Decoy Password Vaults: At Least as Hard as Steganography?

@inproceedings{Pasquini2017DecoyPV,
  title={Decoy Password Vaults: At Least as Hard as Steganography?},
  author={Cecilia Pasquini and Pascal Sch{\"o}ttle and Rainer B{\"o}hme},
  booktitle={SEC},
  year={2017}
}
Cracking-resistant password vaults have been recently proposed with the goal of thwarting offline attacks. This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones. In this work, we establish a conceptual link between this problem and steganography, where the stego objects must be undetectable among cover objects. We compare the two frameworks and highlight parallels and differences. Moreover, we transfer results obtained in the… 
On the Gold Standard for Security of Universal Steganography
TLDR
This work design and prove a family of 0-memoryless channels – where the already sent documents have only marginal influence on the current distribution – and prove that no ss-cca-secure steganography for this family exists in the standard non-look-ahead model.
Algorithm Substitution Attacks from a Steganographic Perspective
TLDR
This paper considers the common computational model for secret-key steganography and proves that successful ASAs correspond to secure stegosystems on certain channels and vice versa, which allows it to be concluded that ASAs are stegOSystems and several results concerning ASAs known in the steganographic literature are rediscovered.
N ov 2 01 7 Algorithm Substitution A acks from a Steganographic Perspective
TLDR
This paper considers the common computational model for secret-key steganography and proves that successful ASAs correspond to secure stegosystems on certain channels and vice versa, allowing it to be concluded that ASAs are stegOSystems and to discover several results concerning ASAs known in the steganographic literature.
SafeKeeper: Protecting Web Passwords using Trusted Execution Environments
TLDR
This work presents SafeKeeper, a novel and comprehensive solution to ensure secrecy of passwords in web authentication systems, which protects users» passwords against very strong adversaries, including external phishers as well as corrupted (rogue) servers.
Protecting Web Passwords from Rogue Servers using Trusted Execution Environments
TLDR
Unlike previous approaches, SafeKeeper protects user passwords against very strong adversaries, including rogue servers and sophisticated external phishers, and is relatively inexpensive to deploy as it uses widely available hardware security mechanisms like Intel SGX.
Generating and Managing Secure Passwords for Online Accounts
TLDR
The Password Assistance System (PAS), the first solution that is capable of handling the different password implementations of services, makes secure passwords usable for users by automation and comprehensive support and solves the password memorization problem by preserving passwords for users.

References

SHOWING 1-10 OF 18 REFERENCES
On the Security of Cracking-Resistant Password Vaults
TLDR
This work proposes attacks against cracking-resistant password vaults that are able to distinguish between real and decoy vaults with high accuracy and thus circumvent the offered protection, and proposes the notion of adaptive NLEs and demonstrates that they substantially limit the effectiveness of such attacks.
Cracking-Resistant Password Vaults Using Natural Language Encoders
TLDR
This paper investigates the construction of encrypted vaults that resist such offline cracking attacks and force attackers instead to mount online attacks, and presents a full, NLE-based cracking-resistant vault system called NoCrack.
An Information-Theoretic Model for Steganography
  • C. Cachin
  • Computer Science
    Information Hiding
  • 1998
Model-Based Steganography
TLDR
An information-theoretic method for performing steganography and steganalysis using a statistical model of the cover medium is presented, which achieves a higher embedding efficiency and message capacity than previous methods while remaining secure against first order statistical attacks.
Kamouflage: Loss-Resistant Password Management
TLDR
Kamouflage is implemented as a replacement for the built-in Firefox password manager, and performance measurements and the results from experiments with large real-world password sets are provided to evaluate the feasibility and effectiveness of the approach.
Honey Encryption: Security Beyond the Brute-Force Bound
TLDR
Honey encryption (HE), a simple, general approach to encrypting messages using low min-entropy keys such as passwords, provides security in cases where too little entropy is available to withstand brute-force attacks.
Feature-Based Steganalysis for JPEG Images and Its Implications for Future Design of Steganographic Schemes
TLDR
A new feature-based steganalytic method for JPEG images that is a linear classifier trained on feature vectors corresponding to cover and stego images and used as a benchmark for comparing JPEG steganographic algorithms and evaluating their embedding mechanisms.
Steganography in Digital Media: Principles, Algorithms, and Applications
TLDR
This clear, self-contained guide shows you how to understand the building blocks of covert communication in digital media files and how to apply the techniques in practice, including those of steganalysis, the detection of Steganography.
PKCS #5: Password-Based Cryptography Specification Version 2.0
This memo represents a republication of PKCS #5 v2.0 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this
An Epistemological Approach to Steganography
TLDR
It is argued that Simmon's seminal prisoner's problem has an empirical dimension, which cannot be ignored (or defined away) without simplifying the problem substantially.
...
...