International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Riad Wahby

Publications

Year
Venue
Title
2024
RWC
Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome’s Password Leak Detection Protocol
Andrew Kwong Walter Wang Jason Kim Jonathan Berger Daniel Genkin Eyal Ronen Hovav Shacham Riad Wahby Yuval Yarom
The scale and frequency of password database compromises has led to widespread and persistent credential stuffing attacks, in which attackers attempt to use credentials leaked from one service to compromise accounts with other services. In response, browser vendors have integrated password leakage detection tools, which automatically check the user’s credentials against a list of compromised accounts upon each login, warning the user to change their password if a match is found. In particular, Google Chrome uses a centralized leakage detection service designed by Thomas et al. (USENIX Security ’19) that aims to both preserve the user’s privacy and hide the server’s list of compromised credentials. In this paper, we show that Chrome’s implementation of this protocol is vulnerable to several microarchitectural side- channel attacks that violate its security properties. Specifically, we demonstrate attacks against Chrome’s use of the memory-hard hash function scrypt, its hash-to-elliptic curve function, and its modular inversion algorithm. While prior work discussed the theoretical possibility of side-channel attacks on scrypt, we develop new techniques that enable this attack in practice, allowing an attacker to recover the user’s password with a single guess when using a dictionary attack. For modular inversion, we present a novel cryptanalysis of the Binary Extended Euclidian Algorithm (BEEA) that extracts its inputs given a single, noisy trace, thereby allowing a malicious server to learn information about a client’s password. This paper was presented at USENIX Security 2023, and the full version can be found at https://www.usenix.org/system/files/usenixsecurity23-kwong.pdf
2021
RWC
The Red Wedding: Playing Attacker in MPC Ceremonies
Bernardo David Justin Drake Dmitry Khovratovich Mary Maller Hart Montgomery Claudio Orlandi Peter Scholl Omer Shlomovits Riad Wahby
This talk aims to present the systematic process in reviewing the Diogenes paper and code, advancing it to a production-ready state. we will first provide background for the project and important details on its inner workings. We will describe our approach and framework to review crypto-systems and describe the attacks we found and what lessons we can learn from them. We intend to highlight the following topics: • Consistency between paper, specification, and code • Real world adversaries • Collaboration between cryptographers and engineers • Dangers of optimizations

Coauthors

Jonathan Berger (1)
Bernardo David (1)
Justin Drake (1)
Daniel Genkin (1)
Dmitry Khovratovich (1)
Jason Kim (1)
Andrew Kwong (1)
Mary Maller (1)
Hart Montgomery (1)
Claudio Orlandi (1)
Eyal Ronen (1)
Peter Scholl (1)
Hovav Shacham (1)
Omer Shlomovits (1)
Riad Wahby (2)
Walter Wang (1)
Yuval Yarom (1)