Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Semantic Patterns of Passwords and their Security Impact RAFAEL VERAS, CHRISTOPHER COLLINS, JULIE THORPE UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY.

Published byClinton Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "On the Semantic Patterns of Passwords and their Security Impact RAFAEL VERAS, CHRISTOPHER COLLINS, JULIE THORPE UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY."— Presentation transcript:

1 On the Semantic Patterns of Passwords and their Security Impact RAFAEL VERAS, CHRISTOPHER COLLINS, JULIE THORPE UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY PRESENTER: KYLE WALLACE

2 A Familiar Scenario… Password: “What should I pick as my new password?” User Name: CoolGuy90

3 A Familiar Scenario… “Musical!Snowycat90”

4 A Familiar Scenario… But how secure is “Musical!Snowycat90” really? (18 chars) ◦“Musical” – Dictionary word, possibly related to hobby ◦“!” – Filler character ◦“Snowy” – Dictionary word, attribute to “cat” ◦“cat” – Dictionary word, animal, possibly pet ◦“90” – Number, possibly truncated year of birth 15/18 characters are related to dictionary words! Why do we pick the passwords that we do?

5 Password Patterns? “Even after half a century of password use in computing, we still do not have a deep understanding of how people create their passwords” –Authors Are there ‘meta-patterns’ or preferences that can be observed across how people choose their passwords? Do these patterns/preferences have an impact on security?

6 Contributions Use NLP to segment, classify, and generalize semantic categories Describe most common semantic patterns in RockYou database A PCFG that captures structural, semantic, and syntactic patterns Evaluation of security impact, comparison with previous studies

7 Contributions Use NLP to segment, classify, and generalize semantic categories Describe most common semantic patterns in RockYou database A PCFG that captures structural, semantic, and syntactic patterns Evaluation of security impact, comparison with previous studies

8 Segmentation Decomposition of passwords into constituent parts ◦Passwords contain no whitespace characters (usually) ◦Passwords contain filler characters (“gaps”) between segments Ex: crazy2duck93^ -> {crazy, duck} & {2,93^} Issue: What about strings that parse multiple ways?

9 Coverage Prefer fewer, smaller gaps to larger ones Ex: Anyonebarks98 (13 characters long)

10 Splitting Algorithm Source corpora: Raw word list ◦Taken from COCA (Contemporary Corpus of American English) Trimmed version of COCA: ◦3 letter words: Frequency of 100+ ◦2 letter words: Top 37 ◦1 letter words: a, I Also collected list of names, cities, surnames, months, and countries

11 Splitting Algorithm

12 Common Words

13 Part-of-Speech Tagging

14 Semantic Classification Assigns a semantic classifier to each password segment ◦Only assigned to nouns and verbs WordNet: A graph of concepts expressed as a set of synonyms ◦“Synsets” are arranged into hierarchies, more general at top Fall back to source corpora for proper nouns ◦Tag with female name, male name, surname, country, or city

15 Semantic Classification Tags represented as word.pos.#, where # is the WordNet ‘sense’

16 Semantic Generalization

17 W=1000 (gold), W=5000 (red), W=10000(blue)

18 Contributions Use NLP to segment, classify, and generalize semantic categories Describe most common semantic patterns in RockYou database A PCFG that captures structural, semantic, and syntactic patterns Evaluation of security impact, comparison with previous studies

19 Classification RockYou leak (2009) contained over 32 million passwords Effect of generalization can be seen in a few cases (in blue) ◦Some generalizations better than others (Ex: ‘looted’ vs ‘bravo100’) Some synsets are not generalized (in red) ◦Ex: puppy.n.01 -> puppy.n.01

20 Summary of Categories Love (6,7) Places (3, 13) Sexual Terms (29, 34, 54, 69) Royalty (25, 59, 60) Profanity (40, 70, 72) Animals (33, 36, 37, 92, 96 100) Food (61, 66, 76, 82, 93) Alcohol (39) Money (46, 74) *Some categories expanded from two letter acronyms +Some categories contain noise from names dictionary

21 Top 100 Semantic Categories

22 Contributions Use NLP to segment, classify, and generalize semantic categories Describe most common semantic patterns in RockYou database A PCFG that captures structural, semantic, and syntactic patterns Evaluation of security impact, comparison with previous studies

23 Probabilistic Context-Free Grammar

24 Semantic PCFG

25 Sample PCFG

26 RockYou Base Structures (Top 50)

27 Contributions Use NLP to segment, classify, and generalize semantic categories Describe most common semantic patterns in RockYou database A PCFG that captures structural, semantic, and syntactic patterns Evaluation of security impact, comparison with previous studies

28 Building a Guess Generator Cracking attacks consist of three steps: ◦Generate a guess ◦Hash the guess using the same algorithm as target ◦Check for matches in the target database Most popular methods (using John the Ripper program) ◦Word lists (from previous breaks) ◦Brute force (usually after exhausting word lists)

29 Guess Generator At a high level: ◦Output terminals in highest probability order ◦Iteratively replaces higher probability terminals with lower probability ones ◦Uses priority queue to maintain order Will this produce the same list of guesses every time?

30 Guess Generator Example

31 Mangling Rules Passwords aren’t always strictly lowercase ◦Beardog123lol ◦bearDOG123LoL ◦BearDog123LoL Three types of rules: ◦Capitalize first word segment ◦Capitalize whole word segment ◦CamelCase on all segments Any others?

32 Comparison to Weir Approach Author’s approach seen as an evolution of Weir ◦Weir contains far fewer non-terminals (less precise estimates) ◦Weir does not learn semantic rules (fewer overall terminals) ◦Weir treats grammar and dictionary input separately ◦Authors semantic classification needs to be re-run for changes

33 Password Cracking Experiments Considered 5 methods: ◦Semantic approach w/o mangling rules ◦Semantic approach w/ custom mangling rules ◦Semantic approach w/ JtR’s mangling rules ◦Weir approach ◦Wordlist w/ JtR’s default rules + incremental brute force Attempted to crack LinkedIn and MySpace leaks

34 Experiment 1: RockYou vs LinkedIn 5,787,239 unique passwords Results: ◦Semantic outperforms non- semantic versions ◦Weir approach is worst (67% improvement) ◦Authors approach is more robust against differing demographics

35 Experiment 2: RockYou vs MySpace 41,543 unique passwords Results: ◦Semantic approach outperforms all ◦No-rules performs best ◦Weir approach is worst (32% improvement) ◦Password were phished, quality lowered?

36 Experiment 3: Maximum Crack Rate

37 Experiment 3: Time to Maximum Crack Fit non-linear regression to sample of guess probs. Results: ◦Semantic method has lower guess/second ◦Grammar is much larger than Weir method

38 Issues with Semantic Approach Further study needed into performance bottlenecks ◦Though semantic method is more efficient (high guesses/hit) Approach requires a significant amount of memory ◦Workaround involves probability threshold for adding to queue Duplicates could be produced due to ambiguous splits ◦Ex: (one, go) vs (on, ego)

39 Conclusions There are underlying semantic patterns in password creation These semantics can be captured in a probabilistic grammar This grammar can be used to efficiently generate probable passwords This generator shows (up to) a 67% improvement over previous efforts

40 Thank you! QUESTIONS?

Download ppt "On the Semantic Patterns of Passwords and their Security Impact RAFAEL VERAS, CHRISTOPHER COLLINS, JULIE THORPE UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY."

Similar presentations

CS460/IT632 Natural Language Processing/Language Technology for the Web Lecture 2 (06/01/06) Prof. Pushpak Bhattacharyya IIT Bombay Part of Speech (PoS)

CS460/IT632 Natural Language Processing/Language Technology for the Web Lecture 2 (06/01/06) Prof. Pushpak Bhattacharyya IIT Bombay Part of Speech (PoS)
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
WWW 2014 Seoul, April 8 th SNOW 2014 Data Challenge Two-level message clustering for topic detection in Twitter Georgios Petkos, Symeon Papadopoulos, Yiannis.

WWW 2014 Seoul, April 8 th SNOW 2014 Data Challenge Two-level message clustering for topic detection in Twitter Georgios Petkos, Symeon Papadopoulos, Yiannis.
PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design, 2 nd Edition Copyright 2003 © John Wiley & Sons, Inc. All rights reserved.

PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design, 2 nd Edition Copyright 2003 © John Wiley & Sons, Inc. All rights reserved.
Sequence Clustering and Labeling for Unsupervised Query Intent Discovery Speaker: Po-Hsien Shih Advisor: Jia-Ling Koh Source: WSDM’12 Date: 1 November,

Sequence Clustering and Labeling for Unsupervised Query Intent Discovery Speaker: Po-Hsien Shih Advisor: Jia-Ling Koh Source: WSDM’12 Date: 1 November,
A Syntactic Translation Memory Vincent Vandeghinste Centre for Computational Linguistics K.U.Leuven

A Syntactic Translation Memory Vincent Vandeghinste Centre for Computational Linguistics K.U.Leuven
10. Lexicalized and Probabilistic Parsing -Speech and Language Processing- 발표자 : 정영임 발표일 : 2007. 10. 6.

10. Lexicalized and Probabilistic Parsing -Speech and Language Processing- 발표자 : 정영임 발표일 :
March 1, 2009 Dr. Muhammed Al-Mulhem 1 ICS 482 Natural Language Processing Probabilistic Context Free Grammars (Chapter 14) Muhammed Al-Mulhem March 1,

March 1, 2009 Dr. Muhammed Al-Mulhem 1 ICS 482 Natural Language Processing Probabilistic Context Free Grammars (Chapter 14) Muhammed Al-Mulhem March 1,
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Regional Workshop for African Countries on Compilation of Basic Economic Statistics Pretoria, 23-26 July 2007 Administrative Data and their Use in Economic.

Regional Workshop for African Countries on Compilation of Basic Economic Statistics Pretoria, July 2007 Administrative Data and their Use in Economic.
In Search of a More Probable Parse: Experiments with DOP* and the Penn Chinese Treebank Aaron Meyers Linguistics 490 Winter 2009.

In Search of a More Probable Parse: Experiments with DOP* and the Penn Chinese Treebank Aaron Meyers Linguistics 490 Winter 2009.
PCFG Parsing, Evaluation, & Improvements Ling 571 Deep Processing Techniques for NLP January 24, 2011.

PCFG Parsing, Evaluation, & Improvements Ling 571 Deep Processing Techniques for NLP January 24, 2011.
CS 330 Programming Languages 09 / 13 / 2007 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 13 / 2007 Instructor: Michael Eckmann.
Semantic text features from small world graphs Jure Leskovec, IJS + CMU John Shawe-Taylor, Southampton.

Semantic text features from small world graphs Jure Leskovec, IJS + CMU John Shawe-Taylor, Southampton.
Predicting the Semantic Orientation of Adjective Vasileios Hatzivassiloglou and Kathleen R. McKeown Presented By Yash Satsangi.

Predicting the Semantic Orientation of Adjective Vasileios Hatzivassiloglou and Kathleen R. McKeown Presented By Yash Satsangi.
1 Noun Homograph Disambiguation Using Local Context in Large Text Corpora Marti A. Hearst Presented by: Heng Ji Mar. 29, 2004.

1 Noun Homograph Disambiguation Using Local Context in Large Text Corpora Marti A. Hearst Presented by: Heng Ji Mar. 29, 2004.
1/17 Acquiring Selectional Preferences from Untagged Text for Prepositional Phrase Attachment Disambiguation Hiram Calvo and Alexander Gelbukh Presented.

1/17 Acquiring Selectional Preferences from Untagged Text for Prepositional Phrase Attachment Disambiguation Hiram Calvo and Alexander Gelbukh Presented.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Creation of a Russian-English Translation Program Karen Shiells.

Creation of a Russian-English Translation Program Karen Shiells.
ENTROPY OF FINGERPRINT SENSORS. Do different fingerprint sensors affect the entropy of a fingerprint? RESEARCH QUESTION/HYPOTHESIS.

ENTROPY OF FINGERPRINT SENSORS. Do different fingerprint sensors affect the entropy of a fingerprint? RESEARCH QUESTION/HYPOTHESIS.

Similar presentations

Ads by Google