ebook img

Technology and Practice of Passwords: International Conference on Passwords, PASSWORDS’14, Trondheim, Norway, December 8–10, 2014, Revised Selected Papers PDF

159 Pages·2015·5.46 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Technology and Practice of Passwords: International Conference on Passwords, PASSWORDS’14, Trondheim, Norway, December 8–10, 2014, Revised Selected Papers

Stig F. Mjølsnes (Ed.) 3 9 Technology and Practice 3 9 S C of Passwords N L International Conference on Passwords, PASSWORDS’14 Trondheim, Norway, December 8–10, 2014 Revised Selected Papers 123 Lecture Notes in Computer Science 9393 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 ø Stig F. Mj lsnes (Ed.) Technology and Practice of Passwords ’ International Conference on Passwords, PASSWORDS 14 – Trondheim, Norway, December 8 10, 2014 Revised Selected Papers 123 Editor Stig F.Mjølsnes Department ofTelematics NorwegianUniversity of Science andTechnology Trondheim Norway ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-24191-3 ISBN978-3-319-24192-0 (eBook) DOI 10.1007/978-3-319-24192-0 LibraryofCongressControlNumber:2015948775 LNCSSublibrary:SL4–SecurityandCryptology SpringerChamHeidelbergNewYorkDordrechtLondon ©SpringerInternationalPublishingSwitzerland2015 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper SpringerInternationalPublishingAGSwitzerlandispartofSpringerScience+BusinessMedia (www.springer.com) Preface The International Conference on Passwords (PASSWORDS’14) was held December 8–10,2014,atNTNUinTrondheim,Norway.Thisvolumecontainsacollectionofthe 10 best papers presented at the conference. Furthermore, the conference included four invited keynote talks: – Alec Muffett: Crack - A Sensible Password Checker for Unix – Marc Heuse: Online Password Attacks – BenjaminDelpy:Mimikatz, orHow toPushMicrosoft toChange Some LittleStuff – Sigbjørn Hervik: The Big Perspective! The complete conference program can be found on the web at http://passwords14. item.ntnu.no. Note that all presentations were video recorded by the NTNU Mediasenter and are available at https://video.adm.ntnu.no/serier/5493ea75d5589 The technical and practical problem addressed by this conference is illustrated by the fact that more than half a billion user passwords have been compromised over the last five years, including breaches at big internet companies such as Adobe, Twitter, Forbes, LinkedIn,andYahoo.Yetpasswords,PINcodes,andsimilar remainthemost prevalent method of personal authentication. Clearly, we have a systemic problem. ThePasswordsconferenceseriesstartedin2010,wheretheinitiatorPerThorsheim setouttorallythebest-practice-drivenpasswordhackersandcrackersfromaroundthe globe on the focussed topic of ‘all password related’. This includes attacks, analyses, designs,applications, protocols, systems, practical experiences, and theory.The inten- tionwastoprovideafriendlyenvironmentwithplentyofopportunitytocommunicate directlywiththespeakersandparticipantsbefore,during,andaftertheirpresentations, and atsocialevenings with pizza. We didall this at PASSWORDS’14. Five conference events have been organized in Norway since 2010 (Bergen, Oslo, Trondheim),mainlysponsoredandsupportedbyNorwegianuniversitiesandtheFRISC research network. The attendance, significance, and reputation of the conference have been growing steadily. Annual participation has doubled over the past three years. About 90 participants attended PASSWORDS’14, with people arriving from 11 European countries, and from India, China, Russia, and the USA. The upcoming con- ferencewillbehostedbyCambridgeUniversity,UK,inDecember2015.(Itshouldbe mentioned here that two more Passwords ‘presentations only’ conferences were orga- nized inLas Vegasin 2013and2014, during thehotAugust‘hacker weeks’ there.) Wesetourselvesthechallengeofattractingmoreuniversitypeopletothisimportant practiceproblemarea.HencethePASSWORDS’14becamethefirstinthisconference series to issue a call for papers in the academic sense with regular peer review and publishing. Hackers, in the wide positive sense, are often enthusiastic presenters of their practical experience and exploits, but quite indifferent to writing papers. By contrast, VI Preface scientistsaregoodatwritingpapers,butoftenoblivioustotheactualdetailsofpractice. At times, this difference in approach incites antagonistic attitudes between these communities. We wanted to mingle the two, shall we say, the explorers and the explanators,formutualinspirationandcommunicationtothebenefitoftheconference topic. Certainly a risky ambition, but we wanted to give it a try. And judging by the response from the participants, we succeeded! Hereishowtheacademicactivityturnedout.Theuncertaintyofwhetherwewould receive a sufficient number of submissions in response to the call for papers made the Program Committee opt for a post-event proceedings publication. Consequently, the papersappearinginthispost-eventproceedingswereselectedinatwo-roundreviewand revision process. We received in total 30 submissions for the conference, including tutorials and short and long papers. The Program Committee accepted 21 of these submissions to be qualified for conference presentations. This was done through a double blind review process with an average of 2.7 reviews per submission. A pre- proceedingswasuploadedtotheconferencewebsite.Thesecondroundhappenedinthe monthsaftertheconference,wherewereceived13papersforthesubmissionspresented attheconference.Thesepaperswerenowrevisedaccordingtocommentsfromthefirst round and questions/remarks made at the conference presentation, and showed the authors’ name and affiliation. Therefore we performed this round as a single blind review process with 2 reviewers per paper. This second review process resulted in 10 papers being finally accepted for publication. The Easychair web service was used throughout this work. July 2015 Stig Frode Mjølsnes Acknowledgements First of all thanks to my co-organizer Per Thorsheim for excellent and flexible coop- eration both in the practical planning, the program creation, and in bringing all those world-class hackers to the conference. Great working with you! All the names of the Program Committee members and the proceedings paper reviewers are listed below. Thanks to all of you for providing your expertise to the service of this conference! Thank you to Mona Nordaune at the Department of Telematics, NTNU, for your expert assistance and efficient management in all matters of local conference organi- zation. Thanks to PhD-students Britta Hale and Chris Carr for the practical support work during the conference. Andreas Aarlott, Magnus Lian, and Morten Nyutstumo at the NTNU Multimedia- senterdidthevideorecordingandproductionofallconferencepresentationsinavery professional and accommodating style. AlfredHofmannatSpringerrespondedfasttomyinitialpublicationrequest,andthe folksatSpringerprovidedclearandprofessionalguidancewithrespecttotheeditorial work. Department of Telematics, NTNU, hosted the conference at the Gløshaugen cam- pus.TheconferencewasorganizedandsponsoredaspartoftheactivitiesoftheFRISC project (www.frisc.no), which I am heading. FRISC is a network of 10 Norwegian universities and research organizations with research groups in information security. The purpose of the FRISC network is to bring together practitioners and academics, and the Passwords conference series has been an excellent arena for this. FRISCS is partly funded by the Norwegian Research Council. Organization Conference Program Committee Members Stig F. Mjølsnes NTNU, Norway (papers chair) Per Thorsheim GodPraksisAS,Norway(tutorialsandkeynoteschair) Jean-Phillipe Aumasson Kudelski Security, Switzerland Markus Dürmuth Ruhr-University Bochum, Germany Tor Helleseth University of Bergen, Norway Audun Jøsang University of Oslo, Norway Stefan Lucks Bauhaus-University Weimar, Germany Markku-Juhani O. Saarinen ERCIM Research Fellow at NTNU, Norway Frank Stajano University of Cambridge, UK Kenneth White Open Crypto Audit Project, USA Referees for the Proceedings Stig F. Mjølsnes NTNU, Norway (editor) Jean-Phillipe Aumasson Kudelski Security, Switzerland Markus Dürmuth Ruhr-University Bochum, Germany Danilo Gligoroski NTNU, Norway Markus Jakobsson Qualcomm, USA Tor Helleseth University of Bergen, Norway Stefan Lucks Bauhaus-University Weimar, Germany Chris Mitchell Royal Holloway, University of London, UK Markku-Juhani O. Saarinen ERCIM Research Fellow, Finland Frank Stajano University of Cambridge, UK Kenneth White Open Crypto Audit Project, USA X Organization Sponsor Forum for Research and Innovation in Information Security and Communications (The FRISC network project)

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.