Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks A Paper by Hristo Bojinov, Daniel Sanchez, Paul Reber,

Published byHector Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks A Paper by Hristo Bojinov, Daniel Sanchez, Paul Reber,"— Presentation transcript:

1 Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks A Paper by Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, Patrick Lincoln. Presented By, Course Advisor Jwala N Rao. M, Dr. Huzur Saran Deepika M. 1SIL-765

2 Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes cannot resist coercion attacks. These attacks are known as rubber hose cryptanalysis. In this paper, we present a defense against these attacks using implicit learning from cognitive psychology. 2SIL-765

3 Implicit Learning Implicit Learning Implicit learning involves the part of the brain called the basal ganglia that learns tasks such as riding a bicycle or playing golf by repeatedly performing those tasks. knowledge learned in this way is not consciously accessible to the person being trained. SIL-7653

4 Benefits over biometric authentication Unlike Biometrics, authenticating information cannot be duplicated and participants cannot reveal it even if they want to. In addition, if the trained sequence is compromised, a new identifying sequence can be trained as a replacement, resulting in a change of password. SIL-7654

5 We use a computer game to plant a secret password in the participant’s brain - without conscious knowledge. To use this system, participants would be initially trained to do a specific task called Serial Interception Sequence Learning (SISL). SIL-7655

6 The SISL Task and Applet The SISL Task and Applet The execution of the Serial Interception Sequence Learning (SISL) task is central to the authentication system that we have developed. SISL is a task in which human participants develop sensitivity to structured information without being aware of what they have learned. The task requires participants to intercept moving objects (circles) delivered in a pre-determined sequence, much like this is done in the popular game “Guitar Hero”. SIL-7656

7 7

8 Initially each object appears at the top of one of six different columns, and falls vertically at a constant speed until it reaches the “sink” at the bottom, at which point it disappears. The goal is to intercept every object as it nears the sink. Interception is performed by pressing the key that corresponds to the object’s column when the object is in the correct vertical position. SIL-7658

9 The sequences are designed to prevent easy to remember patterns from emerging. The result is that while the trained sequence is performed better than an untrained sequence, the participant usually does not consciously recognize the trained sequence. In order to confirm this SISL participants are typically asked to complete tests of explicit recognition in which they specify how familiar various sequences look to them. SIL-7659

10 The Basic Authentication System Using Implicit Learning The identification system operates in two steps:  Training.  Authentication. SIL-76510

11 Training Training In the training phase, Users learn a secret key by playing the SISL game in a trusted environment. The secret key is similar to a sequence of 30 characters over the set S = {s;d; f ; j;k; l}. We only use 30-character sequences that correspond to an Euler cycle in the graph shown in the following figure. These sequences have the property that every non-repeating bigram over S (such as ‘sd’, ‘dj’, ’fk’) appears exactly once. SIL-76511

12 SIL-76512

13  The trainee is presented with the 30-item secret key sequence repeated three times followed by 18 items selected from a random other sequence, for a total of 108 items.  This sequence is repeated five times, so that the trainee is presented with a total of 540 items.  At the end of this sequence there is a short pause in the SISL game and then the entire sequence of 540 items is repeated six more times. This takes 30-45 minutes. SIL-76513

14 Authentication To authenticate, a trained user is presented with the SISL game where elements from the trained authentication sequence and untrained elements will be present. By exhibiting reliably better performance on the trained elements compared to untrained, the participant validates his or her identity. Let k0 be the trained 30-item sequence and let k1,k2 be two additional 30-item sequences chosen at random from S. The same sequences (k0;k1;k2) are used for all authentication sessions. Let ‘p i ’ be the fraction of correct keys the user entered during all plays of the sequence ‘k i ’ ’. The system declares that authentication succeeded if p0 > average(p1, p2)+λ SIL-76514

15 Two Precautions: First, verifying that the authenticator is a live human. Second, the final training speed is known to the authentication server and the attacker is unlikely to match that performance difference between the trained and untrained blocks. A performance gap that is substantially different from the one obtained after training indicates an attack. SIL-76515

16 Usability Experiments SIL-76516 Experiment 1: Implicit and Explicit Learning Our first experiment confirmed that implicit learning can be clearly detected while explicit conscious sequence knowledge was minimal.

17 On the test block following training, participants performed the SISL task at an average rate of 79.2% correct for the trained sequence and 70.6% correct for the untrained sequence. The difference of 8.6% indicated better performance for trained sequence. Explicit recognition test: Experiments showed that the participants would not be able to recall the 30-item sequence. SIL-76517

18 Experiment 2: Recall Over Time SIL-76518 After training, a group returned to the online applet after 1 week to a retention test and recognition assessment for the trained sequence. A separate group returned after 2 weeks for the retention and recognition tests.

19 SIL-76519

20 Security Analysis Basic Coercion threat model: Extraction Phase: Adversary intercept one or more users and get them to reveal as much as they can using coercion. Test Phase: The adversary on his own, submits to the authentication test and his goal is to pass the test. SIL-76520

21 If the attacker intercepts ‘u’ users and subject each to ‘q’ queries, his chance of finding a valid sequence is atmost ‘qu/| Ʃ |’. Tests show that though the attacker captures 100 users and ask 10 5 queries per user, the probability is only 2 -16. SIL-76521

22 Conclusion Conclusion Rubber hose attacks have long been the bane of cryptography. We have presented a solution for that. Future Work: To reduce authentication time. SIL-76522

23 Thank You! SIL-76523

Download ppt "Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks A Paper by Hristo Bojinov, Daniel Sanchez, Paul Reber,"

Similar presentations

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Secure Pre-Shared Key Authentication for IKE

Secure Pre-Shared Key Authentication for IKE
1 Identification Who are you? How do I know you are who you say you are?

1 Identification Who are you? How do I know you are who you say you are?
SCSC 455 Computer Security

SCSC 455 Computer Security
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Cryptography and Network Security

Cryptography and Network Security
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Introduction to Snowfly An exciting rewards & recognition program!!!

Introduction to Snowfly An exciting rewards & recognition program!!!
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
Memory.

Memory.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Exploring interactions between long-term and working memory using the Hebbian repetition effect Kathryn L. Gigler & Paul J. Reber, Department of Psychology,

Exploring interactions between long-term and working memory using the Hebbian repetition effect Kathryn L. Gigler & Paul J. Reber, Department of Psychology,
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

Similar presentations

Ads by Google