GGrantIndex
← Search

SBIR Phase I: Tools for Protecting Against Online Password Guessing Attacks

$99,999FY2004TIPNSF

Stubblebine Research Labs, Llc, Madison NJ

Investigators

Abstract

This Small Business Innovation Research Phase I project addresses the need to protect networked computer systems from sophisticated password guessing or dictionary attacks. Such attacks result in the adversary learning the password or causing a denial of service due to account locking. In many cases account locking is not practically feasible due to the increased costs of supporting customers. Recent countermeasures require human-in- the-loop or Reverse Turing Tests (RTT) as part of the authentication protocol. This project will demonstrate that many RTT protocols are vulnerable to relay attacks. In one instance, RTT challenges are relayed to unsuspecting parties, who generate responses that are then relayed back to the challenger. This project explores this threat of attack, propose mechanisms to address it, and explore specific enhancements to an RTT-based login protocol. A major feature of our approach is increased security, usability, flexibility, and configurability. The protocol will be tailored to match particular environment, classes of users, and applications. These features are necessary for any practical adoption RTT-based solutions. The success of this project will lead to more secure networks that are more user-friendly, flexible and configurable.

View original record on NSF Award Search →