Presentation is loading. Please wait.

Presentation is loading. Please wait.

Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta.

Published byShana Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta."— Presentation transcript:

1 Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta

2 Password Management Competing Goals: SecurityUsability 2

3 A Challenging Problem 3 Traditional Security Advice Not too short Use mix of lower/upper case letters Change your passwords every 90 days Use numbers and letters Don’t use words/names Use special symbols Don’t Write it Down Don’t Reuse Passwords

4 Experiment #0 4 Memorize the following string L~;z&K5De

5 Memory Experiment 1 5 PersonAlan Turing ActionKissing ObjectPiranha

6 Memory Experiment 2 PersonBill Gates Actionswallowing Objectbike

7 Outline 7 Introduction and Experiments Example Password Management Schemes Quantifying Usability Quantifying Security Our Password Management Scheme

8 Password Management Competing Goals: SecurityUsability 8

9 Scheme 0: Reuse Weak Password Pick four random words w (e.g., airplane) AccountAmazonEbay Passwordww

10 Scheme 1: Reuse Strong Password Pick four random words w 1,w 2,w 3,w 4 AccountAmazonEbay Passwordw1w2w3w4w1w2w3w4 w1w2w3w4w1w2w3w4

11 Scheme 2: Lifehacker Base Pwd + Derivation Rule – Derivation Rule: First two letters + last letter – Three random words Source: http://lifehacker.com/184773/geek-to-live--choose-and-remember-great-passwordshttp://lifehacker.com/184773/geek-to-live--choose-and-remember-great-passwords AccountAmazonEbay Derivedamneby Passwordw 1 w 2 w 3 amnw 1 w 2 w 3 eby

12 Scheme 2: Strong Random Independent Four Independent Random Words per Account AccountAmazonEbay Passwordw1w2w3w4w1w2w3w4 x1x2x3x4x1x2x3x4

13 Questions How can we evaluate password management strategies? – Quantify Usability – Quantify Security Can we design password management schemes which balance security and usability considerations?

14 Outline 14 Introduction and Experiments Example Password Management Schemes Quantifying Usability – Human Memory – Rehearsal Requirement – Visitation Schedule Quantifying Security Our Password Management Scheme

15 Human Memory is Semantic Memorize: nbccbsabc Memorize: tkqizrlwp 3 Chunks vs. 9 Chunks! Usability Goal: Minimize Number of Chunks Source: The magical number seven, plus or minus two [Miller, 56] 15

16 Human Memory is Associative ? 16

17 Cues 17 Cue: context when a memory is stored Surrounding Environment – Sounds – Visual Surroundings – Web Site – …. As time passes we forget some of this context…

18 Human Memory is Lossy Rehearse or Forget! – How much work? Quantify Usability – Rehearsal Assumption p amazon p google ???? 18

19 Quantifying Usability Human Memory is Lossy – Rehearse or Forget! – How much work does this take? Rehearsal Assumptions Visitation Schedule – Natural Rehearsal for frequently visited accounts

20 Rehearsal Requirement Expanding Rehearsal Assumption: user maintains cue-association pair by rehearsing during each interval [s i, s i+1 ]. Day: 1 2 4 5 8 Visit Amazon: Natural Rehearsal X t : extra rehearsals to maintain all passwords for t days. Google 20

21 Rehearsal Requirement Day: 1 2 4 5 8 X t : extra rehearsals to maintain all passwords for t days. Reuse Password Independent Passwords X8X8 02

22 Visitation Schedule 22 t1t1 t2t2 t2t2

23 Visitation Schedule User =1 (daily) =1/3 (biweekly) =1/7 (weekly) =1/31 (monthly) =1/365 (annual) Active10 35 Typical510 40 Occasional21020 23 Infrequent0251058 Number of accounts visited with frequency Day: 2 4 5 8 Poisson Process with parameter AmazonGoogle

24 Usability Results 24 Reuse Strong + Lifehacker Strong Random Independent Active0.023420 Typical0.084456.6 Occasional0.12502.7 Infrequent1.2564 E[X 365 ]: Extra Rehearsals to maintain all passwords over the first year. UsableUnusable

25 Valuable Resources Protected by Passwords 25

26 Outline 26 Introduction and Experiments Example Password Management Schemes Quantifying Usability Quantifying Security – Background – Failed Ideas – Our Approach: Security as a Game Our Password Management Scheme

27 Security (what could go wrong?) OnlineOfflinePhishing Danger Three Types of Attacks 27

28 Online Attack password 28 123456 Guess Limit: k-strikes policy

29 Offline Dictionary Attack 29 Username jblocki + jblocki, 123456 SHA1(12345689d978034a3f6)=85e23cfe 0021f584e3db87aa72630a9a2345c062 Hash 85e23cfe0021 f584e3db87aa 72630a9a234 5c062 Salt 89d978034a3f6

30 Plaintext Recovery Attack PayPaul.com 30 pwd

31 Snowball Effect Source: CERT Incident Note IN-98.03: Password Cracking Activity PayPaul.com + 31 pwd

32 Password Strength Meters mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm 32 Source: https://www.microsoft.com/security/pc-security/password-checker.aspxhttps://www.microsoft.com/security/pc-security/password-checker.aspx

33 Entropy (Weaknesses) mmmm G 1 has high entropy, but is insecure! 33

34 Min-Entropy (Weaknesses) PayPaul.com x x x 34

35 Our Security Approach 35 Dangerous World Assumption – Not enough to defend against existing adversaries – Adversary can adapt after learning the user’s new password management strategy Provide guarantees even when things go wrong – Offline attacks should fail with high probability – Limit damage of a successful phishing attack

36 + Security as a Game PayPaul.com q $1,000,000 guesses p5p5 Sha1(p 4 ) p5p5 p4p4 p3p3 p2p2 p1p1

37 The Adversary’s Game Adversary can compromise at most r sites (phishing). Adversary can execute offline attacks against at most h additional sites – Resource Constraints => at most q guesses Adversary wins if he can compromise any new sites. 37 pwd Sha1(pwd)

38 (q, , m,s,r,h)-Security r = #h = # 38 Offline Attack Accounts Phishing Attack Accounts q = # offline guesses m = # of accounts s = # online guesses

39 Example: (q, , m,3,1,1)-Security PayPaul.co m + q guesses r=1 h=1 39

40 Security Results (q $1,000,000, ,m,3,r,h)-security Attacks r= 1 h=1 r=2 ReuseNo Strong Random Independent Yes Usable + Insecure Unusable + Secure

41 Outline 41 Introduction and Experiments Example Password Management Schemes Quantifying Usability Quantifying Security Our Password Management Scheme

42 Usability Desiderata 42 Minimize #chunks per password Cues to keep context consistent Minimize Interference Maximize Natural Rehearsal What mnemonic techniques do the memory experts use?

43 Memory Palace 43 Memory champions like Dominic O'Brien regularly use memory palaces

44 Memory Palace Idea: Humans have excellent visual/spatial memory Memorize a list of words – Memorize: Mentally walk through your house and “store” one word in each location – Recall: Mentally walk past each location to recover each word Key Point: By associating each word with a familiar location we can always recover part of the original cue Source: Rhetorica ad Herennium [Cicero?] 44

45 Memory Palace Interference? Don’t reuse the same memory palace very often! Memory Champions have hundreds of memory palaces! – Spend time mentally “clearing” each palace before a competition Usability: A typical user doesn’t have time to prepare hundreds of memory palaces! Source: Moonwalking with Einstein [Foer, 2010] 45

46 Our Approach Object: bike Public Cue Private Action: kicking Object: penguin

47 Login Kic+Pen + Tor + Lio +... …

48 Login Kic+Pen + …. …

49 Sharing Cues Usability Advantages – Fewer stories to remember! – More Natural Rehearsals! Security? Day: 1 2 4 5 8 49

50 (n,l,  )-Sharing Set Family n n

51 n n

52 Security Results (q $1,000,000, ,m,3,r,h)-security Attacks r= 1 h=1 r=2 (n,4,4)-Sharing [Reuse] No (n,4,0)-Sharing [Independent] Yes (n,4,1)-Sharing [SC-1] Yes No (n,4,3)-Sharing [SC-0] YesNoYesNo

53 Sharing Cues 53 Thm: There is a (43,4,1)-Sharing Set Family of size m=90, and a (9,4,3)-Sharing Set Family of size 126 Proof? – Chinese Remainder Theorem! – Notice that 43 = 9+10+11+13 where 9, 10, 11, 13 are pair wise coprime. – A i uses cues: {i mod 9, i mod 10, i mod 11, i mod 13}

54 Chinese Remainder Theorem

55 Example (Account #80) Red Set (9 Cues)Blue Set (10 Cues)Green Set (11 Cues)Purple Set (13 Cues) Cue 0 Cue 1 Cue 2 Cue 3 Cue 4 Cue 5 Cue 6 Cue 7 Cue 8 Cue 9 Cue 10 Cue 11 Cue 12

56 Example (Account #80) Cue 8Cue 0Cue 3Cue 2 Password 80Secret 8Secret 0Secret 3Secret 2 Public Cue for Account 80

57 Usability Results 57 ReuseStrong Random Independent SC-1SC-0 Active 004203.93 00 Typical 00456.610.89 00 Occasional 00502.722.07 00 Infrequent1.2564119.772.44 E[X 365 ]: Extra Rehearsals to maintain all passwords over the first year.

58 Security Results (q $1,000,000, ,m,3,r,h)-security Attacks r= 1 h=1 r =2 (n,4,4)-Sharing [Reuse] No (n,4,0)-Sharing [Independent] Yes (n,4,1)-Sharing [SC-1] Yes No (n,4,3)-Sharing [SC-0] YesNoYesNo Usable + Insecure Unusable + Secure Usable + Secure

59 Experiment #0 59 Can anybody remember the 10 character password? L~;z&K5De

60 Memory Experiment 1 60

61 Memory Experiment 2

62 Thanks for Listening!

63 Backup Slides

64 User Study Validity of Expanding Rehearsal Assumption Mnemonic Devices and Rehearsal Schedules Collaborate with CyLab Usable Privacy and Security group (CUPS)

65 User Study Protocol Memorization Phase (5 minutes): – Participants asked to memorize four randomly selected person-action object stories. Rehearsal Phase (90 days): – Participants periodically asked to return and rehearse their stories (following rehearsal schedule)

66 Password Managers?

67 Limited Protection

68

69

Download ppt "Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Naturally Rehearsing Passwords Jeremiah Blocki ASIACRYPT 2013 Manuel Blum Anupam Datta.

Naturally Rehearsing Passwords Jeremiah Blocki ASIACRYPT 2013 Manuel Blum Anupam Datta.
1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.

1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords Jeremiah Blocki Saranga Komanduri Lorrie Cranor Anupam Datta NDSS 2015.

Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords Jeremiah Blocki Saranga Komanduri Lorrie Cranor Anupam Datta NDSS 2015.
GOTCHA Password Hackers! Jeremiah Blocki Manuel Blum Anupam Datta AISec2013 Presented by Arunesh Sinha.

GOTCHA Password Hackers! Jeremiah Blocki Manuel Blum Anupam Datta AISec2013 Presented by Arunesh Sinha.
Usable and Secure Password Management Jeremiah Blocki Spring 2012 Theory Lunch.

Usable and Secure Password Management Jeremiah Blocki Spring 2012 Theory Lunch.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.
1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Similar presentations

Ads by Google