Jeremiah Blocki ASIACRYPT 2013 Manuel Blum Anupam Datta Memory Experiment 1 2 Person Alan Turing Action Kissing Object Piranha Memory Experiment 2 Person Bill Gates Action swallowing ID: 584184
Download Presentation The PPT/PDF document "Naturally Rehearsing Passwords" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Naturally Rehearsing Passwords
Jeremiah BlockiASIACRYPT 2013
Manuel Blum
Anupam DattaSlide2
Memory Experiment 1
2
Person
Alan
Turing
Action
Kissing
Object
PiranhaSlide3
Memory Experiment 2
Person
Bill
Gates
Action
swallowing
Object
bikeSlide4
Password Management Scheme
Competing Goals:
4
…Slide5
A Challenging Problem
5
Traditional Security Advice
Not too short
Use mix of lower/upper case letters
Change your passwords every 90 days
Use numbers and letters
Don’t use words/names
Use special symbols
Don’t Write it Down
Don’t Reuse PasswordsSlide6
Outline
6
Introduction and ExperimentsExample Password Management SchemesQuantifying Usability
Quantifying SecurityOur Password Management SchemeSlide7
Example Password Management Schemes
Scheme 1: Reuse PasswordPick four random words w1,w2
,w3,w4
Account
Amazon
Ebay
Password
w
1
w2w3w4w1w2w3w
4
Scheme 2: Strong Random Independent
Account
Amazon
Ebay
Password
w
1
w
2
w
3
w
4
x
1
x
2
x
3
x
4Slide8
Questions
How can we evaluate password management strategies?Quantify UsabilityQuantify SecurityCan we design password management schemes which balance security and usability considerations?Slide9
Outline
9
Introduction and ExperimentsExample Password Management SchemesQuantifying Usability
Human MemoryRehearsal RequirementVisitation ScheduleQuantifying Security
Our Password Management SchemeSlide10
Human Memory is Semantic
Memorize: nbccbsabcMemorize: tkqizrlwp
3 Chunks vs. 9 Chunks!Usability Goal: Minimize Number of Chunks
Source: The magical number seven, plus or minus two
[Miller, 56]10Slide11
Human Memory is Associative
?
11Slide12
Cues
12
Cue: context when a memory is stored
Surrounding EnvironmentSoundsVisual Surroundings
Web Site….As time passes we forget some of this context…Slide13
Human Memory is
Lossy
Rehearse or Forget!How much work?
Quantify UsabilityRehearsal Assumption
p
amazon
p
google
????
13Slide14
Quantifying Usability
Human Memory is LossyRehearse or Forget!How much work does this take?
Rehearsal AssumptionsVisitation ScheduleNatural Rehearsal for frequently visited accountsSlide15
Rehearsal Requirement
Expanding Rehearsal Assumption: user maintains cue-association pair by rehearsing during each interval
[si, s
i+1].
Day: 1 2 4 5 8
Visit Amazon: Natural Rehearsal
X
t
: extra rehearsals to maintain
all
passwords for t days.
Google
15Slide16
Rehearsal Requirement
Day: 1 2 4 5 8
X
t
: extra rehearsals to maintain
all
passwords for t days.
Reuse Password
Independent Passwords
X
8
0
2Slide17
Poisson Process with parameter
𝞴
Cue
shared by Amazon and
Google
+
𝞴
Visitation Schedule
17
t
1
t
2
t
2Slide18
Visitation Schedule
User
=1
(daily)=1/3 (biweekly)
=1/7(weekly)
=1/31 (monthly)
=1/365 (annual)
Active
1010101035Typical 5101010
40Occasional2
1020
20
23
Infrequent
0
2
5
10
58
Number of accounts visited with frequency
Day: 2 4 5 8
Poisson Process with parameter
Amazon
GoogleSlide19
Usability Results
19
Reuse
StrongStrong Random Independent
Active0.023
420
Typical
0.084
456.6
Occasional0.12502.7Infrequent1.2564E[X365]: Extra Rehearsals to maintain all passwords over the first year.
Usable
Unusable Slide20
Outline
20
Introduction and ExperimentsExample Password Management SchemesQuantifying Usability
Quantifying SecurityBackgroundPhilosophySecurity Definition: Password Guessing Game
Our Password Management SchemeSlide21
Security (what could go wrong?)
Danger
Three Types of Attacks
21Slide22
Online Attack
password
22
123456
123456
Guess Limit: k-strikes policySlide23
Offline Dictionary Attack
23
Username
jblocki
+
jblocki
, 123456
SHA1(123456
89d978034a3f6
)=
85e23cfe0021f584e3db87aa72630a9a2345c062
Hash
85e23cfe0021f584e3db87aa72630a9a2345c062
Salt
89d978034a3f6Slide24
Plaintext Recovery Attack
PayPaul.com
24
pwd
pwdSlide25
Snowball Effect
Source: CERT Incident Note IN-98.03: Password Cracking Activity
PayPaul.com
+
25
pwd
pwdSlide26
Our Security Approach
26
Dangerous World AssumptionNot enough to defend against existing adversariesAdversary can adapt after learning the user’s new password management strategy
Provide guarantees even when things go wrongOffline attacks should fail with high probabilityLimit damage of a successful phishing attack Slide27
+
Password Guessing Game
PayPaul.com
q
$1,000,000
guesses
p
5
BCRYPT(p
4
)
p
5
p
4
p
3
p
2
p
1Slide28
Password Guessing Game
Adversary can compromise at most r sites (phishing).Adversary can execute offline attacks against at most h additional sites Resource Constraints => at most q guesses
Adversary wins if he can compromise any new sites.
28
pwd
BCRYPT(
pwd
)Slide29
(q,
,m,s,r,h)-Security
For any adversary Adv
r
= #
h
= #
29
Offline Attack Accounts
Phishing Attack Accounts
q
= # offline guesses
m
= # of accounts
s
= # online guessesSlide30
Example:
(q,
,m,3,1,1)-Security
PayPaul.com
+
q
guesses
r
=1
h
=1
30Slide31
Security Results
(q$1,000,000,,m,3,r
,h)-security
Attacks
r= 1
r= 1
h=1
r=2
ReuseNoNoNo
NoStrong Random Independent
YesYes
Yes
Yes
Usable + Insecure
Unusable + Secure Slide32
Outline
32
Introduction and ExperimentsExample Password Management SchemesQuantifying Usability
Quantifying SecurityOur Password Management SchemeSlide33
Our Approach
Object: bike
Public Cue
Private
Action: kicking
Object: penguinSlide34
Login
Pwd
Kic
+Pen
+
Tor
+Lio
+
...
…
Kis
+pirSlide35
Login
Pwd
Kic
+Pen
+ ….
…
Swa
+bikSlide36
Sharing Cues
Usability AdvantagesFewer stories to remember!More Natural Rehearsals!Security?
Day: 1 2 4 5 8
36Slide37
(n,l
,)-Sharing Set Family
Definition: A (n,l,)-Sharing Set
Family of size m is a family of sets {S1,…,Sm
} with the following properties
n
n
Slide38
(n,l
,)-Sharing Set Family
m – number of passwords {S
1,…,Sm}.
n – total #PAO storiesl – #PAO stories for
each
site
– max intersection
– PAO stories for account i.
n
n
Slide39
Security Results
(q$1,000,000,,m,3,r
,h)-security
Attacks
r= 1
r= 1
h=1
r=2
(n,4,4)-Sharing[Reuse] NoNoNo
No
(n,4,0)-Sharing[Independent]
Yes
Yes
Yes
Yes
(n,4,
1)-Sharing
[SC-1]
Yes
Yes
Yes
No
(n,4,3)-Sharing
[SC-0]
Yes
No
Yes
NoSlide40
Sharing Cues
40
Thm: There is a (43,4,1)-Sharing Set Family of size m=90, and a (9,4,3)-Sharing Set Family of size 126Proof?
Chinese Remainder Theorem!Notice that 43 = 9+10
+11+13 where
9
,
10
,
11, 13 are pair wise coprime.Ai uses cues: {i mod 9, i mod 10, i mod 11, i mod 13} Slide41
Chinese Remainder Theorem
By the Chinese Remainder Theorem there is a unique number x s.t
1)
2)
3)
Hence, for
accounts A
i
and
Aj cannot use the same
red cue and blue cue.
Slide42
Usability Results
42
Reuse
Strong Random Independent
SC-1SC-0
Active
0
420
3.93
0Typical0456.610.890Occasional0502.722.07
0Infrequent
1.2564119.77
2.44
E[
X
365
]: Extra Rehearsals to maintain
all
passwords over the first year. Slide43
Security Results
(q$1,000,000,,
m,3,r,h)-security
Attacks
r= 1
r= 1
h=1
r
=2
(n,4,4)-Sharing[Reuse] NoNoNo
No
(n,4,0)-Sharing[Independent]
Yes
Yes
Yes
Yes
(n,4,
1)-Sharing
[SC-1]
Yes
Yes
Yes
No
(n,4,3)-Sharing
[SC-0]
Yes
No
Yes
No
Usable + Insecure
Unusable + Secure
Usable + Secure
Usable + Secure Slide44
Memory Experiment 1
44Slide45
Memory Experiment 2Slide46
Thanks for Listening!Slide47
Backup SlidesSlide48
User Study
Validity of Expanding Rehearsal Assumption
Mnemonic Devices and Rehearsal Schedules
Collaborate with CyLab Usable Privacy and Security group (CUPS)Slide49
User Study Protocol
Memorization Phase (5 minutes):Participants asked to memorize four randomly selected person-action object stories.
Rehearsal Phase (90 days):Participants periodically asked to return and rehearse their stories (following rehearsal schedule) Slide50
Password Managers?Slide51
Limited ProtectionSlide52
Limited ProtectionSlide53