1016/j.cose.2018.07.020
Publication status	Accepted/In press - 2018 Jan 1

Keywords

Brute-force resilience
Honey encryption
Password typographical error
Password-based encryption
Typographical error resilience

ASJC Scopus subject areas

Computer Science(all)
Law

Access to Document

10.1016/j.cose.2018.07.020

Fingerprint Dive into the research topics of 'Password typographical error resilience in honey encryption'. Together they form a unique fingerprint.

Cite this

Choi, H., Jeong, J., Woo, S. S., Kang, K., & Hur, J. (Accepted/In press). Password typographical error resilience in honey encryption. Computers and Security. https://doi.org/10.1016/j.cose.2018.07.020

@article{ffe8ed5f3a8644fc83f1f0d82c6d15d1,

title = "Password typographical error resilience in honey encryption",

abstract = "Honey encryption (HE) is a novel password-based encryption scheme that is secure against brute-force attacks even if users{\textquoteright} passwords have min-entropy. However, in HE, decryption with an incorrect key produces fake messages that appear valid. Hence, password typographical errors may confuse even legitimate users. This has been one of the most challenging problems in HE. To tackle this challenge, we propose three types of protocols that enable legitimate users to detect password typographical errors in HE. We conducted a theoretical analysis and performed an IRB-approved user study with 150 participants to compare the performance of each scheme. We also analyzed the security of the proposed schemes against online and offline brute-force attacks. The results from the user study and theoretical analysis show that the proposed schemes can effectively solve the typographical error problem of HE, which can detect typographical errors with 99% accuracy.",

keywords = "Brute-force resilience, Honey encryption, Password typographical error, Password-based encryption, Typographical error resilience",

author = "Hoyul Choi and Jongmin Jeong and Woo, {Simon S.} and Kyungtae Kang and Junbeom Hur",

year = "2018",

month = jan,

day = "1",

doi = "10.1016/j.cose.2018.07.020",

language = "English",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier Limited",

}

TY - JOUR

T1 - Password typographical error resilience in honey encryption

AU - Choi, Hoyul

AU - Jeong, Jongmin

AU - Woo, Simon S.

AU - Kang, Kyungtae

AU - Hur, Junbeom

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Honey encryption (HE) is a novel password-based encryption scheme that is secure against brute-force attacks even if users’ passwords have min-entropy. However, in HE, decryption with an incorrect key produces fake messages that appear valid. Hence, password typographical errors may confuse even legitimate users. This has been one of the most challenging problems in HE. To tackle this challenge, we propose three types of protocols that enable legitimate users to detect password typographical errors in HE. We conducted a theoretical analysis and performed an IRB-approved user study with 150 participants to compare the performance of each scheme. We also analyzed the security of the proposed schemes against online and offline brute-force attacks. The results from the user study and theoretical analysis show that the proposed schemes can effectively solve the typographical error problem of HE, which can detect typographical errors with 99% accuracy.

AB - Honey encryption (HE) is a novel password-based encryption scheme that is secure against brute-force attacks even if users’ passwords have min-entropy. However, in HE, decryption with an incorrect key produces fake messages that appear valid. Hence, password typographical errors may confuse even legitimate users. This has been one of the most challenging problems in HE. To tackle this challenge, we propose three types of protocols that enable legitimate users to detect password typographical errors in HE. We conducted a theoretical analysis and performed an IRB-approved user study with 150 participants to compare the performance of each scheme. We also analyzed the security of the proposed schemes against online and offline brute-force attacks. The results from the user study and theoretical analysis show that the proposed schemes can effectively solve the typographical error problem of HE, which can detect typographical errors with 99% accuracy.

KW - Brute-force resilience

KW - Honey encryption

KW - Password typographical error

KW - Password-based encryption

KW - Typographical error resilience

UR - http://www.scopus.com/inward/record.url?scp=85055653864&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055653864&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2018.07.020

DO - 10.1016/j.cose.2018.07.020

M3 - Article

AN - SCOPUS:85055653864

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -