Decoy Password Vaults: At Least As Hard As Steganography?

Presented by Pascal Schöttle         

Friday, September 15, 2017
3:30 p.m.
ICSI Lecture Hall


Cracking-resistant password vaults have been recently proposed with the goal of thwarting offline attacks. This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones. In this work, we establish a conceptual link between this problem and steganography, where the stego objects must be undetectable among cover objects. We compare the two frameworks and highlight parallels and differences. Moreover, we transfer results obtained in the steganography literature into the context of decoy generation. Our results include the infeasibility of perfectly secure decoy vaults and the conjecture that secure decoy vaults are at least as hard to construct as secure steganography.


Speaker Bio:

Pascal Schöttle is a post-doc at the Security and Privacy Lab at University Innsbruck, Austria. His research interests are multimedia security, in particular steganography, public-key cryptography, and machine learning in adversarial environments. He received his PhD in Computer Science from the University of Münster,Germany, supervised by Rainer Böhme. In his PhD thesis, he analyzed adaptive steganography from a game-theoretical perspective.