Cracking-resistant password vaults have been recently proposed with the goal of thwarting offline attacks. This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones. In this work, we establish a conceptual link between this problem and steganography, where the stego objects must be undetectable among cover objects. We compare the two frameworks and highlight parallels and differences. Moreover, we transfer results obtained in the steganography literature into the context of decoy generation. Our results include the infeasibility of perfectly secure decoy vaults and the conjecture that secure decoy vaults are at least as hard to construct as secure steganography.

Decoy password vaults: At least as hard as steganography? / Pasquini, Cecilia; Schöttle, Pascal; Böhme, Rainer. - 502:(2017), pp. 356-370. ((Intervento presentato al convegno 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017 tenutosi a Roma, Italia nel 29th-31st May 2017 [10.1007/978-3-319-58469-0_24].

Decoy password vaults: At least as hard as steganography?

Pasquini, Cecilia;
2017

Abstract

Cracking-resistant password vaults have been recently proposed with the goal of thwarting offline attacks. This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones. In this work, we establish a conceptual link between this problem and steganography, where the stego objects must be undetectable among cover objects. We compare the two frameworks and highlight parallels and differences. Moreover, we transfer results obtained in the steganography literature into the context of decoy generation. Our results include the infeasibility of perfectly secure decoy vaults and the conjecture that secure decoy vaults are at least as hard to construct as secure steganography.
ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017: Proceedings
Cham, CH
Springer
978-3-319-58468-3
978-3-319-58469-0
Pasquini, Cecilia; Schöttle, Pascal; Böhme, Rainer
Decoy password vaults: At least as hard as steganography? / Pasquini, Cecilia; Schöttle, Pascal; Böhme, Rainer. - 502:(2017), pp. 356-370. ((Intervento presentato al convegno 32nd International Conference on ICT Systems Security and Privacy Protection, IFIP SEC 2017 tenutosi a Roma, Italia nel 29th-31st May 2017 [10.1007/978-3-319-58469-0_24].
File in questo prodotto:
File Dimensione Formato  
IFIPSEC2017postprint.pdf

embargo fino al 31/12/2018

Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 343.44 kB
Formato Adobe PDF
343.44 kB Adobe PDF Visualizza/Apri
Pasquini2017_Chapter_DecoyPasswordVaultsAtLeastAsHa.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 437.29 kB
Formato Adobe PDF
437.29 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/277588
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact