1. Jeremy Clark Authenticating under duress Urs Hengartner Panic Passwords:

2. © Universal Pictures International 2007. Used under the fair dealings clause in the Canada Copyright Act.

3. Outline 1.Definitions 2.Threat Model: – Dimensions – Assumptions 3.Categories of Attacks 4.Concluding Remarks

4. Definitions Password Space

5. Definitions Password Space Regular

6. Definitions Password Space Regular Panic

7. Definitions Password Space Regular Panic Invalid

8. literature review

9. Literature Review No thorough attention from the academic community Off-the-shelf alarm systems have built in panic passwords Some patents have panic passwords as a component They use a basic scheme with limited applicability

10. a threat model

11. Participants Alice: subject entering her password Bob: entity receiving Alice’s password Oscar: adversary coercing Alice Assume Bob is trustworthy and not in collusion with Oscar

12. Assumptions 1.Kerckhoffs' principle: Oscar knows system 2.Observational principle: Oscar sees password entered 3.Iteration principle: Multiple authentications can be forced 4.Forced-randomization principle: Oscar can control the order of passwords to be entered

13. Parameter 1: Coercion Oscar threatens Alice with retribution if he can determine that Alice entered a panic password Called a screening attack or blackmail

14. Parameter 1: Coercion If Oscar cannot tell if Alice enters a panic password, then Alice cannot prove to him, for money, that she is entering a regular password Called signalling or bribery $

15. Parameter 2: Persistence Oscar could be persistent in his attack Oscar could have a limited timeframe in which to conduct his attack and thus be non- persistent Persistent Non-persistent

16. Parameter 3: Bob’s Action Bob could take some server-side, unobserved reaction upon receiving a panic password Bob could respond differently to Alice—a difference that could be observed by Oscar ABB Unobservable Reaction Observable Response

17. Parameter 4: Oscar’s Goal Oscar may want to prevent a panic password from being entered at all Oscar may not care if a panic password is entered, as long as a regular password is entered at some point    

18. some categories of attacks

19. Unrecoverable reactions B $  

20. Oscar wants to gain entry to a premise secured with an alarm Alice can deactivate the alarm with a password If Alice uses a panic password, the authorities are alerted B $  

21. 2P System Password Space Regular Panic Invalid

22. Unrecoverable reactions B $  

23. Non-Persistent Attacks ABB $  

24. An ATM issues marked bills if a panic PIN is entered Oscar can tell the difference after analysing the bills—thus he wants to escape with at least some unmarked bills ABB $  

25. Non-Persistent Attacks ABB $  

26. 2P-Lock System Password Space Regular Panic Invalid

27. 2P-Lock System Within a window of time: No Lock Lock upon second password No Lock

28. 2P-Lock System Within a window of time: No Lock Lock upon second password No Lock Different set of bills Same behaviour

29. Persistent Attacks ABB $  

30. An online voting system spoils any ballots that are cast using a panic password Oscar should not be able to coerce Alice’s vote, nor should Alice be able to verifiably sell her vote to Oscar ABB $  

31. Persistent Attacks ABB $  

32. P-Compliment System Password Space Regular Panic

33. P-Compliment System Password Space Regular Panic

34. Password Space Regular Panic Invalid

35. Password Space Regular Panic Invalid

36. Alice knows: 1 regular and 1 rule for separating panic from invalid Regular Panic Invalid

37. A System ABB $  

38. concluding remarks

39. Future Directions Expand the parameters for the threat model Find new rules for unlimited panic passwords A password exchange protocol that can distinguish regular, panic, and invalid passwords (given they will be hashed/MACed) Usability studies!

40. Concluding Remarks

41. Questions?

43. Title Body ABB $    