Samson Zhou scite author profile

We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with 10 5 hash iterations exceeds 2017 NIST minimum recommendation by an order of magnitude. Nevertheless, our analysis paints a bleak picture: the adopted key-stretching levels provide insufficient protection for user passwords. In particular, we present strong evidence that most user passwords follow a Zipf's law distribution, and characterize the behavior of a rational attacker when user passwords are selected from a Zipf's law distribution. We show that there is a finite threshold which depends on the Zipf's law parameters that characterizes the behavior of a rational attacker -if the value of a cracked password (normalized by the cost of computing the password hash function) exceeds this threshold then the adversary's optimal strategy is always to continue attacking until each user password has been cracked. In all cases (Yahoo!, Dropbox, LastPass and AshleyMadison) we find that the value of a cracked password almost certainly exceeds this threshold meaning that a rational attacker would crack all passwords that are selected from the Zipf's law distribution (i.e., most user passwords). This prediction holds even if we incorporate an aggressive model of diminishing returns for the attacker (e.g., the total value of 500 million cracked passwords is less than 100 times the total value of 5 million passwords). On a positive note our analysis demonstrates that memory hard functions (MHFs) such as SCRYPT or Argon2i can significantly reduce the damage of an offline attack. In particular, we find that because MHFs substantially increase guessing costs a rational attacker will give up well before he cracks most user passwords and this prediction holds even if the attacker does not encounter diminishing returns for additional cracked passwords. Based on our analysis we advocate that password hashing standards should be updated to require the use of memory hard functions for password hashing and disallow the use of non-memory hard functions such as BCRYPT or PBKDF2.

show abstract

Nearly Optimal Sparse Group Testing

Gandikota

Grigorescu

Jaggi

et al. 2019

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

Group testing is the process of pooling arbitrary subsets from a set of n items so as to identify, with a minimal number of tests, a "small" subset of d defective items. In "classical" non-adaptive group testing, it is known that when d is substantially smaller than n, Θ(d log(n)) tests are both information-theoretically necessary and sufficient to guarantee recovery with high probability. Group testing schemes in the literature meeting this bound require most items to be tested Ω(log(n)) times, and most tests to incorporate Ω(n/d) items.Motivated by physical considerations, we study group testing models in which the testing procedure is constrained to be "sparse". Specifically, we consider (separately) scenarios in which (a) items are finitely divisible and hence may participate in at most γ ∈ o(log(n)) tests; or (b) tests are size-constrained to pool no more than ρ ∈ o(n/d)items per test. For both scenarios we provide information-theoretic lower bounds on the number of tests required to guarantee high probability recovery. In particular, one of our main results shows that γ-finite divisibility of items forces any non-adaptive group testing algorithm with probability of recovery error at most ǫ to perform at least γd(n/d) (1−5ǫ)/γ tests. Analogously, for ρ-sized constrained tests, we show an information-theoretic lower bound of Ω(n/ρ) tests -hence in both settings the number of tests required grow dramatically (relative to the classical setting) as a function of n. In both scenarios we provide both randomized constructions (under both ǫ-error and zero-error reconstruction guarantees) and explicit constructions of designs with computationally efficient reconstruction algorithms that require a number of tests that are optimal up to constant or small polynomial factors in some regimes of n, d, γ and ρ. The randomized design/reconstruction algorithm in the ρ-sized test scenario is universal -independent of the value of d, as long as ρ ∈ o(n/d). We also investigate the effect of unreliability/noise in test outcomes. * A preliminary version [24] of this paper appeared in the

show abstract

Memory bounds for the experts problem

Vaidehi

Woodruff

Zhang

et al. 2022

View full text Add to dashboard Cite

Nearly optimal sparse group testing

Gandikota

Grigorescu

Jaggi

et al. 2016

View full text Add to dashboard Cite

Group testing is the process of pooling arbitrary subsets from a set of n items so as to identify, with a minimal number of disjunctive tests, a "small" subset of d defective items. In "classical" non-adaptive group testing, it is known that when d = o(n 1−δ ) for any δ > 0, θ(d log(n)) tests are both information-theoretically necessary, and sufficient to guarantee recovery with high probability. Group testing schemes in the literature meeting this bound require most items to be tested Ω(log(n)) times, and most tests to incorporate Ω(n/d) items.Motivated by physical considerations, we study group testing models in which the testing procedure is constrained to be "sparse". Specifically, we consider (separately) scenarios in which (a) items are finitely divisible and hence may participate in at most γ tests; and (b) tests are size-constrained to pool no more than ρ items per test. For both scenarios we provide information-theoretic lower bounds on the number of tests required to guarantee high probability recovery. In particular, one of our main results shows that γ-finite divisibility of items forces any group testing algorithm with probability of recovery error at most ǫ to perform at least Ω(γd(n/d) (1−2ǫ)/((1+2ǫ)γ) ) tests. Analogously, for ρ-sized constrained tests, we show an information-theoretic lower bound of Ω(n log(n/d)/(ρ log(n/ρd))). In both scenarios we provide both randomized constructions (under both ǫ-error and zero-error reconstruction guarantees) and explicit constructions of computationally efficient group-testing algorithms (under ǫ-error reconstruction guarantees) that require a number of tests that are optimal up to constant factors in some regimes of n, d, γ and ρ. We also investigate the effect of unreliability/noise in test outcomes.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Samson Zhou

Data-Independent Structured Pruning of Neural Networks via Coresets

On the Economics of Offline Password Cracking

Nearly Optimal Sparse Group Testing

Memory bounds for the experts problem

Nearly optimal sparse group testing

Contact Info

Product

Resources

About