04 October 2022
Learning More About Cyber4SecEurope Scientific Publications
During the lifetime of the project, CyberSec4Europe partners have authored and co-authored over 150 published scientific papers, all of which are referenced on the project website with details of how to access the source publication.
Needless to say, we cannot provide a synopsis of every paper written but we can offer an exemplar from a recent publication.
Protecting Servers from Data Breaches with Lethe
Nowadays, it is no news to hear that even high-profile web services, such as Yahoo, Dropbox, LinkedIn and Facebook, have been compromised and millions of passwords leaked. These data breaches are often detected several months or years later after the attackers had exploited the services and posted, or even sold, their data online.
Honeywords, which are false passwords associated with each user account, provide an easy to set-up and low overhead approach for detecting data breach incidents. A honeyword, which is visually similar to a user’s real password, is intended to lure potential adversaries into selecting it to attempt to log into the user’s account. However, using a honeyword to login sets off an alarm that an attempted data breach has been detected.
Since real passwords are now blended with honeywords, we need to store a list containing the index (position) of each user’s real password for validating login attempts. However, this list is an Achilles’ heel which, once compromised, renders honeywords no longer useful. Thus, for increasing the dependability of honeywords, such lists have to go!
Lethe (from the ancient Greek word “λήθη”, which means forgetting) is a honeywords-based data breach detection framework that can operate without storing the real password for each user account. Lethe is based on two principles:
- By utilising machine learning technologies for generating honeywords that cannot be reproduced, even when given the same password as input, Lethe ensures that an attacker cannot reverse the model and subvert the security of the honeywords.
- The only one who knows the real password is the user who selected it in the first place: Lethe is not aware of the real password.
Lethe records login events, but without storing the password used, and then replays those login events in another server offline. During this replay, Lethe can detect whether two different passwords were used for logging into a particular user account, in which case it signals a data breach alarm.
Full details of publication:
- Title: Lethe: Practical Data Breach Detection with Zero Persistent Secret State
- Authors: Antreas Dionysiou and Elias Athanasopoulos
- Publication: Proceedings of the 7th IEEE European Symposium on Security and Privacy, Genoa, June 2022
- Additional note: Distinguished paper award finalist