SEIGuard: An Authentication-simplified and Deceptive Scheme to Protect Server-side Social Engineering Information Against Brute-force Attacks

by   Zuoguang Wang, et al.

This paper proposes an authentication-simplified and deceptive scheme (SEIGuard) to protect server-side social engineering information (SEI) and other information against brute-force attacks. In SEIGuard, the password check in authentication is omitted and this design is further combined with the SEI encryption design using honey encryption. The login password merely serves as a temporary key to encrypt SEI and there is no password plaintext or ciphertext stored in the database. During the login, the server doesn't check the login passwords, correct passwords decrypt ciphertexts to be correct plaintexts; incorrect passwords decrypt ciphertexts to be phony but plausible-looking plaintexts (sampled from the same distribution). And these two situations share the same undifferentiated backend procedures. This scheme eliminates the anchor that both online and offline brute-force attacks depending on. Furthermore, this paper presents four SEIGuard scheme designs and algorithms for 4 typical social engineering information objects (mobile phone number, identification number, email address, personal name), which represent 4 different types of message space, i.e. 1) limited and uniformly distributed, 2) limited, complex and uniformly distributed, 3) unlimited and uniformly distributed, 4) unlimited and non-uniformly distributed message space. Specially, we propose multiple small mapping files strategies, binary search algorithms, two-part HE (DTE) design and incremental mapping files solutions for the applications of SEIGuard scheme. Finally, this paper develops the SEIGuard system based on the proposed schemes, designs and algorithms. Experiment result shows that the SEIGuard scheme can effectively protect server-side SEI against brute-force attacks, and SEIGuard also has an impressive real-time response performance that is better than conventional PBE server scheme and HE encryption/decryption.


page 1

page 2

page 3

page 4


SANSCrypt: A Sporadic-Authentication-Based Sequential Logic Encryption Scheme

We propose SANSCrypt, a novel sequential logic encryption scheme to prot...

An authentication model based on cryptography

In this paper we proposed an authentication technique based on the user ...

PUF-RLA: A PUF-based Reliable and Lightweight Authentication Protocol employing Binary String Shuffling

Physically unclonable functions (PUFs) can be employed for device identi...

DAHash: Distribution Aware Tuning of Password Hashing Costs

An attacker who breaks into an authentication server and steals all of t...

Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

In September 2017, McAffee Labs quarterly report estimated that brute fo...

An Attack Resilient PUF-based Authentication Mechanism for Distributed Systems

In most PUF-based authentication schemes, a central server is usually en...

Efficacy of Object-Based Passwords for User Authentication

Traditional text-based password schemes are inherently weak. Users tend ...