Naturally Rehearsing Passwords - PowerPoint Presentation

Slide1

Naturally Rehearsing Passwords

Jeremiah BlockiASIACRYPT 2013

Manuel Blum

Anupam DattaSlide2

Memory Experiment 1

2

Person

Alan

Turing

Action

Kissing

Object

PiranhaSlide3

Memory Experiment 2

Person

Bill

Gates

Action

swallowing

Object

bikeSlide4

Password Management Scheme

Competing Goals:

4

…Slide5

A Challenging Problem

5

Traditional Security Advice

Not too short

Use mix of lower/upper case letters

Change your passwords every 90 days

Use numbers and letters

Don’t use words/names

Use special symbols

Don’t Write it Down

Don’t Reuse PasswordsSlide6

Outline

6

Introduction and ExperimentsExample Password Management SchemesQuantifying Usability

Quantifying SecurityOur Password Management SchemeSlide7

Example Password Management Schemes

Scheme 1: Reuse PasswordPick four random words w1,w2

,w3,w4

Account

Amazon

Ebay

Password

w

1

w2w3w4w1w2w3w

4

Scheme 2: Strong Random Independent

Account

Amazon

Ebay

Password

w

1

w

2

w

3

w

4

x

1

x

2

x

3

x

4Slide8

Questions

How can we evaluate password management strategies?Quantify UsabilityQuantify SecurityCan we design password management schemes which balance security and usability considerations?Slide9

Outline

9

Introduction and ExperimentsExample Password Management SchemesQuantifying Usability

Human MemoryRehearsal RequirementVisitation ScheduleQuantifying Security

Our Password Management SchemeSlide10

Human Memory is Semantic

Memorize: nbccbsabcMemorize: tkqizrlwp

3 Chunks vs. 9 Chunks!Usability Goal: Minimize Number of Chunks

Source: The magical number seven, plus or minus two

[Miller, 56]10Slide11

Human Memory is Associative

?

11Slide12

Cues

12

Cue: context when a memory is stored

Surrounding EnvironmentSoundsVisual Surroundings

Web Site….As time passes we forget some of this context…Slide13

Human Memory is

Lossy

Rehearse or Forget!How much work?

Quantify UsabilityRehearsal Assumption

p

amazon

p

google

????

13Slide14

Quantifying Usability

Human Memory is LossyRehearse or Forget!How much work does this take?

Rehearsal AssumptionsVisitation ScheduleNatural Rehearsal for frequently visited accountsSlide15

Rehearsal Requirement

Expanding Rehearsal Assumption: user maintains cue-association pair by rehearsing during each interval

[si, s

i+1].

Day: 1 2 4 5 8

Visit Amazon: Natural Rehearsal

X

t

: extra rehearsals to maintain

all

passwords for t days.

Google

15Slide16

Rehearsal Requirement

Day: 1 2 4 5 8

X

t

: extra rehearsals to maintain

all

passwords for t days.

Reuse Password

Independent Passwords

X

8

0

2Slide17

Poisson Process with parameter

𝞴

Cue

shared by Amazon and

Google

+

𝞴

 Visitation Schedule

17

t

1

t

2

t

2Slide18

Visitation Schedule

User

=1

(daily)=1/3 (biweekly)

=1/7(weekly)

=1/31 (monthly)

=1/365 (annual)

Active

1010101035Typical 5101010

40Occasional2

1020

20

23

Infrequent

0

2

5

10

58

Number of accounts visited with frequency



Day: 2 4 5 8

Poisson Process with parameter



Amazon

GoogleSlide19

Usability Results

19

Reuse

StrongStrong Random Independent

Active0.023

420

Typical

0.084

456.6

Occasional0.12502.7Infrequent1.2564E[X365]: Extra Rehearsals to maintain all passwords over the first year.

Usable

Unusable Slide20

Outline

20

Introduction and ExperimentsExample Password Management SchemesQuantifying Usability

Quantifying SecurityBackgroundPhilosophySecurity Definition: Password Guessing Game

Our Password Management SchemeSlide21

Security (what could go wrong?)

Danger

Three Types of Attacks

21Slide22

Online Attack

password

22

123456

123456

Guess Limit: k-strikes policySlide23

Offline Dictionary Attack

23

Username

jblocki

+

jblocki

, 123456

SHA1(123456

89d978034a3f6

)=

85e23cfe0021f584e3db87aa72630a9a2345c062

Hash

85e23cfe0021f584e3db87aa72630a9a2345c062

Salt

89d978034a3f6Slide24

Plaintext Recovery Attack

PayPaul.com

24

pwd

pwdSlide25

Snowball Effect

Source: CERT Incident Note IN-98.03: Password Cracking Activity

PayPaul.com

+

25

pwd

pwdSlide26

Our Security Approach

26

Dangerous World AssumptionNot enough to defend against existing adversariesAdversary can adapt after learning the user’s new password management strategy

Provide guarantees even when things go wrongOffline attacks should fail with high probabilityLimit damage of a successful phishing attack Slide27

+

Password Guessing Game

PayPaul.com

q

$1,000,000

guesses

p

5

BCRYPT(p

4

)

p

5

p

4

p

3

p

2

p

1Slide28

Password Guessing Game

Adversary can compromise at most r sites (phishing).Adversary can execute offline attacks against at most h additional sites Resource Constraints => at most q guesses

Adversary wins if he can compromise any new sites.

28

pwd

BCRYPT(

pwd

)Slide29

(q,

,m,s,r,h)-Security

For any adversary Adv

r

= #

h

= #

29

Offline Attack Accounts

Phishing Attack Accounts

q

= # offline guesses

m

= # of accounts

s

= # online guessesSlide30

Example:

(q,

,m,3,1,1)-Security

PayPaul.com

+

q

guesses

r

=1

h

=1

30Slide31

Security Results

(q$1,000,000,,m,3,r

,h)-security

Attacks

r= 1

r= 1

h=1

r=2

ReuseNoNoNo

NoStrong Random Independent

YesYes

Yes

Yes

Usable + Insecure

Unusable + Secure Slide32

Outline

32

Introduction and ExperimentsExample Password Management SchemesQuantifying Usability

Quantifying SecurityOur Password Management SchemeSlide33

Our Approach

Object: bike

Public Cue

Private

Action: kicking

Object: penguinSlide34

Login

Pwd

Kic

+Pen

+

Tor

+Lio

+

...

…

Kis

+pirSlide35

Login

Pwd

Kic

+Pen

+ ….

…

Swa

+bikSlide36

Sharing Cues

Usability AdvantagesFewer stories to remember!More Natural Rehearsals!Security?

Day: 1 2 4 5 8

36Slide37

(n,l

,)-Sharing Set Family

Definition: A (n,l,)-Sharing Set

Family of size m is a family of sets {S1,…,Sm

} with the following properties

n

n

 Slide38

(n,l

,)-Sharing Set Family

m – number of passwords {S

1,…,Sm}.

n – total #PAO storiesl – #PAO stories for

each

site

– max intersection

– PAO stories for account i.

n

n

 Slide39

Security Results

(q$1,000,000,,m,3,r

,h)-security

Attacks

r= 1

r= 1

h=1

r=2

(n,4,4)-Sharing[Reuse] NoNoNo

No

(n,4,0)-Sharing[Independent]

Yes

Yes

Yes

Yes

(n,4,

1)-Sharing

[SC-1]

Yes

Yes

Yes

No

(n,4,3)-Sharing

[SC-0]

Yes

No

Yes

NoSlide40

Sharing Cues

40

Thm: There is a (43,4,1)-Sharing Set Family of size m=90, and a (9,4,3)-Sharing Set Family of size 126Proof?

Chinese Remainder Theorem!Notice that 43 = 9+10

+11+13 where

9

,

10

,

11, 13 are pair wise coprime.Ai uses cues: {i mod 9, i mod 10, i mod 11, i mod 13} Slide41

Chinese Remainder Theorem

By the Chinese Remainder Theorem there is a unique number x s.t

1)

2)

3)

Hence, for

accounts A

i

and

Aj cannot use the same

red cue and blue cue.

 Slide42

Usability Results

42

Reuse

Strong Random Independent

SC-1SC-0

Active

0

420

3.93

0Typical0456.610.890Occasional0502.722.07

0Infrequent

1.2564119.77

2.44

E[

X

365

]: Extra Rehearsals to maintain

all

passwords over the first year. Slide43

Security Results

(q$1,000,000,,

m,3,r,h)-security

Attacks

r= 1

r= 1

h=1

r

=2

(n,4,4)-Sharing[Reuse] NoNoNo

No

(n,4,0)-Sharing[Independent]

Yes

Yes

Yes

Yes

(n,4,

1)-Sharing

[SC-1]

Yes

Yes

Yes

No

(n,4,3)-Sharing

[SC-0]

Yes

No

Yes

No

Usable + Insecure

Unusable + Secure

Usable + Secure

Usable + Secure Slide44

Memory Experiment 1

44Slide45

Memory Experiment 2Slide46

Thanks for Listening!Slide47

Backup SlidesSlide48

User Study

Validity of Expanding Rehearsal Assumption

Mnemonic Devices and Rehearsal Schedules

Collaborate with CyLab Usable Privacy and Security group (CUPS)Slide49

User Study Protocol

Memorization Phase (5 minutes):Participants asked to memorize four randomly selected person-action object stories.

Rehearsal Phase (90 days):Participants periodically asked to return and rehearse their stories (following rehearsal schedule) Slide50

Password Managers?Slide51

Limited ProtectionSlide52

Limited ProtectionSlide53