loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Eva Anastasiadi 1 ; 2 ; Elias Athanasopoulos 3 and Evangelos Markatos 1 ; 2

Affiliations: 1 Computer Science Department, University of Crete, Greece ; 2 Institute of Computer Science, Foundation for Research and Technology Hellas, Greece ; 3 Computer Science Department, University of Cyprus, Cyprus

Keyword(s): Authentication, Passwords, Database Leaks.

Abstract: Over the last decade, we have seen a significant number of data breaches affecting hundreds of millions of users. Leaked password files / Databases that contain passwords in plaintext allow attackers to get immediate access to the credentials of all the accounts stored in those files. Nowadays most systems keep passwords in a hashed salted form, but using brute force techniques attackers are still able to crack a large percentage of those passwords. In this work, we present a novel approach to protect users’ credentials from such leaks. We propose a new architecture for the password file that makes use of multiple servers. The approach is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time. Our prototype implementation and preliminary evaluation in the authentication system of WordPress suggests that this approach is not only easy to incorporate into existing systems, but it also has minimal overhead.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.14.130.24

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Anastasiadi, E.; Athanasopoulos, E. and Markatos, E. (2022). The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems. In Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-590-6; ISSN 2184-7711, SciTePress, pages 560-567. DOI: 10.5220/0011276900003283

@conference{secrypt22,
author={Eva Anastasiadi. and Elias Athanasopoulos. and Evangelos Markatos.},
title={The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT},
year={2022},
pages={560-567},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011276900003283},
isbn={978-989-758-590-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT
TI - The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems
SN - 978-989-758-590-6
IS - 2184-7711
AU - Anastasiadi, E.
AU - Athanasopoulos, E.
AU - Markatos, E.
PY - 2022
SP - 560
EP - 567
DO - 10.5220/0011276900003283
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic