Joseph Bonneau
Publications
I am currently focusing on web authentication for my thesis. In the past I have worked on social networking privacy, crypto protocols, side-channel attacks, software obfuscation, and reverse engineering. I try to make full text available for all publications accepted into acacemic conferences and workshops as soon as possible. My Google Scholar and Microsoft Academic Search pages have bibliometric data and links to citations of my papers.
Guessing statistics and metrics
- The science of guessing: analyzing an anonymized corpus of 70 million passwords
Joseph Bonneau. 2012 IEEE Symposium on Security and Privacy. San Francisco, CA, USA, May 21 2012.
Abstract CitationWe report on the largest corpus of user-chosen passwords ever studied, consisting of anonymized password histograms representing almost 70 million Yahoo! users, mitigating privacy concerns while enabling analysis of dozens of subpopulations based on demographic factors and site usage characteristics. This large data set motivates a thorough statistical treatment of estimating guessing difficulty by sampling from a secret distribution. In place of previously used metrics such as Shannon entropy and guessing entropy, which cannot be estimated with any realistically sized sample, we develop partial guessing metrics including a new variant of guesswork parameterized by an attacker's desired success rate. Our new metric is comparatively easy to approximate and directly relevant for security engineering. By comparing password distributions with a uniform distribution which would provide equivalent security against different forms of guessing attack, we estimate that passwords provide fewer than 10 bits of security against an online, trawling attack, and only about 20 bits of security against an optimal offline dictionary attack. We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution. Security motivations such as the registration of a payment card have no greater impact than demographic factors such as age and nationality. Even pro-active efforts to nudge users towards better password choices with graphical feedback make little difference. More surprisingly, even seemingly distant language communities choose the same weak passwords and an attacker never gains more than a factor of 2 efficiency gain by switching from the globally optimal dictionary to a population-specific lists.
@inproceedings{B12, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf", booktitle="2012 IEEE Symposium on Security and Privacy", title={{The science of guessing: analyzing an anonymized corpus of 70 million passwords}}, month="May", location="San Francisco, CA, USA", year="2012", } - Guessing human-chosen secrets (PhD dissertation)
(bindable version) (tech report version) (DSpace version)
Joseph Bonneau. May 11 2012.
Abstract CitationAuthenticating humans to computers remains a notable weak point in computer security despite decades of effort. Although the security research community has explored dozens of proposals for replacing or strengthening passwords, they appear likely to remain entrenched as the standard mechanism of human-computer authentication on the Internet for years to come. Even in the optimistic scenario of eliminating passwords from most of today's authentication protocols using trusted hardware devices or trusted servers to perform federated authentication, passwords will persist as a means of ``last-mile'' authentication between humans and these trusted single sign-on deputies. This dissertation studies the difficulty of guessing human-chosen secrets, introducing a sound mathematical framework modeling human choice as a skewed probability distribution. We introduce a new metric, alpha-guesswork, which can accurately models the resistance of a distribution against all possible guessing attacks. We also study the statistical challenges of estimating this metric using empirical data sets which can be modeled as a large random sample from the underlying probability distribution. This framework is then used to evaluate several representative data sets from the most important categories of human-chosen secrets to provide reliable estimates of security against guessing attacks. This includes collecting the largest-ever corpus of user-chosen passwords, with nearly 70 million, the largest list of human names ever assembled for research, the largest data sets of real answers to personal knowledge questions and the first data published about human choice of banking PINs. This data provides reliable numbers for designing security systems and highlights universal limitations of human-chosen secrets.
@phd_thesis{B12b, school="University of Cambridge", author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/2012-jbonneau-phd_thesis.pdf", title={{Guessing human-chosen secrets}}, month="May", year="2012", } - Statistical metrics for individual password strength
Joseph Bonneau. Twentieth International Workshop on Security Protocols. Cambridge, UK, Apr 11 2012.
Abstract CitationWe propose several possible metrics for measuring the strength of an individual password or any other secret drawn from a known, skewed distribution. In contrast to previous ad hoc approaches which rely on textual properties of passwords, we consider the problem without any knowledge of password structure. This enables rating the strength of a password given a large sample distribution without assuming anything about password semantics. We compare the results of our generic metrics against those of the NIST metrics and other previous ``entropy-based'' metrics for a large password dataset, which suggest over-fitting in previous metrics.
@inproceedings{B12a, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B12-SPW-statistical_password_strength_metrics.pdf", booktitle="20\textsuperscript{th} International Workshop on Security Protocols", title={{Statistical metrics for individual password strength}}, month="April", location="Cambridge, UK", year="2012", } - Linguistic properties of multi-word passphrases
Joseph Bonneau and Ekaterina Shutova. USEC '12: Workshop on Usable Security. Kralendijk, Bonaire, Netherlands, Mar 02 2012.
Abstract CitationWe examine patterns of human choice in a passphrase-based authentication system deployed by Amazon, a large online merchant. We tested the availability of a large corpus of over 100,000 possible phrases at Amazon's registration page, which prohibits using any phrase already registered by another user. A number of large, readily-available lists such as movie and book titles prove effective in guessing attacks, suggesting that passphrases are vulnerable to dictionary attacks like all schemes involving human choice. Extending our analysis with natural language phrases extracted from linguistic corpora, we find that phrase selection is far from random, with users strongly preferring simple noun bigrams which are common in natural language. The distribution of chosen passphrases is less skewed than the distribution of bigrams in English text, indicating that some users have attempted to choose phrases randomly. Still, the distribution of bigrams in natural language is not nearly random enough to resist offline guessing, nor are longer three- or four-word phrases for which we see rapidly diminishing returns.
@inproceedings{BS12, author="Joseph Bonneau and Ekaterina Shutova", url="http://www.cl.cam.ac.uk/~jcb82/doc/BS12-USEC-passphrase_linguistics.pdf", booktitle="USEC '12: Workshop on Usable Security", title={{Linguistic properties of multi-word passphrases}}, month="March", location="Kralendijk, Bonaire, Netherlands", year="2012", } - A birthday present every eleven wallets? The security of customer-chosen banking PINs
(survey wording) (RockYou PIN plot) (iPhone PIN plot)
Joseph Bonneau, Sören Preibusch and Ross Anderson. FC '12: The 16th International Conference on Financial Cryptography. Kralendijk, Bonaire, Netherlands, Mar 01 2012.
Abstract CitationWe provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smartphone unlock-codes. We use a regression model to identify a small number of dominant factors influencing user choice. Using this model and a survey of over 1,100 banking customers, we estimate the distribution of banking PINs as well as the frequency of security-relevant behaviour such as sharing and reusing PINs. We find that guessing PINs based on the victims' birthday, which nearly all users carry documentation of, will enable a competent thief to gain use of an ATM card once for every 11-18 stolen wallets, depending on whether banks prohibit weak PINs such as 1234. The lesson for cardholders is to never use one's date of birth as a PIN. The lesson for card-issuing banks is to implement a denied PIN list, which several large banks still fail to do. However, blacklists cannot effectively mitigate guessing given a known birth date, suggesting banks should move away from customer-chosen banking PINs in the long term.
@inproceedings{BPA12, author="Joseph Bonneau and S{\"{o}}ren Preibusch and Ross Anderson", url="http://www.cl.cam.ac.uk/~jcb82/doc/BPA12-FC-banking_pin_security.pdf", booktitle="FC '12: Proceedings of the the 16\textsuperscript{th} International Conference on Financial Cryptography", title={{A birthday present every eleven wallets? The security of customer-chosen banking PINs}}, month="March", location="Kralendijk, Bonaire, Netherlands", year="2012", } - What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions
(dataset)
Joseph Bonneau, Mike Just and Greg Matthews. FC '10: The 14th International Conference on Financial Cryptography. Tenerife, Spain, Jan 25 2010.
Abstract CitationWe study the efficiency of statistical attacks on human authentication systems relying on personal knowledge questions. We adapt techniques from guessing theory to measure security against a trawling attacker attempting to compromise a large number of strangers' accounts. We then examine a diverse corpus of real-world statistical distributions for likely answer categories such as the names of people, pets, and places and find that personal knowledge questions are significantly less secure than graphical or textual passwords. We also demonstrate that statistics can be used to increase security by proactively shaping the answer distribution to lower the prevalence of common responses.
@inproceedings{BJM10, author="Joseph Bonneau and Mike Just and Greg Matthews", url="http://www.cl.cam.ac.uk/~jcb82/doc/BJM10-FC-name_guessing_statistics.pdf", booktitle="FC '10: Proceedings of the the 14\textsuperscript{th} International Conference on Financial Cryptography", title={{What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions}}, month="January", location="Tenerife, Spain", year="2010", }
Web authentication in practice
- Of contraseñas, סיסמאות, and 密码: Character encoding issues for web passwords
Joseph Bonneau and Rubin Xu. Web 2.0 Security & Privacy. San Francisco, CA, USA, May 24 2012.
Abstract CitationPassword authentication remains ubiquitous on the web, primarily because of its low cost and compatibility with any device which allows a user to input text. Yet text is not universal. Computers must use a character encoding system to convert human-comprehensible writing into bits. We examine for the first time the lingering effects of character encoding on the password ecosystem. We report a number of bugs at large websites which reveal that non-ASCII passwords are often poorly supported, even by websites otherwise correctly supporting the recommended Unicode/UTF-8 character encoding system. We also study user behaviour through several leaked data sets of passwords chosen by English, Chinese, Hebrew and Spanish speakers as case studies. Our findings suggest that most users still actively avoid using characters outside of the original ASCII character set even when allowed to. Coping strategies include transliterating non-ASCII passwords using ASCII, changing keyboard mappings to produce nonsense ASCII passwords, and using passwords consisting entirely of numbers or of a geometric pattern on the keyboard. These last two strategies may reduce resistance to guessing attacks for passwords chosen by non-English speakers.
@inproceedings{BX12, author="Joseph Bonneau and Rubin Xu", url="http://www.cl.cam.ac.uk/~jcb82/doc/BX12-W2SP-passwords_character_encoding.pdf", booktitle="Web 2.0 Security {\&} Privacy", title={{Of contrase{\~{n}}as, sysmawt, and m\`{i}m\v{a}: Character encoding issues for web passwords}}, month="May", location="San Francisco, CA, USA", year="2012", } - The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
(full-length technical report)
Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano. 2012 IEEE Symposium on Security and Privacy. San Francisco, CA, USA, May 21 2012.
Abstract CitationWe evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.
@inproceedings{BHOS12, author="Joseph Bonneau and Cormac Herley and Paul C. {van Oorschot} and Frank Stajano", url="http://www.cl.cam.ac.uk/~jcb82/doc/BHOS12-IEEESP-quest_to_replace_passwords.pdf", booktitle="2012 IEEE Symposium on Security and Privacy", title={{The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes}}, month="May", location="San Francisco, CA, USA", year="2012", } - Getting web authentication right: a best-case protocol for the remaining life of passwords
Joseph Bonneau. 19th International Workshop on Security Protocols. Cambridge, UK, Mar 28 2011.
Abstract CitationWe outline an end-to-end password authentication protocol for the web designed to be stateless and as secure as possible given legacy limitations of the web browser and performance constraints of commercial web servers. Our scheme is secure against very strong but passive attackers able to observe both network traffic and the server's database state. At the same time, our scheme is simple for web servers to implement and requires no changes to modern, HTML5-compliant browsers. We assume TLS is available for initial login and no other public-key cryptographic operations, but successfully defend against cookie-stealing and cookie-forging attackers and provide strong resistance to password guessing attacks.
@inproceedings{B11, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B11-SPW-web_auth_right.pdf", booktitle="19\textsuperscript{th} International Workshop on Security Protocols", title={{Getting web authentication right: a best-case protocol for the remaining life of passwords}}, month="March", location="Cambridge, UK", year="2011", } - The Password Game: negative externalities from weak password practices
Sören Preibusch and Joseph Bonneau. GameSec 2010: Conference on Decision and Game Theory for Security. Berlin, Germany, Nov 23 2010.
Abstract CitationThe combination of username and password is widely used as a human authentication mechanism on the Web. Despite this universal adoption and despite their long tradition, password schemes exhibit a high number of security flaws which jeopardise the confidentiality and integrity of personal information. As Web users tend to reuse the same password for several sites, security negligence at any one site introduces a negative externality into the entire password ecosystem. We analyse this market inefficiency as the equilibrium between password deployment strategies at security-concerned Web sites and indifferent Web sites. The game-theoretic prediction is challenged by an empirical analysis. By a manual inspection of 150 public Web sites that offer free yet password-protected sign-up, complemented by an automated sampling of 2184 Web sites, we demonstrate that observed password practices follow the theory: Web sites that have little incentive to invest in security are indeed found to have weaker password schemes, thereby facilitating the compromise of other sites. We use the theoretical model to explore which technical and regulatory approaches could eliminate the empirically detected inefficiency in the market for password protection.
@inproceedings{PB10, author="S{\"{o}}ren Preibusch and Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/PB09-GS-password_game.pdf", booktitle="GameSec 2010: Conference on Decision and Game Theory for Security", title={{The Password Game: negative externalities from weak password practices}}, month="November", location="Berlin, Germany", year="2010", } - The password thicket: technical and market failures in human authentication on the web
(dataset)
Joseph Bonneau and Sören Preibusch. WEIS '10: The 9th Workshop on the Economics of Information Security. Boston, MA, USA, Jun 25 2010.
Abstract CitationWe report the results of the first large-scale empirical analysis of password implementations deployed on the Internet. Our study included 150 websites which offer free user accounts for a variety of purposes, including the most popular destinations on the web and a random sample of e-commerce, news, and communication websites. Although all sites evaluated relied on user-chosen textual passwords for authentication, we found many subtle but important technical variations in implementation with important security implications. Many poor practices were commonplace, such as a lack of encryption to protect transmitted passwords, storage of cleartext passwords in server databases, and little protection of passwords from brute force attacks. While a spectrum of implementation quality exists with a general correlation between implementation choices within more-secure and less-secure websites, we find a surprising number of inconsistent choices within individual sites, suggesting that the lack of a standards is harming security. We observe numerous ways in which the technical failures of lower-security sites can compromise higher-security sites due to the well-established tendency of users to re-use passwords. Our data confirms that the worst security practices are indeed found at sites with few security incentives, such as newspaper websites, while sites storing more sensitive information such as payment details or user communication implement more password security. From an economic viewpoint, password insecurity is a negative externality that the market has been unable to correct, undermining the viability of password-based authentication. We also speculate that some sites deploying passwords do so primarily for psychological reasons, both as a justification for collecting marketing data and as a way to build trusted relationships with customers. This theory suggests that efforts to replace passwords with more-secure protocols or federated identity systems may fail because they don't recreate the entrenched ritual of password authentication.
@inproceedings{BP10, author="Joseph Bonneau and S{\"{o}}ren Preibusch", url="http://www.cl.cam.ac.uk/~jcb82/doc/BP10-WEIS-password_thicket.pdf", booktitle="WEIS '10: Proceedings of the 9\textsuperscript{th} Workshop on the Economics of Information Security", title={{The password thicket: technical and market failures in human authentication on the web}}, month="June", location="Boston, MA, USA", year="2010", }
Security and privacy in the social web
- The privacy landscape: product differentiation on data collection
(dataset)
Sören Preibusch and Joseph Bonneau. WEIS '11: The 10th Workshop on the Economics of Information Security. Washington, DC, USA, Jun 14 2011.
Abstract CitationWhilst the majority of online consumers do not seem to take the privacy characteristics of goods and services into account with their consumption choices, a sizeable proportion consider differences in data collection and processing amongst alternative suppliers when deciding where to buy. Meeting their heterogeneous privacy preferences would require varied privacy regimes between different suppliers. Based on an empirical evaluation of 140 Web sites across five industries, we consider two questions: (1) can privacy-conscious consumers find a privacy-friendly seller/provider? (2) is this alternative associated with higher prices? We interpret the empirical evidence using the economic model of horizontal differentiation. As an overarching conclusion, differentiation on privacy is more prevalent in markets where consumption is priced—an observation that confirms the prediction from theory. Surprisingly, sellers that collect less data charge lower prices, with high significance. Implications for regulation and for further study are discussed.
@inproceedings{PB11, author="S{\"{o}}ren Preibusch and Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/PB11-WEIS-privacy_landscape.pdf", booktitle="WEIS '11: Proceedings of the 10\textsuperscript{th} Workshop on the Economics of Information Security", title={{The privacy landscape: product differentiation on data collection}}, month="June", location="Washington, DC, USA", year="2011", } - Don't Tread on Me: Moderating Access to OSN Data with SpikeStrip
Christo Wilson, Alessandra Sala, Joseph Bonneau, Robert Zablit and Ben Zhao. WOSN 2010: The 3rd Workshop on Online Social Networks. Boston, Massachussets, Jun 22 2010.
Abstract CitationOnline social networks rely on their valuable data stores to attract users and produce income. Their survival depends on the ability to protect users’ profiles and disseminate it to other users through controlled channels. Given the sparse user adoption of privacy policies, however, there is increasing incentive and opportunity for malicious parties to extract these datasets for profit using automated “crawlers” and “screen-scrapers.” With the arrival of distributed botnets and low-cost hosted VMs, attackers can perform fast, distributed crawls that evade traditional detectors and rate limiters. We propose SpikeStrip, a server add-on that uses light-weight link encryption to isolate and rate limit crawlers. We experiment with real OSN data, and show that SpikeStrip successfully curtails sophisticated, distributed crawlers while imposing minimal server throughput overhead and inconvenience to end-users.
@inproceedings{WSBZZ09, author="Christo Wilson and Alessandra Sala and Joseph Bonneau and Robert Zablit and Ben Zhao", url="http://www.cs.ucsb.edu/~ravenben/publications/pdf/spikestrip-wosn10.pdf", booktitle="WOSN 2010: The 3\textsuperscript{rd} Workshop on Online Social Networks", title={{Don't Tread on Me: Moderating Access to OSN Data with SpikeStrip }}, month="June", location="Boston, Massachussets", year="2010", } - Privacy-Enhanced Public View for Social Graphs
Hyoungshick Kim and Joseph Bonneau. SWSM '09: The 2nd Workshop on Social Web Search and Mining. Hong Kong, China, Nov 02 2009.
Abstract CitationWe consider the problem of releasing a limited public view of a sensitive graph which reveals at least k edges per node. We are motivated by Facebook’s public search listings, which ex- pose user profiles to search engines along with a fixed number of each user’s friends. If this public view is produced by uniform random sampling, an adversary can accurately approximate many sensitive features of the original graph, including the degree of individual nodes. We propose several schemes to produce public views which hide degree informa- tion. We demonstrate the practicality of our schemes using real data and show that it is possible to mitigate inference of degree while still providing useful public views.
@inproceedings{KB09, author="Hyoungshick Kim and Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/KB09-SWSM-privacy_public_view.pdf", booktitle="SWSM '09: The 2\textsuperscript{nd} Workshop on Social Web Search and Mining", title={{Privacy-Enhanced Public View for Social Graphs}}, month="November", location="Hong Kong, China", year="2009", } - Privacy Preserving Social Networking Over Untrusted Networks
Jonathan Anderson, Claudia Diaz, Joseph Bonneau and Frank Stajano. WOSN 2009: The 2nd ACM SIGCOMM Workshop on Online Social Networks. Barcelona, Spain, Aug 17 2009.
Abstract CitationCurrent social networks require users to place absolute faith in their operators, and the inability of operators to protect users from malicious agents has led to sensitive private in formation being made public. We propose an architecture for social networking that protects users’ social information from both the operator and other network users. This archi tecture builds a social network out of smart clients and an untrusted central server in a way that removes the need for faith in network operators and gives users control of their privacy.
@inproceedings{ADBS09, author="Jonathan Anderson and Claudia Diaz and Joseph Bonneau and Frank Stajano", url="http://www.cl.cam.ac.uk/~jcb82/doc/ADBS09-WOSN-privacy_enabling_sns.pdf", booktitle="WOSN 2009: The 2\textsuperscript{nd} ACM SIGCOMM Workshop on Online Social Networks", title={{Privacy Preserving Social Networking Over Untrusted Networks}}, month="August", location="Barcelona, Spain", year="2009", } - Prying Data out of a Social Network
Joseph Bonneau, Jonathan Anderson and George Danezis. ASONAM 09: The 1st International Conference on Advances in Social Networks Analysis and Mining. Athens, Greece, Jul 20 2009.
Abstract CitationPreventing adversaries from compiling significant amounts of user data is a major challenge for social network operators. We examine the difficulty of collecting profile and graph information from the popular social networking website Facebook and report two major findings. First, we describe several novel ways in which data can be extracted by third parties. Second, we demonstrate the efficiency of these methods on crawled data. Our findings highlight how the current pro tection of personal data is inconsistent with users’ expectations of privacy.
@inproceedings{BAD09, author="Joseph Bonneau and Jonathan Anderson and George Danezis", url="http://www.cl.cam.ac.uk/~jcb82/doc/BAS09-ASONAM-prying_sns_data.pdf", booktitle="ASONAM 09: The 1\textsuperscript{st} International Conference on Advances in Social Networks Analysis and Mining", title={{Prying Data out of a Social Network}}, month="July", location="Athens, Greece", year="2009", } - Privacy Stories: Confidence in Privacy Behaviors through End User Programming (poster)
(abstract)
Luke Church, Jonathan Anderson, Joseph Bonneau and Frank Stajano. SOUPS 2009: The 5th Symposium On Usable Privacy and Security. Mountain View, CA, USA, Jul 15 2009.
Abstract CitationIn [2] we argued that, in the search to give users meaningful control over their information, we should consider End User Programming techniques as a possible replacement for either opaque, expert determined choices or the endless proliferation of options that arises from a simplistic application of direct manipulation principles. We describe a work in progress to study the viability of this approach for improving the usability of social network privacy configuration. As suggested in [2] we make use of analytical usability techniques to discuss the usability challenges of the current Facebook interface and to inform the design of our proposed alternative. We then report on a very small (two user) pilot study and look at challenges that we will address in future design iterations.
@inproceedings{CABS09, title={{Privacy Stories: Confidence in Privacy Behaviors through End User Programming (poster)}}, url="http://www.cl.cam.ac.uk/~jcb82/doc/CABS09-SOUPS-poster-privacy_stories.pdf", journal="SOUPS '09: Symposium on Usable Privacy and Security", author="Luke Church and Jonathan Anderson and Joseph Bonneau and Frank Stajano", month="July", location="Mountain View, CA, USA", year="2009", booktitle="SOUPS 2009: The 5\textsuperscript{th} Symposium On Usable Privacy and Security", } - Privacy Suites: Shared Privacy for Social Networks (poster)
(abstract)
Joseph Bonneau, Jonathan Anderson and Luke Church. SOUPS 2009: The 5th Symposium On Usable Privacy and Security. Mountain View, CA, USA, Jul 15 2009.
Abstract CitationCreating privacy controls for social networks that are both expressive and usable is a major challenge. Lack of user understanding of privacy settings can lead to unwanted disclosure of private information and, in some cases, to material harm. We propose a new paradigm which allows users to easily choose “suites” of privacy settings which have been specified by friends or trusted experts, only modifying them if they wish. Given that most users currently stick with their default, operator-chosen settings, such a system could dramatically increase the privacy protection that most users experience with minimal time investment.
@inproceedings{BAC09d, title={{Privacy Suites: Shared Privacy for Social Networks (poster)}}, url="http://www.cl.cam.ac.uk/~jcb82/doc/ADBS09-WOSN-privacy_enabling_sns.pdf", journal="SOUPS '09: Symposium on Usable Privacy and Security", author="Joseph Bonneau and Jonathan Anderson and Luke Church", month="July", location="Mountain View, CA, USA", year="2009", booktitle="SOUPS 2009: The 5\textsuperscript{th} Symposium On Usable Privacy and Security", } - Security APIs for Online Applications
Jonathan Anderson, Joseph Bonneau and Frank Stajano. 3rd International Workshop on Analysis of Security APIs. Port Jefferson, NY, USA, Jul 10 2009.
Abstract CitationOnline social networks, in their current form, require users to place a vast amount of trust in the operators of both the core network and the third-party applications they use. Since both of these actors have shown themselves to be untrustworthy in the past [1], [2], [3], [4], [5], we have proposed a model for social networks in which client software runs on the user’s computer, encrypted blocks are stored on a “dumb” server and third-party applications are sandboxed to avoid the leakage of personal information [6]. In this scheme, the interface between applications and the core client software resembles a system call API in which a kernel offers applications the means to perform privileged operations. We have begun exploring this API to determine its functional requirements and desired security properties, but we welcome comments from and engagement with the security API community in order to provide the users of social networks with meaningful promises of personal privacy.
@inproceedings{ABS09, author="Jonathan Anderson and Joseph Bonneau and Frank Stajano", url="http://www.cl.cam.ac.uk/~jcb82/doc/ABS09-ASA-security_apis_online_apps.pdf", booktitle="3\textsuperscript{rd} International Workshop on Analysis of Security APIs", title={{Security APIs for Online Applications}}, month="July", location="Port Jefferson, NY, USA", year="2009", } - The Privacy Jungle: On the Market for Privacy in Social Networks
(abridged paper) (dataset)
Joseph Bonneau and Sören Preibusch. WEIS '09: The 8th Workshop on the Economics of Information Security. London, UK, Jun 25 2009.
Abstract CitationWe have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, non-decisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites’ privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites’ privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximise sign-up numbers and encourage data sharing from the pragmatic majority of users.
@inproceedings{BP09, author="Joseph Bonneau and S{\"{o}}ren Preibusch", url="http://www.cl.cam.ac.uk/~jcb82/doc/BP09-WEIS-privacy_jungle.pdf", booktitle="WEIS '09: Proceedings of the 8\textsuperscript{th} Workshop on the Economics of Information Security", title={{The Privacy Jungle: On the Market for Privacy in Social Networks}}, month="June", location="London, UK", year="2009", } - Eight Friends Are Enough: Social Graph Approximation via Public Listings
Joseph Bonneau, Jonathan Anderson, Frank Stajano and Ross Anderson. SNS '09: The 2nd ACM Workshop on Social Network Systems. Nuremberg, Germany, Mar 31 2009.
Abstract CitationThe popular social networking website Facebook exposes a “public view” of user profiles to search engines which includes eight of the user’s friendship links. We examine what interesting properties of the complete social graph can be inferred from this public view. In experiments on real social network data, we were able to accurately approximate the degree and centrality of nodes, compute small dominating sets, find short paths between users, and detect community structure. This work demonstrates that it is difficult to safely reveal limited information about a social network.
@inproceedings{BASA09, author="Joseph Bonneau and Jonathan Anderson and Frank Stajano and Ross Anderson", url="http://www.cl.cam.ac.uk/~jcb82/doc/BASA09-SNS-eight_friends.pdf", booktitle="SNS '09: Proceedings of the 2\textsuperscript{nd} ACM Workshop on Social Network Systems", title={{Eight Friends Are Enough: Social Graph Approximation via Public Listings}}, month="March", location="Nuremberg, Germany", year="2009", }
Side channel cryptanalysis
- Robust Final-Round Cache-Trace Attacks Against AES
Joseph Bonneau. Oct 29 2006.
Abstract CitationThis paper describes an algorithm to attack AES using side-channel information from the final round cache lookups performed by the encryption, specifically whether each access hits or misses in the cache, building off of previous work by Aciicmez and Koc. It is assumed that an attacker could gain such a trace through power consumption analysis or electromagnetic analysis. This information has already been shown to lead to an effective attack. This paper interprets cache trace data available as binary constraints on pairs of key bytes then reduces key search to a constraint-satisfaction problem. In this way, an attacker is guaranteed to perform as little search as is possible given a set of cache traces, leading to a natural tradeoff between online collection and offline processing. This paper also differs from previous work in assuming a partially pre-loaded cache, proving that cache trace attacks are still effective in this scenario with the number of samples required being inversely related to the percentage of cache which is pre-loaded.
@techreport{B06, title={{Robust Final-Round Cache-Trace Attacks Against AES}}, url="http://www.cl.cam.ac.uk/~jcb82/doc/B06-eprint-aes_cache_trace.pdf", author="Joseph Bonneau", number="2006/374", month="October", year="2006", institution="Cryptology ePrint Archive", } - Cache Collision Timing Attacks Against AES
Joseph Bonneau and Ilya Mironov. CHES '06: Workshop on Cryptographic Hardware and Embedded Systems. Boston, MA, USA, Oct 12 2006.
Abstract CitationThis paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. We define a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES implementations and computing platforms, we have implemented them against OpenSSL v. 0.9.8.(a) running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines. The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 2^13 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type [Ber05]. While the task of defending AES against all timing attacks is challenging, a small patch can significantly reduce the vulnerability to these specific attacks with no performance penalty.
@inproceedings{BM06, author="Joseph Bonneau and Ilya Mironov", url="http://www.cl.cam.ac.uk/~jcb82/doc/BM06-CHES-aes_cache_timing.pdf", booktitle="CHES '06: Proceedings of 2006 Workshop on Cryptographic Hardware and Embedded Systems", title={{Cache Collision Timing Attacks Against AES}}, month="October", location="Boston, MA, USA", year="2006", }
Miscellaneous
- It’s Not Stealing If You Need It: A Panel on The Ethics of Performing Research Using Public Data of Illicit Origin (panel discussion)
Serge Egelman, Joseph Bonneau, Sonia Chiasson, David Dittrich and Stuart Schechter. WECSR '12: Workshop on Ethics in Computer Security Research. Kralendijk, Bonaire, Netherlands, Mar 02 2012.
Citation@inproceedings{EBCDS12, author="Serge Egelman and Joseph Bonneau and Sonia Chiasson and David Dittrich and Stuart Schechter", booktitle="WECSR '12: Workshop on Ethics in Computer Security Research", title={{It's Not Stealing If You Need It: A Panel on The Ethics of Performing Research Using Public Data of Illicit Origin (panel discussion)}}, month="March", location="Kralendijk, Bonaire, Netherlands", year="2012", } - Scrambling for lightweight censorship resistance
Joseph Bonneau and Rubin Xu. 19th International Workshop on Security Protocols. Cambridge, UK, Mar 28 2011.
Abstract CitationIn this paper we propose scrambling as a lightweight method of censorship resistance, in place of the traditional use of encryption. We consider a censor which can only block banned content by scanning it while in transit (for example using deep-packet inspection), instead of attacking the communication endpoints (for example using address filtering or taking servers offline). Our goal is to greatly increase the workload of the censor by scrambling all data during communication, while maintaining reasonable workloads for the endpoints of the communication network. In particular, our goal is to make it impossible for the censor to effectively accelerate the de-scrambling procedure over what may be achieved by commodity PCs or mobile phones at the endpoints, a goal which we term \emph{high-inertia} scrambling. We also aim to achieve this using the standard JavaScript runtime environment of modern browsers, requiring no distribution or installation of censorship-resistance software.
@inproceedings{BX11, author="Joseph Bonneau and Rubin Xu", url="http://www.cl.cam.ac.uk/~jcb82/doc/BX11-SPW-scrambling_censorship.pdf", booktitle="19\textsuperscript{th} International Workshop on Security Protocols", title={{Scrambling for lightweight censorship resistance}}, month="March", location="Cambridge, UK", year="2011", } - Inglourious Installers: Security in the Application Marketplace
Jonathan Anderson, Joseph Bonneau and Frank Stajano. WEIS '10: The 9th Workshop on the Economics of Information Security. Boston, MA, USA, Jun 25 2010.
Abstract CitationFrom mobile phones to social networks, installing and running third-party applications can be risky. Installing applications often requires running unverified, untrustworthy code with the privilege of a system administrator, allowing it to compromise the security of user data and the operating system. Once installed, applications on most platforms can access anything that a user can: a web browser can read users’ e-mail and an e-mail client can access browsing history. Computer scientists have been developing systems for decades which follow the “principle of least authority,” yet few consumer computing platforms adopt their techniques. In this paper, we examine the application markets for ten computing platforms, including personal computers, mobile phones, social networks and web browsers. We identify economic causes for the wide variation in their installation and sandboxing techniques, and we propose measures to align the incentives of market actors such that providing better application security guarantees is in everyone’s interest.
@inproceedings{ABS10, author="Jonathan Anderson and Joseph Bonneau and Frank Stajano", url="http://www.cl.cam.ac.uk/~jra40/publications/2010-WEIS-application-markets.pdf", booktitle="WEIS '10: Proceedings of the 9\textsuperscript{th} Workshop on the Economics of Information Security", title={{Inglourious Installers: Security in the Application Marketplace}}, month="June", location="Boston, MA, USA", year="2010", } - Digital immolation: new directions in online protest
Joseph Bonneau. Eighteenth International Workshop on Security Protocols. Cambridge, UK, Mar 25 2010.
Abstract CitationThe current literature and experience of online activism assumes two basic uses of the Internet for social movements: straightforward extensions of offline organising and fund-raising using online media to improve efficiency and reach, or “hacktivism” using technical knowledge to illegally deface or disrupt access to online resources. We propose a third model which is non-violent yet proves commitment to a cause by enabling a group of activists to temporarily or permanently sacrifice valuable online identities such as email accounts, social networking profiles, or gaming avatars. We describe a basic cryptographic framework for enabling such a protest, which provides an additional property of binding solidarity which is not normally possible offline.
@inproceedings{B10, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B10-SPW-online_protest.pdf", booktitle="18\textsuperscript{th} International Workshop on Security Protocols", title={{Digital immolation: new directions in online protest}}, month="March", location="Cambridge, UK", year="2010", } - Alice and Bob's life stories: Cryptographic communication using shared experiences
Joseph Bonneau. 17th International Workshop on Security Protocols. Cambridge, UK, Apr 02 2009.
Abstract CitationWe propose a protocol for confidential one-way communication between two parties who know each other well using only pre-existing knowledge from their shared life experience. This could enable, for example, lovers or close friends to communicate without prior key exchange. Our system uses a flexible secret-sharing mechanism to accommodate personal knowledge of variable guessing resistance and memorability with reasonable overhead in terms of computation and storage.
@inproceedings{B09, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B09-SPW-experience_encryption.pdf", booktitle="17\textsuperscript{th} International Workshop on Security Protocols", title={{Alice and Bob's life stories: Cryptographic communication using shared experiences}}, month="April", location="Cambridge, UK", year="2009", }
2012
- Of contraseñas, סיסמאות, and 密码: Character encoding issues for web passwords
Joseph Bonneau and Rubin Xu. Web 2.0 Security & Privacy. San Francisco, CA, USA, May 24 2012.
Abstract CitationPassword authentication remains ubiquitous on the web, primarily because of its low cost and compatibility with any device which allows a user to input text. Yet text is not universal. Computers must use a character encoding system to convert human-comprehensible writing into bits. We examine for the first time the lingering effects of character encoding on the password ecosystem. We report a number of bugs at large websites which reveal that non-ASCII passwords are often poorly supported, even by websites otherwise correctly supporting the recommended Unicode/UTF-8 character encoding system. We also study user behaviour through several leaked data sets of passwords chosen by English, Chinese, Hebrew and Spanish speakers as case studies. Our findings suggest that most users still actively avoid using characters outside of the original ASCII character set even when allowed to. Coping strategies include transliterating non-ASCII passwords using ASCII, changing keyboard mappings to produce nonsense ASCII passwords, and using passwords consisting entirely of numbers or of a geometric pattern on the keyboard. These last two strategies may reduce resistance to guessing attacks for passwords chosen by non-English speakers.
@inproceedings{BX12, author="Joseph Bonneau and Rubin Xu", url="http://www.cl.cam.ac.uk/~jcb82/doc/BX12-W2SP-passwords_character_encoding.pdf", booktitle="Web 2.0 Security {\&} Privacy", title={{Of contrase{\~{n}}as, sysmawt, and m\`{i}m\v{a}: Character encoding issues for web passwords}}, month="May", location="San Francisco, CA, USA", year="2012", } - The science of guessing: analyzing an anonymized corpus of 70 million passwords
Joseph Bonneau. 2012 IEEE Symposium on Security and Privacy. San Francisco, CA, USA, May 21 2012.
Abstract CitationWe report on the largest corpus of user-chosen passwords ever studied, consisting of anonymized password histograms representing almost 70 million Yahoo! users, mitigating privacy concerns while enabling analysis of dozens of subpopulations based on demographic factors and site usage characteristics. This large data set motivates a thorough statistical treatment of estimating guessing difficulty by sampling from a secret distribution. In place of previously used metrics such as Shannon entropy and guessing entropy, which cannot be estimated with any realistically sized sample, we develop partial guessing metrics including a new variant of guesswork parameterized by an attacker's desired success rate. Our new metric is comparatively easy to approximate and directly relevant for security engineering. By comparing password distributions with a uniform distribution which would provide equivalent security against different forms of guessing attack, we estimate that passwords provide fewer than 10 bits of security against an online, trawling attack, and only about 20 bits of security against an optimal offline dictionary attack. We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution. Security motivations such as the registration of a payment card have no greater impact than demographic factors such as age and nationality. Even pro-active efforts to nudge users towards better password choices with graphical feedback make little difference. More surprisingly, even seemingly distant language communities choose the same weak passwords and an attacker never gains more than a factor of 2 efficiency gain by switching from the globally optimal dictionary to a population-specific lists.
@inproceedings{B12, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf", booktitle="2012 IEEE Symposium on Security and Privacy", title={{The science of guessing: analyzing an anonymized corpus of 70 million passwords}}, month="May", location="San Francisco, CA, USA", year="2012", } - The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
(full-length technical report)
Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano. 2012 IEEE Symposium on Security and Privacy. San Francisco, CA, USA, May 21 2012.
Abstract CitationWe evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.
@inproceedings{BHOS12, author="Joseph Bonneau and Cormac Herley and Paul C. {van Oorschot} and Frank Stajano", url="http://www.cl.cam.ac.uk/~jcb82/doc/BHOS12-IEEESP-quest_to_replace_passwords.pdf", booktitle="2012 IEEE Symposium on Security and Privacy", title={{The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes}}, month="May", location="San Francisco, CA, USA", year="2012", } - Guessing human-chosen secrets (PhD dissertation)
(bindable version) (tech report version) (DSpace version)
Joseph Bonneau. May 11 2012.
Abstract CitationAuthenticating humans to computers remains a notable weak point in computer security despite decades of effort. Although the security research community has explored dozens of proposals for replacing or strengthening passwords, they appear likely to remain entrenched as the standard mechanism of human-computer authentication on the Internet for years to come. Even in the optimistic scenario of eliminating passwords from most of today's authentication protocols using trusted hardware devices or trusted servers to perform federated authentication, passwords will persist as a means of ``last-mile'' authentication between humans and these trusted single sign-on deputies. This dissertation studies the difficulty of guessing human-chosen secrets, introducing a sound mathematical framework modeling human choice as a skewed probability distribution. We introduce a new metric, alpha-guesswork, which can accurately models the resistance of a distribution against all possible guessing attacks. We also study the statistical challenges of estimating this metric using empirical data sets which can be modeled as a large random sample from the underlying probability distribution. This framework is then used to evaluate several representative data sets from the most important categories of human-chosen secrets to provide reliable estimates of security against guessing attacks. This includes collecting the largest-ever corpus of user-chosen passwords, with nearly 70 million, the largest list of human names ever assembled for research, the largest data sets of real answers to personal knowledge questions and the first data published about human choice of banking PINs. This data provides reliable numbers for designing security systems and highlights universal limitations of human-chosen secrets.
@phd_thesis{B12b, school="University of Cambridge", author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/2012-jbonneau-phd_thesis.pdf", title={{Guessing human-chosen secrets}}, month="May", year="2012", } - Statistical metrics for individual password strength
Joseph Bonneau. Twentieth International Workshop on Security Protocols. Cambridge, UK, Apr 11 2012.
Abstract CitationWe propose several possible metrics for measuring the strength of an individual password or any other secret drawn from a known, skewed distribution. In contrast to previous ad hoc approaches which rely on textual properties of passwords, we consider the problem without any knowledge of password structure. This enables rating the strength of a password given a large sample distribution without assuming anything about password semantics. We compare the results of our generic metrics against those of the NIST metrics and other previous ``entropy-based'' metrics for a large password dataset, which suggest over-fitting in previous metrics.
@inproceedings{B12a, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B12-SPW-statistical_password_strength_metrics.pdf", booktitle="20\textsuperscript{th} International Workshop on Security Protocols", title={{Statistical metrics for individual password strength}}, month="April", location="Cambridge, UK", year="2012", } - It’s Not Stealing If You Need It: A Panel on The Ethics of Performing Research Using Public Data of Illicit Origin (panel discussion)
Serge Egelman, Joseph Bonneau, Sonia Chiasson, David Dittrich and Stuart Schechter. WECSR '12: Workshop on Ethics in Computer Security Research. Kralendijk, Bonaire, Netherlands, Mar 02 2012.
Citation@inproceedings{EBCDS12, author="Serge Egelman and Joseph Bonneau and Sonia Chiasson and David Dittrich and Stuart Schechter", booktitle="WECSR '12: Workshop on Ethics in Computer Security Research", title={{It's Not Stealing If You Need It: A Panel on The Ethics of Performing Research Using Public Data of Illicit Origin (panel discussion)}}, month="March", location="Kralendijk, Bonaire, Netherlands", year="2012", } - Linguistic properties of multi-word passphrases
Joseph Bonneau and Ekaterina Shutova. USEC '12: Workshop on Usable Security. Kralendijk, Bonaire, Netherlands, Mar 02 2012.
Abstract CitationWe examine patterns of human choice in a passphrase-based authentication system deployed by Amazon, a large online merchant. We tested the availability of a large corpus of over 100,000 possible phrases at Amazon's registration page, which prohibits using any phrase already registered by another user. A number of large, readily-available lists such as movie and book titles prove effective in guessing attacks, suggesting that passphrases are vulnerable to dictionary attacks like all schemes involving human choice. Extending our analysis with natural language phrases extracted from linguistic corpora, we find that phrase selection is far from random, with users strongly preferring simple noun bigrams which are common in natural language. The distribution of chosen passphrases is less skewed than the distribution of bigrams in English text, indicating that some users have attempted to choose phrases randomly. Still, the distribution of bigrams in natural language is not nearly random enough to resist offline guessing, nor are longer three- or four-word phrases for which we see rapidly diminishing returns.
@inproceedings{BS12, author="Joseph Bonneau and Ekaterina Shutova", url="http://www.cl.cam.ac.uk/~jcb82/doc/BS12-USEC-passphrase_linguistics.pdf", booktitle="USEC '12: Workshop on Usable Security", title={{Linguistic properties of multi-word passphrases}}, month="March", location="Kralendijk, Bonaire, Netherlands", year="2012", } - A birthday present every eleven wallets? The security of customer-chosen banking PINs
(survey wording) (RockYou PIN plot) (iPhone PIN plot)
Joseph Bonneau, Sören Preibusch and Ross Anderson. FC '12: The 16th International Conference on Financial Cryptography. Kralendijk, Bonaire, Netherlands, Mar 01 2012.
Abstract CitationWe provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smartphone unlock-codes. We use a regression model to identify a small number of dominant factors influencing user choice. Using this model and a survey of over 1,100 banking customers, we estimate the distribution of banking PINs as well as the frequency of security-relevant behaviour such as sharing and reusing PINs. We find that guessing PINs based on the victims' birthday, which nearly all users carry documentation of, will enable a competent thief to gain use of an ATM card once for every 11-18 stolen wallets, depending on whether banks prohibit weak PINs such as 1234. The lesson for cardholders is to never use one's date of birth as a PIN. The lesson for card-issuing banks is to implement a denied PIN list, which several large banks still fail to do. However, blacklists cannot effectively mitigate guessing given a known birth date, suggesting banks should move away from customer-chosen banking PINs in the long term.
@inproceedings{BPA12, author="Joseph Bonneau and S{\"{o}}ren Preibusch and Ross Anderson", url="http://www.cl.cam.ac.uk/~jcb82/doc/BPA12-FC-banking_pin_security.pdf", booktitle="FC '12: Proceedings of the the 16\textsuperscript{th} International Conference on Financial Cryptography", title={{A birthday present every eleven wallets? The security of customer-chosen banking PINs}}, month="March", location="Kralendijk, Bonaire, Netherlands", year="2012", }
2011
- The privacy landscape: product differentiation on data collection
(dataset)
Sören Preibusch and Joseph Bonneau. WEIS '11: The 10th Workshop on the Economics of Information Security. Washington, DC, USA, Jun 14 2011.
Abstract CitationWhilst the majority of online consumers do not seem to take the privacy characteristics of goods and services into account with their consumption choices, a sizeable proportion consider differences in data collection and processing amongst alternative suppliers when deciding where to buy. Meeting their heterogeneous privacy preferences would require varied privacy regimes between different suppliers. Based on an empirical evaluation of 140 Web sites across five industries, we consider two questions: (1) can privacy-conscious consumers find a privacy-friendly seller/provider? (2) is this alternative associated with higher prices? We interpret the empirical evidence using the economic model of horizontal differentiation. As an overarching conclusion, differentiation on privacy is more prevalent in markets where consumption is priced—an observation that confirms the prediction from theory. Surprisingly, sellers that collect less data charge lower prices, with high significance. Implications for regulation and for further study are discussed.
@inproceedings{PB11, author="S{\"{o}}ren Preibusch and Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/PB11-WEIS-privacy_landscape.pdf", booktitle="WEIS '11: Proceedings of the 10\textsuperscript{th} Workshop on the Economics of Information Security", title={{The privacy landscape: product differentiation on data collection}}, month="June", location="Washington, DC, USA", year="2011", } - Getting web authentication right: a best-case protocol for the remaining life of passwords
Joseph Bonneau. 19th International Workshop on Security Protocols. Cambridge, UK, Mar 28 2011.
Abstract CitationWe outline an end-to-end password authentication protocol for the web designed to be stateless and as secure as possible given legacy limitations of the web browser and performance constraints of commercial web servers. Our scheme is secure against very strong but passive attackers able to observe both network traffic and the server's database state. At the same time, our scheme is simple for web servers to implement and requires no changes to modern, HTML5-compliant browsers. We assume TLS is available for initial login and no other public-key cryptographic operations, but successfully defend against cookie-stealing and cookie-forging attackers and provide strong resistance to password guessing attacks.
@inproceedings{B11, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B11-SPW-web_auth_right.pdf", booktitle="19\textsuperscript{th} International Workshop on Security Protocols", title={{Getting web authentication right: a best-case protocol for the remaining life of passwords}}, month="March", location="Cambridge, UK", year="2011", } - Scrambling for lightweight censorship resistance
Joseph Bonneau and Rubin Xu. 19th International Workshop on Security Protocols. Cambridge, UK, Mar 28 2011.
Abstract CitationIn this paper we propose scrambling as a lightweight method of censorship resistance, in place of the traditional use of encryption. We consider a censor which can only block banned content by scanning it while in transit (for example using deep-packet inspection), instead of attacking the communication endpoints (for example using address filtering or taking servers offline). Our goal is to greatly increase the workload of the censor by scrambling all data during communication, while maintaining reasonable workloads for the endpoints of the communication network. In particular, our goal is to make it impossible for the censor to effectively accelerate the de-scrambling procedure over what may be achieved by commodity PCs or mobile phones at the endpoints, a goal which we term \emph{high-inertia} scrambling. We also aim to achieve this using the standard JavaScript runtime environment of modern browsers, requiring no distribution or installation of censorship-resistance software.
@inproceedings{BX11, author="Joseph Bonneau and Rubin Xu", url="http://www.cl.cam.ac.uk/~jcb82/doc/BX11-SPW-scrambling_censorship.pdf", booktitle="19\textsuperscript{th} International Workshop on Security Protocols", title={{Scrambling for lightweight censorship resistance}}, month="March", location="Cambridge, UK", year="2011", }
2010
- The Password Game: negative externalities from weak password practices
Sören Preibusch and Joseph Bonneau. GameSec 2010: Conference on Decision and Game Theory for Security. Berlin, Germany, Nov 23 2010.
Abstract CitationThe combination of username and password is widely used as a human authentication mechanism on the Web. Despite this universal adoption and despite their long tradition, password schemes exhibit a high number of security flaws which jeopardise the confidentiality and integrity of personal information. As Web users tend to reuse the same password for several sites, security negligence at any one site introduces a negative externality into the entire password ecosystem. We analyse this market inefficiency as the equilibrium between password deployment strategies at security-concerned Web sites and indifferent Web sites. The game-theoretic prediction is challenged by an empirical analysis. By a manual inspection of 150 public Web sites that offer free yet password-protected sign-up, complemented by an automated sampling of 2184 Web sites, we demonstrate that observed password practices follow the theory: Web sites that have little incentive to invest in security are indeed found to have weaker password schemes, thereby facilitating the compromise of other sites. We use the theoretical model to explore which technical and regulatory approaches could eliminate the empirically detected inefficiency in the market for password protection.
@inproceedings{PB10, author="S{\"{o}}ren Preibusch and Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/PB09-GS-password_game.pdf", booktitle="GameSec 2010: Conference on Decision and Game Theory for Security", title={{The Password Game: negative externalities from weak password practices}}, month="November", location="Berlin, Germany", year="2010", } - The password thicket: technical and market failures in human authentication on the web
(dataset)
Joseph Bonneau and Sören Preibusch. WEIS '10: The 9th Workshop on the Economics of Information Security. Boston, MA, USA, Jun 25 2010.
Abstract CitationWe report the results of the first large-scale empirical analysis of password implementations deployed on the Internet. Our study included 150 websites which offer free user accounts for a variety of purposes, including the most popular destinations on the web and a random sample of e-commerce, news, and communication websites. Although all sites evaluated relied on user-chosen textual passwords for authentication, we found many subtle but important technical variations in implementation with important security implications. Many poor practices were commonplace, such as a lack of encryption to protect transmitted passwords, storage of cleartext passwords in server databases, and little protection of passwords from brute force attacks. While a spectrum of implementation quality exists with a general correlation between implementation choices within more-secure and less-secure websites, we find a surprising number of inconsistent choices within individual sites, suggesting that the lack of a standards is harming security. We observe numerous ways in which the technical failures of lower-security sites can compromise higher-security sites due to the well-established tendency of users to re-use passwords. Our data confirms that the worst security practices are indeed found at sites with few security incentives, such as newspaper websites, while sites storing more sensitive information such as payment details or user communication implement more password security. From an economic viewpoint, password insecurity is a negative externality that the market has been unable to correct, undermining the viability of password-based authentication. We also speculate that some sites deploying passwords do so primarily for psychological reasons, both as a justification for collecting marketing data and as a way to build trusted relationships with customers. This theory suggests that efforts to replace passwords with more-secure protocols or federated identity systems may fail because they don't recreate the entrenched ritual of password authentication.
@inproceedings{BP10, author="Joseph Bonneau and S{\"{o}}ren Preibusch", url="http://www.cl.cam.ac.uk/~jcb82/doc/BP10-WEIS-password_thicket.pdf", booktitle="WEIS '10: Proceedings of the 9\textsuperscript{th} Workshop on the Economics of Information Security", title={{The password thicket: technical and market failures in human authentication on the web}}, month="June", location="Boston, MA, USA", year="2010", } - Inglourious Installers: Security in the Application Marketplace
Jonathan Anderson, Joseph Bonneau and Frank Stajano. WEIS '10: The 9th Workshop on the Economics of Information Security. Boston, MA, USA, Jun 25 2010.
Abstract CitationFrom mobile phones to social networks, installing and running third-party applications can be risky. Installing applications often requires running unverified, untrustworthy code with the privilege of a system administrator, allowing it to compromise the security of user data and the operating system. Once installed, applications on most platforms can access anything that a user can: a web browser can read users’ e-mail and an e-mail client can access browsing history. Computer scientists have been developing systems for decades which follow the “principle of least authority,” yet few consumer computing platforms adopt their techniques. In this paper, we examine the application markets for ten computing platforms, including personal computers, mobile phones, social networks and web browsers. We identify economic causes for the wide variation in their installation and sandboxing techniques, and we propose measures to align the incentives of market actors such that providing better application security guarantees is in everyone’s interest.
@inproceedings{ABS10, author="Jonathan Anderson and Joseph Bonneau and Frank Stajano", url="http://www.cl.cam.ac.uk/~jra40/publications/2010-WEIS-application-markets.pdf", booktitle="WEIS '10: Proceedings of the 9\textsuperscript{th} Workshop on the Economics of Information Security", title={{Inglourious Installers: Security in the Application Marketplace}}, month="June", location="Boston, MA, USA", year="2010", } - Don't Tread on Me: Moderating Access to OSN Data with SpikeStrip
Christo Wilson, Alessandra Sala, Joseph Bonneau, Robert Zablit and Ben Zhao. WOSN 2010: The 3rd Workshop on Online Social Networks. Boston, Massachussets, Jun 22 2010.
Abstract CitationOnline social networks rely on their valuable data stores to attract users and produce income. Their survival depends on the ability to protect users’ profiles and disseminate it to other users through controlled channels. Given the sparse user adoption of privacy policies, however, there is increasing incentive and opportunity for malicious parties to extract these datasets for profit using automated “crawlers” and “screen-scrapers.” With the arrival of distributed botnets and low-cost hosted VMs, attackers can perform fast, distributed crawls that evade traditional detectors and rate limiters. We propose SpikeStrip, a server add-on that uses light-weight link encryption to isolate and rate limit crawlers. We experiment with real OSN data, and show that SpikeStrip successfully curtails sophisticated, distributed crawlers while imposing minimal server throughput overhead and inconvenience to end-users.
@inproceedings{WSBZZ09, author="Christo Wilson and Alessandra Sala and Joseph Bonneau and Robert Zablit and Ben Zhao", url="http://www.cs.ucsb.edu/~ravenben/publications/pdf/spikestrip-wosn10.pdf", booktitle="WOSN 2010: The 3\textsuperscript{rd} Workshop on Online Social Networks", title={{Don't Tread on Me: Moderating Access to OSN Data with SpikeStrip }}, month="June", location="Boston, Massachussets", year="2010", } - Digital immolation: new directions in online protest
Joseph Bonneau. Eighteenth International Workshop on Security Protocols. Cambridge, UK, Mar 25 2010.
Abstract CitationThe current literature and experience of online activism assumes two basic uses of the Internet for social movements: straightforward extensions of offline organising and fund-raising using online media to improve efficiency and reach, or “hacktivism” using technical knowledge to illegally deface or disrupt access to online resources. We propose a third model which is non-violent yet proves commitment to a cause by enabling a group of activists to temporarily or permanently sacrifice valuable online identities such as email accounts, social networking profiles, or gaming avatars. We describe a basic cryptographic framework for enabling such a protest, which provides an additional property of binding solidarity which is not normally possible offline.
@inproceedings{B10, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B10-SPW-online_protest.pdf", booktitle="18\textsuperscript{th} International Workshop on Security Protocols", title={{Digital immolation: new directions in online protest}}, month="March", location="Cambridge, UK", year="2010", } - What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions
(dataset)
Joseph Bonneau, Mike Just and Greg Matthews. FC '10: The 14th International Conference on Financial Cryptography. Tenerife, Spain, Jan 25 2010.
Abstract CitationWe study the efficiency of statistical attacks on human authentication systems relying on personal knowledge questions. We adapt techniques from guessing theory to measure security against a trawling attacker attempting to compromise a large number of strangers' accounts. We then examine a diverse corpus of real-world statistical distributions for likely answer categories such as the names of people, pets, and places and find that personal knowledge questions are significantly less secure than graphical or textual passwords. We also demonstrate that statistics can be used to increase security by proactively shaping the answer distribution to lower the prevalence of common responses.
@inproceedings{BJM10, author="Joseph Bonneau and Mike Just and Greg Matthews", url="http://www.cl.cam.ac.uk/~jcb82/doc/BJM10-FC-name_guessing_statistics.pdf", booktitle="FC '10: Proceedings of the the 14\textsuperscript{th} International Conference on Financial Cryptography", title={{What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions}}, month="January", location="Tenerife, Spain", year="2010", }
2009
- Privacy-Enhanced Public View for Social Graphs
Hyoungshick Kim and Joseph Bonneau. SWSM '09: The 2nd Workshop on Social Web Search and Mining. Hong Kong, China, Nov 02 2009.
Abstract CitationWe consider the problem of releasing a limited public view of a sensitive graph which reveals at least k edges per node. We are motivated by Facebook’s public search listings, which ex- pose user profiles to search engines along with a fixed number of each user’s friends. If this public view is produced by uniform random sampling, an adversary can accurately approximate many sensitive features of the original graph, including the degree of individual nodes. We propose several schemes to produce public views which hide degree informa- tion. We demonstrate the practicality of our schemes using real data and show that it is possible to mitigate inference of degree while still providing useful public views.
@inproceedings{KB09, author="Hyoungshick Kim and Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/KB09-SWSM-privacy_public_view.pdf", booktitle="SWSM '09: The 2\textsuperscript{nd} Workshop on Social Web Search and Mining", title={{Privacy-Enhanced Public View for Social Graphs}}, month="November", location="Hong Kong, China", year="2009", } - Privacy Preserving Social Networking Over Untrusted Networks
Jonathan Anderson, Claudia Diaz, Joseph Bonneau and Frank Stajano. WOSN 2009: The 2nd ACM SIGCOMM Workshop on Online Social Networks. Barcelona, Spain, Aug 17 2009.
Abstract CitationCurrent social networks require users to place absolute faith in their operators, and the inability of operators to protect users from malicious agents has led to sensitive private in formation being made public. We propose an architecture for social networking that protects users’ social information from both the operator and other network users. This archi tecture builds a social network out of smart clients and an untrusted central server in a way that removes the need for faith in network operators and gives users control of their privacy.
@inproceedings{ADBS09, author="Jonathan Anderson and Claudia Diaz and Joseph Bonneau and Frank Stajano", url="http://www.cl.cam.ac.uk/~jcb82/doc/ADBS09-WOSN-privacy_enabling_sns.pdf", booktitle="WOSN 2009: The 2\textsuperscript{nd} ACM SIGCOMM Workshop on Online Social Networks", title={{Privacy Preserving Social Networking Over Untrusted Networks}}, month="August", location="Barcelona, Spain", year="2009", } - Prying Data out of a Social Network
Joseph Bonneau, Jonathan Anderson and George Danezis. ASONAM 09: The 1st International Conference on Advances in Social Networks Analysis and Mining. Athens, Greece, Jul 20 2009.
Abstract CitationPreventing adversaries from compiling significant amounts of user data is a major challenge for social network operators. We examine the difficulty of collecting profile and graph information from the popular social networking website Facebook and report two major findings. First, we describe several novel ways in which data can be extracted by third parties. Second, we demonstrate the efficiency of these methods on crawled data. Our findings highlight how the current pro tection of personal data is inconsistent with users’ expectations of privacy.
@inproceedings{BAD09, author="Joseph Bonneau and Jonathan Anderson and George Danezis", url="http://www.cl.cam.ac.uk/~jcb82/doc/BAS09-ASONAM-prying_sns_data.pdf", booktitle="ASONAM 09: The 1\textsuperscript{st} International Conference on Advances in Social Networks Analysis and Mining", title={{Prying Data out of a Social Network}}, month="July", location="Athens, Greece", year="2009", } - Privacy Stories: Confidence in Privacy Behaviors through End User Programming (poster)
(abstract)
Luke Church, Jonathan Anderson, Joseph Bonneau and Frank Stajano. SOUPS 2009: The 5th Symposium On Usable Privacy and Security. Mountain View, CA, USA, Jul 15 2009.
Abstract CitationIn [2] we argued that, in the search to give users meaningful control over their information, we should consider End User Programming techniques as a possible replacement for either opaque, expert determined choices or the endless proliferation of options that arises from a simplistic application of direct manipulation principles. We describe a work in progress to study the viability of this approach for improving the usability of social network privacy configuration. As suggested in [2] we make use of analytical usability techniques to discuss the usability challenges of the current Facebook interface and to inform the design of our proposed alternative. We then report on a very small (two user) pilot study and look at challenges that we will address in future design iterations.
@inproceedings{CABS09, title={{Privacy Stories: Confidence in Privacy Behaviors through End User Programming (poster)}}, url="http://www.cl.cam.ac.uk/~jcb82/doc/CABS09-SOUPS-poster-privacy_stories.pdf", journal="SOUPS '09: Symposium on Usable Privacy and Security", author="Luke Church and Jonathan Anderson and Joseph Bonneau and Frank Stajano", month="July", location="Mountain View, CA, USA", year="2009", booktitle="SOUPS 2009: The 5\textsuperscript{th} Symposium On Usable Privacy and Security", } - Privacy Suites: Shared Privacy for Social Networks (poster)
(abstract)
Joseph Bonneau, Jonathan Anderson and Luke Church. SOUPS 2009: The 5th Symposium On Usable Privacy and Security. Mountain View, CA, USA, Jul 15 2009.
Abstract CitationCreating privacy controls for social networks that are both expressive and usable is a major challenge. Lack of user understanding of privacy settings can lead to unwanted disclosure of private information and, in some cases, to material harm. We propose a new paradigm which allows users to easily choose “suites” of privacy settings which have been specified by friends or trusted experts, only modifying them if they wish. Given that most users currently stick with their default, operator-chosen settings, such a system could dramatically increase the privacy protection that most users experience with minimal time investment.
@inproceedings{BAC09d, title={{Privacy Suites: Shared Privacy for Social Networks (poster)}}, url="http://www.cl.cam.ac.uk/~jcb82/doc/ADBS09-WOSN-privacy_enabling_sns.pdf", journal="SOUPS '09: Symposium on Usable Privacy and Security", author="Joseph Bonneau and Jonathan Anderson and Luke Church", month="July", location="Mountain View, CA, USA", year="2009", booktitle="SOUPS 2009: The 5\textsuperscript{th} Symposium On Usable Privacy and Security", } - Security APIs for Online Applications
Jonathan Anderson, Joseph Bonneau and Frank Stajano. 3rd International Workshop on Analysis of Security APIs. Port Jefferson, NY, USA, Jul 10 2009.
Abstract CitationOnline social networks, in their current form, require users to place a vast amount of trust in the operators of both the core network and the third-party applications they use. Since both of these actors have shown themselves to be untrustworthy in the past [1], [2], [3], [4], [5], we have proposed a model for social networks in which client software runs on the user’s computer, encrypted blocks are stored on a “dumb” server and third-party applications are sandboxed to avoid the leakage of personal information [6]. In this scheme, the interface between applications and the core client software resembles a system call API in which a kernel offers applications the means to perform privileged operations. We have begun exploring this API to determine its functional requirements and desired security properties, but we welcome comments from and engagement with the security API community in order to provide the users of social networks with meaningful promises of personal privacy.
@inproceedings{ABS09, author="Jonathan Anderson and Joseph Bonneau and Frank Stajano", url="http://www.cl.cam.ac.uk/~jcb82/doc/ABS09-ASA-security_apis_online_apps.pdf", booktitle="3\textsuperscript{rd} International Workshop on Analysis of Security APIs", title={{Security APIs for Online Applications}}, month="July", location="Port Jefferson, NY, USA", year="2009", } - The Privacy Jungle: On the Market for Privacy in Social Networks
(abridged paper) (dataset)
Joseph Bonneau and Sören Preibusch. WEIS '09: The 8th Workshop on the Economics of Information Security. London, UK, Jun 25 2009.
Abstract CitationWe have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, non-decisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites’ privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites’ privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximise sign-up numbers and encourage data sharing from the pragmatic majority of users.
@inproceedings{BP09, author="Joseph Bonneau and S{\"{o}}ren Preibusch", url="http://www.cl.cam.ac.uk/~jcb82/doc/BP09-WEIS-privacy_jungle.pdf", booktitle="WEIS '09: Proceedings of the 8\textsuperscript{th} Workshop on the Economics of Information Security", title={{The Privacy Jungle: On the Market for Privacy in Social Networks}}, month="June", location="London, UK", year="2009", } - Alice and Bob's life stories: Cryptographic communication using shared experiences
Joseph Bonneau. 17th International Workshop on Security Protocols. Cambridge, UK, Apr 02 2009.
Abstract CitationWe propose a protocol for confidential one-way communication between two parties who know each other well using only pre-existing knowledge from their shared life experience. This could enable, for example, lovers or close friends to communicate without prior key exchange. Our system uses a flexible secret-sharing mechanism to accommodate personal knowledge of variable guessing resistance and memorability with reasonable overhead in terms of computation and storage.
@inproceedings{B09, author="Joseph Bonneau", url="http://www.cl.cam.ac.uk/~jcb82/doc/B09-SPW-experience_encryption.pdf", booktitle="17\textsuperscript{th} International Workshop on Security Protocols", title={{Alice and Bob's life stories: Cryptographic communication using shared experiences}}, month="April", location="Cambridge, UK", year="2009", } - Eight Friends Are Enough: Social Graph Approximation via Public Listings
Joseph Bonneau, Jonathan Anderson, Frank Stajano and Ross Anderson. SNS '09: The 2nd ACM Workshop on Social Network Systems. Nuremberg, Germany, Mar 31 2009.
Abstract CitationThe popular social networking website Facebook exposes a “public view” of user profiles to search engines which includes eight of the user’s friendship links. We examine what interesting properties of the complete social graph can be inferred from this public view. In experiments on real social network data, we were able to accurately approximate the degree and centrality of nodes, compute small dominating sets, find short paths between users, and detect community structure. This work demonstrates that it is difficult to safely reveal limited information about a social network.
@inproceedings{BASA09, author="Joseph Bonneau and Jonathan Anderson and Frank Stajano and Ross Anderson", url="http://www.cl.cam.ac.uk/~jcb82/doc/BASA09-SNS-eight_friends.pdf", booktitle="SNS '09: Proceedings of the 2\textsuperscript{nd} ACM Workshop on Social Network Systems", title={{Eight Friends Are Enough: Social Graph Approximation via Public Listings}}, month="March", location="Nuremberg, Germany", year="2009", }
2006
- Robust Final-Round Cache-Trace Attacks Against AES
Joseph Bonneau. Oct 29 2006.
Abstract CitationThis paper describes an algorithm to attack AES using side-channel information from the final round cache lookups performed by the encryption, specifically whether each access hits or misses in the cache, building off of previous work by Aciicmez and Koc. It is assumed that an attacker could gain such a trace through power consumption analysis or electromagnetic analysis. This information has already been shown to lead to an effective attack. This paper interprets cache trace data available as binary constraints on pairs of key bytes then reduces key search to a constraint-satisfaction problem. In this way, an attacker is guaranteed to perform as little search as is possible given a set of cache traces, leading to a natural tradeoff between online collection and offline processing. This paper also differs from previous work in assuming a partially pre-loaded cache, proving that cache trace attacks are still effective in this scenario with the number of samples required being inversely related to the percentage of cache which is pre-loaded.
@techreport{B06, title={{Robust Final-Round Cache-Trace Attacks Against AES}}, url="http://www.cl.cam.ac.uk/~jcb82/doc/B06-eprint-aes_cache_trace.pdf", author="Joseph Bonneau", number="2006/374", month="October", year="2006", institution="Cryptology ePrint Archive", } - Cache Collision Timing Attacks Against AES
Joseph Bonneau and Ilya Mironov. CHES '06: Workshop on Cryptographic Hardware and Embedded Systems. Boston, MA, USA, Oct 12 2006.
Abstract CitationThis paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. We define a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES implementations and computing platforms, we have implemented them against OpenSSL v. 0.9.8.(a) running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines. The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 2^13 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type [Ber05]. While the task of defending AES against all timing attacks is challenging, a small patch can significantly reduce the vulnerability to these specific attacks with no performance penalty.
@inproceedings{BM06, author="Joseph Bonneau and Ilya Mironov", url="http://www.cl.cam.ac.uk/~jcb82/doc/BM06-CHES-aes_cache_timing.pdf", booktitle="CHES '06: Proceedings of 2006 Workshop on Cryptographic Hardware and Embedded Systems", title={{Cache Collision Timing Attacks Against AES}}, month="October", location="Boston, MA, USA", year="2006", }