SEIGuard: 保护服务器社会工程信息免受布鲁特部队袭击的简易和欺骗性认证计划 (SEIGuard: An Authentication-simplified and Deceptive Scheme to Protect Server-side Social Engineering Information Against Brute-force Attacks)

This paper proposes an authentication-simplified and deceptive scheme (SEIGuard) to protect server-side social engineering information (SEI) and other information against brute-force attacks. In SEIGuard, the password check in authentication is omitted and this design is further combined with the SEI encryption design using honey encryption. The login password merely serves as a temporary key to encrypt SEI and there is no password plaintext or ciphertext stored in the database. During the login, the server doesn't check the login passwords, correct passwords decrypt ciphertexts to be correct plaintexts; incorrect passwords decrypt ciphertexts to be phony but plausible-looking plaintexts (sampled from the same distribution). And these two situations share the same undifferentiated backend procedures. This scheme eliminates the anchor that both online and offline brute-force attacks depending on. Furthermore, this paper presents four SEIGuard scheme designs and algorithms for 4 typical social engineering information objects (mobile phone number, identification number, email address, personal name), which represent 4 different types of message space, i.e. 1) limited and uniformly distributed, 2) limited, complex and uniformly distributed, 3) unlimited and uniformly distributed, 4) unlimited and non-uniformly distributed message space. Specially, we propose multiple small mapping files strategies, binary search algorithms, two-part HE (DTE) design and incremental mapping files solutions for the applications of SEIGuard scheme. Finally, this paper develops the SEIGuard system based on the proposed schemes, designs and algorithms. Experiment result shows that the SEIGuard scheme can effectively protect server-side SEI against brute-force attacks, and SEIGuard also has an impressive real-time response performance that is better than conventional PBE server scheme and HE encryption/decryption.

翻译：本文提出一个认证简化和欺骗方案( SEIGuard ), 以保护服务器的用户端社会工程信息( SEI) 和其他信息, 防止野蛮攻击。在 SEIGuard 中, 认证的密码检查被省略, 此设计进一步与 SEI 使用蜂蜜加密的加密设计相结合。登录密码只是加密 SEI 的临时密钥, 数据库中没有存储密码普通文本或密码。在登录过程中, 服务器不检查登录密码, 校正密码解密的密码( SEII ) 和其他信息。在 SEIGuard 中, 校正密码解密的密码加密密码( SEII ) 校正, 校正的密码( 校正的密码) 密码( 校正的密码) 校正的密码( 校正的密码) 校正的密码( 校正的SEI ) 系统( SEI) 和校正的系统( 校正的系统- ) 系统( ) 校正的系统(SEOrmal) 和系统( II) 系统( ) 常规的系统(SEOrmal) ) 系统(SE) 系统( 和系统( ) ) 系统(SEI) 的系统( ) 和系统(SEOrvilvilvilvil) ) ) 和系统( ) ) 的系统( ) ) 的系统(SE) 的系统(SE), 和系统(Sl),,,,,,,,, 和系统(我们的系统( ) ), 和系统(SI ) ) ) ),, ), 的系统(SOut),,,,, 和系统(我们的系统(SOut) II) 和系统,,,,,,,,,,,,,,,, 和系统的系统,, 和系统和系统,,,,,,,,, 和系统