Presentation is loading. Please wait.

Presentation is loading. Please wait.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Published byMadeline Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004."— Presentation transcript:

1 Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004

2 Outline Speech-Generated Cryptographic Keys Password Hardening Based on Keystroke Dynamics Other new ideas for non-text passwords based on behavioral biometric features

3 Key Generation Based on repeatable behavioral biometric characteristics  timing  force of keystrokes  voice frequencies Aims to achieve two goals  Breaking passwords will be no easier  For some or most, breaking them will be harder

4 Speech-Generated Keys – Monrose & Reiter System initialization  Generate key K  Generate 2m shares of K using generalized secret sharing scheme, with m a system param  Shares arranged within an m x 2 table such that K can be reconstructed from any set of m shares consisting of one share from each row m K 2

5 Twist on traditional secret sharing Traditional defense: attacker will not possess enough shares to reconstruct the secret In this case, an attacker would have all shares if he had access to the physical device Requirement change: that the attacker will not be able to find a sufficient set of valid shares in the table (make an exhaustive search computationally difficult)

6 Speech-Generated Keys – Monrose & Reiter My voice is my passport. Verify me? (photo from www.imdb.com) Gathering behavioral measurements  User utters passphrase  System performs front-end signal processing and records measurements about voice features

7 Signal processing User utterance sampled at predefined sampling rate Minimum sampling rate on Compaq IPAQ: 32 kHz Reduce computational and storage cost by down sampling to 8 kHz (sufficient to accurately capture signal) – throw 3 of 4 samples away

8 Signal processing Signal then broken down and cleaned up  Sample must be clean so as to be an accurate representation of user’s voice  Arranged into frames – 12-dimensional vectors of reals  Background noise removed by calculating avg. noise in white space in the sample and subtracting it from entire length of sample  Sample data converted to bit sequence called a feature descriptor; used to regenerate key

9 Gathering behavioral statistics System measures m behavioral features of a user’s utterance Array of measurements concatenated into a bit string for each login attempt

10 Gathering behavioral statistics For each successful login attempt, the system updates the history of feature descriptors (consistent behavioral features)

11 Distinguishing features Security depends upon number of distinguishing features of voice A feature b ai (a the account, i the feature) is a distinguishing feature if  T i > avg(b ai ) - k stddev(b ai ) or  T i < avg(b ai ) - k stddev(b ai )

12 Going back to the 2 x m table… Elements of table not consistently accessed are randomly perturbed Correct user should not encounter perturbed (invalid) elements in table The more often the user logs in, the stronger the system becomes

13 Empirical results For an implementation in which the table was also encrypted with a password – makes a dictionary attack against the password up to 2^15 times more difficult

14 Password hardening based on keystroke dynamics Very similar concept – system begins as secure as a traditional password system and begins perturbing values in secret- sharing table that are not repeated consistently

15 Potential problems Painful to change password, if security greater than traditional systems is essential – cost associated with retraining the system In keystroke system, some degree of inference can be made about keystroke dynamics if password is known, and vice versa Not ideal for users who use different keyboards Security determined by degree of uniqueness of user’s voice or typing style

16 Is it accurate enough? Bergadano, Gunetti, and Picardi think not  Inherent variability in most behavioral biometric identifiers is too great  Propose using much longer samples and generating key based on duration of digraphs and trigraphs (sets of two and three consecutive letters)  Not an appropriate substitute for traditional password systems  Greater inherent variability with longer samples?

17 For more information www.biopassword.com  Free demo www.mytec.com

Download ppt "Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004."

Similar presentations

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.
Keystroke Dynamics Jacob Wise and Chong Gu. Introduction ● People have “unique” typing patterns – “Unique” in the same way that fingerprints aren't proven.

Keystroke Dynamics Jacob Wise and Chong Gu. Introduction ● People have “unique” typing patterns – “Unique” in the same way that fingerprints aren't proven.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Physical Layer Security Made Fast and Channel-Independent Shyamnath Gollakota Dina Katabi.

Physical Layer Security Made Fast and Channel-Independent Shyamnath Gollakota Dina Katabi.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
T. E. Potok - University of Tennessee Software Engineering Dr. Thomas E. Potok Adjunct Professor UT Research Staff Member ORNL.

T. E. Potok - University of Tennessee Software Engineering Dr. Thomas E. Potok Adjunct Professor UT Research Staff Member ORNL.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
More MR Fingerprinting

More MR Fingerprinting
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Password Authentication Using Hopfield Neural Networks Shouhong Wang; Hai Wang Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions.

Password Authentication Using Hopfield Neural Networks Shouhong Wang; Hai Wang Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.
HumanAUT Secure Human Identification Protocols Adam Bender Avrim Blum Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.

HumanAUT Secure Human Identification Protocols Adam Bender Avrim Blum Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.
1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.

1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.

Similar presentations

Ads by Google