| dc.contributor.author | Salamatian, Salman | |
| dc.contributor.author | Huleihel, Wasim | |
| dc.contributor.author | Beirami, Ahmad | |
| dc.contributor.author | Cohen, Asaf | |
| dc.contributor.author | Medard, Muriel | |
| dc.date.accessioned | 2021-10-27T20:23:17Z | |
| dc.date.available | 2021-10-27T20:23:17Z | |
| dc.date.issued | 2020 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/135395 | |
| dc.description.abstract | © 2005-2012 IEEE. According to recent empirical studies, a majority of users have the same, or very similar, passwords across multiple password-secured online services. This practice can have disastrous consequences, as one password being compromised puts all the other accounts at much higher risk. Generally, an adversary may use any side-information he/she possesses about the user, be it demographic information, password reuse on a previously compromised account, or any other relevant information to devise a better brute-force strategy (so called targeted attack). In this work, we consider a distributed brute-force attack scenario in which m adversaries, each observing some side information, attempt breaching a password secured system. We compare two strategies: an uncoordinated attack in which the adversaries query the system based on their own side-information until they find the correct password, and a fully coordinated attack in which the adversaries pool their side-information and query the system together. For passwords X of length n, generated independently and identically from a distribution PX, we establish an asymptotic closed-form expression for the uncoordinated and coordinated strategies when the side-information Y(m) are generated independently from passing X through a memoryless channel PY|X, as the length of the password n goes to infinity. We illustrate our results for binary symmetric channels and binary erasure channels, two families of side-information channels which model password reuse. We demonstrate that two coordinated agents perform asymptotically better than any finite number of uncoordinated agents for these channels, meaning that sharing side-information is very valuable in distributed attacks. | |
| dc.language.iso | en | |
| dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | |
| dc.relation.isversionof | 10.1109/TIFS.2020.2998949 | |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | |
| dc.source | arXiv | |
| dc.title | Centralized vs Decentralized Targeted Brute-Force Attacks: Guessing with Side-Information | |
| dc.type | Article | |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.relation.journal | IEEE Transactions on Information Forensics and Security | |
| dc.eprint.version | Author's final manuscript | |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | |
| dc.date.updated | 2021-03-09T17:45:34Z | |
| dspace.orderedauthors | Salamatian, S; Huleihel, W; Beirami, A; Cohen, A; Medard, M | |
| dspace.date.submission | 2021-03-09T17:45:35Z | |
| mit.journal.volume | 15 | |
| mit.license | OPEN_ACCESS_POLICY | |
| mit.metadata.status | Authority Work and Publication Information Needed | |
