TY - JOUR
T1 - Password typographical error resilience in honey encryption
AU - Choi, Hoyul
AU - Jeong, Jongmin
AU - Woo, Simon S.
AU - Kang, Kyungtae
AU - Hur, Junbeom
N1 - Funding Information:
This work was supported by a National Research Foundation of Korea (NRF) grant funded by the Korean government (MSIP) (No. 2016R1A2A2A05005402 and 2017R1C1B5076474). This work was also supported by an Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korean government (MSIP) (No. 2017-0-00380, Development of next generation user authentication), and the ICT Consilience Creative program (IITP-2017-R0346-16-1007).
Funding Information:
This work was supported by a National Research Foundation of Korea (NRF) grant funded by the Korean government (MSIP) (No. 2016R1A2A2A05005402 and 2017R1C1B5076474 ). This work was also supported by an Institute for Information & Communications Technology Promotion ( IITP ) grant funded by the Korean government (MSIP) (No. 2017-0-00380 , Development of next generation user authentication), and the ICT Consilience Creative program (IITP-2017-R0346-16-1007).
Publisher Copyright:
© 2018 Elsevier Ltd
PY - 2019/11
Y1 - 2019/11
N2 - Honey encryption (HE) is a novel password-based encryption scheme that is secure against brute-force attacks even if users’ passwords have min-entropy. However, in HE, decryption with an incorrect key produces fake messages that appear valid. Hence, password typographical errors may confuse even legitimate users. This has been one of the most challenging problems in HE. To tackle this challenge, we propose three types of protocols that enable legitimate users to detect password typographical errors in HE. We conducted a theoretical analysis and performed an IRB-approved user study with 150 participants to compare the performance of each scheme. We also analyzed the security of the proposed schemes against online and offline brute-force attacks. The results from the user study and theoretical analysis show that the proposed schemes can effectively solve the typographical error problem of HE, which can detect typographical errors with 99% accuracy.
AB - Honey encryption (HE) is a novel password-based encryption scheme that is secure against brute-force attacks even if users’ passwords have min-entropy. However, in HE, decryption with an incorrect key produces fake messages that appear valid. Hence, password typographical errors may confuse even legitimate users. This has been one of the most challenging problems in HE. To tackle this challenge, we propose three types of protocols that enable legitimate users to detect password typographical errors in HE. We conducted a theoretical analysis and performed an IRB-approved user study with 150 participants to compare the performance of each scheme. We also analyzed the security of the proposed schemes against online and offline brute-force attacks. The results from the user study and theoretical analysis show that the proposed schemes can effectively solve the typographical error problem of HE, which can detect typographical errors with 99% accuracy.
KW - Brute-force resilience
KW - Honey encryption
KW - Password typographical error
KW - Password-based encryption
KW - Typographical error resilience
UR - http://www.scopus.com/inward/record.url?scp=85055653864&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2018.07.020
DO - 10.1016/j.cose.2018.07.020
M3 - Article
AN - SCOPUS:85055653864
VL - 87
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 101411
ER -