Detecting stuffing of a user's credentials at her own accounts

by   Ke Coby Wang, et al.

We propose a framework by which websites can coordinate to detect credential stuffing on individual user accounts. Our detection algorithm teases apart normal login behavior (involving password reuse, entering correct passwords into the wrong sites, etc.) from credential stuffing, by leveraging modern anomaly detection and carefully tracking suspicious logins. Websites coordinate using a novel private membership-test protocol, thereby ensuring that information about passwords is not leaked; this protocol is highly scalable, partly due to its use of cuckoo filters, and is more secure than similarly scalable alternatives in an important measure that we define. We use probabilistic model checking to estimate our credential-stuffing detection accuracy across a range of operating points. These methods might be of independent interest for their novel application of formal methods to estimate the usability impacts of our design. We show that even a minimal-infrastructure deployment of our framework should already support the combined login load experienced by the airline, hotel, retail, and consumer banking industries in the U.S.


page 1

page 2

page 3

page 4


How to end password reuse on the web

We present a framework by which websites can coordinate to make it diffi...

Early Anomaly Detection by Learning and Forecasting Behavior

Graph anomaly detection systems aim at identifying suspicious accounts o...

Prevalence of DNSSEC for hospital websites in Illinois

The domain name system translates human friendly web addresses to a comp...

Plankton: Scalable network configuration verification through model checking

Network configuration verification enables operators to ensure that the ...

Supporting Early and Scalable Discovery of Disinformation Websites

Online disinformation is a serious and growing sociotechnical problem th...

Usability of Humanly Computable Passwords

Reusing passwords across multiple websites is a common practice that com...

Scalable changepoint and anomaly detection in cross-correlated data with an application to condition monitoring

Motivated by a condition monitoring application arising from subsea engi...