International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome’s Password Leak Detection Protocol

Authors:
Andrew Kwong
Walter Wang
Jason Kim
Jonathan Berger
Daniel Genkin
Eyal Ronen
Hovav Shacham
Riad Wahby
Yuval Yarom
Download:
Search ePrint
Search Google
Presentation: Slides
Abstract: The scale and frequency of password database compromises has led to widespread and persistent credential stuffing attacks, in which attackers attempt to use credentials leaked from one service to compromise accounts with other services. In response, browser vendors have integrated password leakage detection tools, which automatically check the user’s credentials against a list of compromised accounts upon each login, warning the user to change their password if a match is found. In particular, Google Chrome uses a centralized leakage detection service designed by Thomas et al. (USENIX Security ’19) that aims to both preserve the user’s privacy and hide the server’s list of compromised credentials. In this paper, we show that Chrome’s implementation of this protocol is vulnerable to several microarchitectural side- channel attacks that violate its security properties. Specifically, we demonstrate attacks against Chrome’s use of the memory-hard hash function scrypt, its hash-to-elliptic curve function, and its modular inversion algorithm. While prior work discussed the theoretical possibility of side-channel attacks on scrypt, we develop new techniques that enable this attack in practice, allowing an attacker to recover the user’s password with a single guess when using a dictionary attack. For modular inversion, we present a novel cryptanalysis of the Binary Extended Euclidian Algorithm (BEEA) that extracts its inputs given a single, noisy trace, thereby allowing a malicious server to learn information about a client’s password. This paper was presented at USENIX Security 2023, and the full version can be found at https://www.usenix.org/system/files/usenixsecurity23-kwong.pdf
Video: https://www.youtube.com/watch?v=17VjPhS2RxI
BibTeX
@misc{rwc-2024-35368,
  title={Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome’s Password Leak Detection Protocol},
  note={Video at \url{https://www.youtube.com/watch?v=17VjPhS2RxI}},
  howpublished={Talk given at RWC 2024},
  author={Andrew Kwong and Walter Wang and Jason Kim and Jonathan Berger and Daniel Genkin and Eyal Ronen and Hovav Shacham and Riad Wahby and Yuval Yarom},
  year=2024
}