Marina Bohuk
April 3, 2024 at 11:00 AM on Zoom / Soda Hall
Characterizing & Detecting Password Guessing Attacks in Practice
Abstract: Modern authentication systems still mainly rely on passwords for authentication. However, passwords are prone to remote guessing attacks in which an attacker iterates through a guess list of credentials, submitting them against a live login system. In this talk, I will discuss my work on preventing, characterizing, and detecting password guessing attacks such as credential stuffing and tweaking based on observations on real login data. First I will discuss a measurement framework called Gossamer for securely recording password-derived measurements, which we used to collect data on 34 million login requests at two universities. Then I will show how we used the data collected by Gossamer to develop a clustering approach called Arana that detects and groups login requests into attack campaigns. This talk is based on joint work with Mazharul Islam, Suleman Ahmad, Paul Chung, Michael Swift, Rahul Chatterjee, and Tom Ristenpart.
Bio: Marina Bohuk is a fifth year PhD student in Computer Science at Cornell Tech working with Tom Ristenpart. Her research focuses on designing secure authentication systems and countermeasures to protect against abuse.