{"id":743,"date":"2023-08-08T16:00:55","date_gmt":"2023-08-08T16:00:55","guid":{"rendered":"https:\/\/fde.cat\/index.php\/2023\/08\/08\/how-meta-is-improving-password-security-and-preserving-privacy\/"},"modified":"2023-08-08T16:00:55","modified_gmt":"2023-08-08T16:00:55","slug":"how-meta-is-improving-password-security-and-preserving-privacy","status":"publish","type":"post","link":"https:\/\/fde.cat\/index.php\/2023\/08\/08\/how-meta-is-improving-password-security-and-preserving-privacy\/","title":{"rendered":"How Meta is improving password security and preserving privacy"},"content":{"rendered":"

Meta is developing new privacy-enhancing technologies (PETs) to innovate and solve problems with less data. These technologies enable teams to build and launch privacy-enhanced products in a way that\u2019s verifiable and safeguards user data. Using state-of-the-art cryptographic techniques, we have developed Private Data Lookup (PDL) that allows users to privately query a server-side data set. <\/span>PDL is based on a secure multiparty computation mechanism called Private Set Intersection, where two parties holding sets can compute the intersection of the two sets without revealing their sets to the counterpart. With PDL, we further ensure that only one party (i.e., Meta users) can see the result, disabling Meta from learning the result of the intersection and thus enhancing the privacy of users\u2019 data.\u00a0<\/span><\/p>\n

We use PDL for data minimization and w<\/span>e began with supporting first party passwords in <\/span>Enterprise Center<\/span><\/a>, Meta\u2019s new platform to enable collaboration between external partners and Meta. With PDL, we encourage the use of stronger passwords while minimizing the information revealed to the server in the password precheck process.<\/span><\/p>\n

Creating a password is the first step in the authentication cycle for most users. Hence, identifying weak passwords in this step offers a stronger security stance than checking weak passwords while they are already in use.<\/span> While traditional password guidance includes a list of best practices, good passwords satisfying these requirements can still be leaked through breaches. Thus, proactive checking for compromised passwords complements password strength guidelines and helps users choose strong, secure passwords.<\/span><\/p>\n

Specifically, PDL supports <\/span>the breached password check feature in Enterprise Center\u2019s password creation flows, including account creation and password reset. Enterprise Center users now receive an alert if they attempt to use a password that was previously exposed in a data breach collected by third parties (e.g., FlashPoint.io, HoldSecurity.com). Compared with the traditional server-side password hash check that reveals all of the users\u2019 password creation attempts to the server, PDL helps to deliver the alert in a way that preserves privacy, or in other words without revealing to Meta Enterprise Center what passwords were attempted by the user, and whether the password was previously exposed. <\/span>The goal is to minimize the final information collected by the Enterprise Center to be just the strong password picked by the user.<\/p>\n\n

How PDL supports private password precheck<\/span><\/h2>\n

The challenge of privately checking password entered by a user against a set of passwords known to have been exposed in third party data breaches falls into an area of applied cryptography known as <\/span>Private Set Intersection<\/span><\/a>. It allows two parties, each holding a set of sensitive data (passwords in this case), to compute the items common to each party\u2019s set without either party revealing the contents of their set to the other party. PDL provides the functionality of Private Set Intersection and its design is inspired by the research <\/span>paper<\/span><\/a> authored by Thomas et al. One distinction with previous work is we check if the password appears anywhere in the breach, whereas previous solutions alerts the user only when the specific (username, password) pair appears in the breach. We designed our solution this way since it is more relevant for targeted attack scenarios for highly sensitive accounts: for such attacks, the malicious actors are likely to use all passwords in breaches in conjunction with the target\u2019s username. For example, if a strong password associated with a specific username appears in a breach, then all users should also avoid using this password.<\/span><\/p>\n\n

Initial implementation<\/span><\/h2>\n

In a simplified version of our password precheck workflow over PDL, when making a request, a client calculates the hash <\/span>H(p) of its password <\/span>p and then blinds the hash output with a secret key <\/span>a that is randomly generated for each request. After that, the client sends this blinded hash value, denoted by <\/span>H(p)^a, to our service.<\/span><\/p>\n

Upon receiving the request, the password precheck service (\u201cthe service\u201d) in the Meta Enterprise Center will first blind the client\u2019s request with a long term secret key <\/span>b. The resulting value is a double-blinded hash of the original password from the client, denoted by<\/span> H(p)^ab. Then the server will apply the same hash algorithm and blinding operation with secret key <\/span>b to all the passwords from the leaked password dataset. This will result in a list of blinded hash values denoted by <\/span>H(p1)^b, H(p2)^b, \u2026, H(pn)^b. The server sends back the double blinded query and the list of single-blinded hash values.<\/span><\/p>\n

After receiving the response, the client applies her secret key <\/span>a to unblind the double blinded hash, resulting in a hash value that is only blinded by the service\u2019s secret key <\/span>b, i.e., <\/span>q^b. Now the client is able to match <\/span>q^b with the list of blinded hash values. If the client\u2019s password <\/span>p matches a leaked password <\/span>pi, then there will be a matched blinded hash value because <\/span>H(q)^b will be equal to <\/span>H(pi)^b.<\/span><\/p>\n

In this implementation, the privacy of the user\u2019s data is well protected because the user\u2019s password is one-way hashed and encrypted by the user\u2019s one-time secret key, revealing no information to the service<\/span>. <\/span>In addition, the service learns nothing about the matching result because the matching happens entirely locally at the client.<\/span><\/p>\n

As one may already have noticed, there are several issues in this initial version. First, hashing and blinding each password in the leaked password dataset at runtime cause a lot of latency at the server side. Second, it is impractical with regards to latency and bandwidth usage for the client to download all the blinded hash values of leaked passwords because there can be millions of them.<\/span><\/p>\n

Performance optimization<\/span><\/h2>\n

It was determined that the default implementation would adversely impact user experience, due to the increase in processing time and amount of data that would need to be transferred between the client and server. To address this challenge the following optimization was adopted:<\/span><\/p>\n

Pre-processing of compromised password data into blinded hash values. To avoid having to perform expensive cryptographic operations at run time and to increase performance, the compromised password dataset is pre-processed into a format that can be directly replied to the client.<\/span>
\n<\/span>
\nSharding the leaked password dataset. Instead of returning blinded hash values for the entire leaked password dataset, we let the client generate a small sharding index from the first couple of bytes of the password hash. The increased leakage and privacy risk is negligible as millions of passwords potentially share the same index and we choose the index size carefully to balance privacy and performance. The index now enables the server to return a smaller subset of the dataset in response to the blinded hash values. <\/span>
\nCompression of the blinded hash values replied by the service. To reduce the bandwidth overhead of the service\u2019s response, we truncate each blinded hash value into a smaller size while preserving its uniqueness for matching.<\/span><\/p>\n

The user experience<\/span><\/h2>\n

Foundational to Private Password Precheck\u2019s success is the ability to perform the check in a manner that is transparent to users, avoiding any disruption to user experience.\u00a0<\/span><\/p>\n

The entire workflow for Private Password Precheck consists of the following steps:<\/span><\/p>\n

User enters a new password during account creation or password reset.<\/span>
\nIf the password checks through local requirements (e.g. minimum length requirement), it is sent to a client library to go through Private Password Precheck.\u00a0\u00a0\u00a0<\/span>
\nThe client library generates a PDL request, sends it to the server and gets the PDL response.<\/span>
\nThe client library will perform the local match; if a match is found, the user gets an alert on the page suggesting to use a stronger password.\u00a0\u00a0<\/span><\/p>\n

The following sequence diagram demonstrates the workflow:<\/span><\/p>\n\n

Offering more privacy value with PDL<\/span><\/h2>\n

Looking ahead, PDL has several interesting extensions and potential applications to further minimize data collection efforts. Some of these are briefly mentioned below.\u00a0<\/span><\/p>\n

In addition to passwords, PDL can be used to lookup other pieces of information from clients such as user contacts on the service leading to private contact discovery.<\/span>
\nPDL can be applied to systems looking to detect malicious content and downloads within apps without revealing the content to servers.<\/span>
\nPDL can be extended to support key-value lookups.\u00a0<\/span><\/p>\n

PDL can also be combined with other Private Enhancing Technologies to optimize the trade-off between privacy and efficiency. For example, PDL can also be used together with <\/span>Anonymous Credential Service (ACS)<\/span><\/a> to additionally hide the identity of the client which improves privacy and enables more flexibility in designing our shards.\u00a0<\/span><\/p>\n

\u00a0<\/p>\n

The post How Meta is improving password security and preserving privacy<\/a> appeared first on Engineering at Meta<\/a>.<\/p>\n

Engineering at Meta<\/p>","protected":false},"excerpt":{"rendered":"

Meta is developing new privacy-enhancing technologies (PETs) to innovate and solve problems with less data. These technologies enable teams to build and launch privacy-enhanced products in a way that\u2019s verifiable and safeguards user data. Using state-of-the-art cryptographic techniques, we have developed Private Data Lookup (PDL) that allows users to privately query a server-side data set.… Continue reading How Meta is improving password security and preserving privacy<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-743","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":599,"url":"https:\/\/fde.cat\/index.php\/2022\/06\/14\/applying-federated-learning-to-protect-data-on-mobile-devices\/","url_meta":{"origin":743,"position":0},"title":"Applying federated learning to protect data on mobile devices","date":"June 14, 2022","format":false,"excerpt":"What the research is: Federated learning with differential privacy (FL-DP) is one of the latest privacy-enhancing technologies being evaluated at Meta as we constantly work to enhance user privacy and further safeguard users\u2019 data in the products we design, build, and maintain. FL-DP enhances privacy in two important ways: It\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":559,"url":"https:\/\/fde.cat\/index.php\/2022\/03\/30\/how-meta-enables-de-identified-authentication-at-scale\/","url_meta":{"origin":743,"position":1},"title":"How Meta enables de-identified authentication at scale","date":"March 30, 2022","format":false,"excerpt":"Data minimization \u2014 collecting the minimum amount of data required to support our services \u2014 is one of our core principles at Meta as we continue developing new privacy-enhancing technologies (PETs). We are constantly seeking ways to improve privacy and protect user data on our family of products. Previously, we\u2019ve\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":784,"url":"https:\/\/fde.cat\/index.php\/2023\/11\/08\/enhancing-the-security-of-whatsapp-calls\/","url_meta":{"origin":743,"position":2},"title":"Enhancing the security of WhatsApp calls","date":"November 8, 2023","format":false,"excerpt":"New optional features in WhatsApp have helped make calling on WhatsApp more secure. \u201cSilence Unknown Callers\u201d is a new setting on WhatsApp that not only quiets annoying calls but also blocks sophisticated cyber attacks. \u201cProtect IP Address in Calls\u201d is a new setting on WhatsApp that helps hide your location\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":833,"url":"https:\/\/fde.cat\/index.php\/2024\/03\/06\/making-messaging-interoperability-with-third-parties-safe-for-users-in-europe\/","url_meta":{"origin":743,"position":3},"title":"Making messaging interoperability with third parties safe for users in Europe","date":"March 6, 2024","format":false,"excerpt":"To comply with a new EU law, the Digital Markets Act (DMA), which comes into force on March 7th, we\u2019ve made major changes to WhatsApp and Messenger to enable interoperability with third-party messaging services.\u00a0 We\u2019re sharing how we enabled third-party interoperability (interop) while maintaining end-to-end encryption (E2EE) and other privacy\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":753,"url":"https:\/\/fde.cat\/index.php\/2023\/08\/29\/scheduling-jupyter-notebooks-at-meta\/","url_meta":{"origin":743,"position":4},"title":"Scheduling Jupyter Notebooks at Meta","date":"August 29, 2023","format":false,"excerpt":"At Meta, Bento is our internal Jupyter notebooks platform that is leveraged by many internal users. Notebooks are also being used widely for creating reports and workflows (for example, performing data ETL) that need to be repeated at certain intervals. Users with such notebooks would have to remember to manually\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":615,"url":"https:\/\/fde.cat\/index.php\/2022\/07\/28\/five-security-principles-for-billions-of-messages-across-metas-apps\/","url_meta":{"origin":743,"position":5},"title":"Five security principles for billions of messages across Meta\u2019s apps","date":"July 28, 2022","format":false,"excerpt":"At Meta, our messaging apps help billions of people around the world stay connected to those who matter most to them. This scale brings potential threats from criminals and hackers, so we have a responsibility to keep people and their data safe. We\u2019re sharing a set of principles to ensure\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/comments?post=743"}],"version-history":[{"count":0,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/743\/revisions"}],"wp:attachment":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/media?parent=743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/categories?post=743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/tags?post=743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}