Tripwire

DeBlasio, Joe; Savage, Stefan; Voelker, Geoffrey M.; Snoeren, Alex C.

doi:10.1145/3131365.3131391

Cited by 22 publications

(7 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The importance of a quantifiably low false-alarm rate, particularly for breach detection, was detailed in stark terms by the Tripwire study [14]. In this study, researchers worked with an email provider to monitor for logins to fake email accounts, each used to register a decoy account with the same password at another site.…”

Section: False Alarms In Breach Detectionmentioning

confidence: 99%

“…Any login to an email account suggested that the site hosting its decoy account had been breached-assuming the email provider itself had not been breached-since the only places where that password (or a hash thereof) existed were the email provider and the site hosting that decoy account. Despite DeBlasio, et al disclosing 18 apparent site breaches (and the Tripwire methodology) to the relevant site administrators, only onethird responded at all, only one indicated that it would force a password reset, and none notified their users [14,Sec. 6.3].…”

Section: False Alarms In Breach Detectionmentioning

confidence: 99%

“…6.3]. DeBlasio et al concluded, "a major open question ... is how much (probative, but not particularly illustrative) evidence produced by an external monitoring system like Tripwire is needed to convince operators to act, such as notifying their users and forcing a password reset" [14,Sec. 8].…”

Section: False Alarms In Breach Detectionmentioning

confidence: 99%

See 2 more Smart Citations

Bernoulli Honeywords

Wang,

Reiter

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Decoy passwords, or "honeywords," planted in a credential database can alert a site to its breach if ever submitted in a login attempt. To be effective, some honeywords must appear at least as likely to be user-chosen passwords as the real ones, and honeywords must be very difficult to guess without having breached the database, to prevent false breach alarms. These goals have proved elusive, however, for heuristic honeyword generation algorithms. In this paper we explore an alternative strategy in which the defender treats honeyword selection as a Bernoulli process in which each possible password (except the user-chosen one) is selected as a honeyword independently with a fixed probability. We show how Bernoulli honeywords can be integrated into two existing system designs for leveraging honeywords: one based on a honeychecker that stores the secret index of the user-chosen password in the list of account passwords, and another that does not leverage secret state at all. We show that Bernoulli honeywords enable analytic derivation of false breach-detection probabilities irrespective of what information the attacker gathers about the sites' users; that their true and false breach-detection probabilities demonstrate compelling efficacy; and that they can even enable performance improvements in modern honeyword system designs.

show abstract

Section: False Alarms In Breach Detectionmentioning

confidence: 99%

Section: False Alarms In Breach Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Bernoulli Honeywords

Wang,

Reiter

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Various other works have leveraged decoy accounts to detect credential database breaches, i.e., accounts with no owner that, if ever accessed, reveal the breach of the account's site or a site where a replica of the account was created (e.g., [14,21]). In Tripwire [13], each decoy account is registered with a distinct email address and password, for which the password at the email provider is the same. Any login to the email account (provided that the email provider is itself not compromised) suggests the breach of the website where that email address was used to register an account.…”

Section: Related Workmentioning

confidence: 99%

“…The paper concludes, "A major open question, however, is how much (probative, but not particularly illustrative) evidence produced by an external monitoring system like Tripwire is needed to convince operators to act, such as notifying their users and forcing a password reset"[13, Section 8].…”

mentioning

confidence: 99%

Using Amnesia to Detect Credential Database Breaches

Wang

Reiter

2022

Advances in Information Security

View full text Add to dashboard Cite

Known approaches for using decoy passwords (honeywords) to detect credential database breaches suffer from the need for a trusted component to recognize decoys when entered in login attempts, and from an attacker’s ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites. Amnesia is a framework that resolves these difficulties. Amnesia requires no secret state to detect the entry of honeywords and additionally allows a site to monitor for the entry of its decoy passwords elsewhere. We quantify the benefits of Amnesia using probabilistic model checking and the practicality of this framework through measurements of a working implementation.

show abstract