1 / 20

Human-Computable Passwords

Human-Computable Passwords. Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala. Previous Work. Naturally Rehearsing Passwords Presentation on Thursday. Password Management. p 1. p 2. p 3. p 4. p 5. Competing Goals:. Password Security Game. p 1. p 2. p 3. p 4. p 5.

rona
Download Presentation

Human-Computable Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Human-Computable Passwords Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala

  2. Previous Work • Naturally Rehearsing Passwords • Presentation on Thursday

  3. Password Management p1 p2 p3 p4 p5 Competing Goals:

  4. Password Security Game p1 p2 p3 p4 p5 BCRYPT(p4) PayPaul.com p5 q$1,000,000 guesses +

  5. Security Results Phishing Attack Usable + Insecure Unusable + Secure Usable + Secure Offline Attack

  6. Security Results Phishing Attack Usable + Insecure Unusable + Secure Usable + Secure Offline Attack

  7. Previous Work • Naturally Rehearsing Passwords • Presentation on Thursday • Password Management Scheme: Shared Cues • Key Question: Can we get better security if we ask the user to perform simple computations to generate his passwords?

  8. Human Computation • Restricted • Simple operations (addition, lookup) • Operations performed in memory (limited space) +2348979234 = ?

  9. Human Computation • Restricted • Simple operations (addition, lookup) • Operations performed in memory (limited space) • Improve Security? • Simple Computations vs. Pure Recall • Security against many breaches?

  10. Candidate Scheme • Memorize a Random Mapping • One time step! • Password Computed as a Response to Public Challenges • Required Operations • Addition modulo 10 • Memory lookups

  11. Random Mapping Initialization: User Memorizes Random Mapping m images

  12. Single-Digit Challenge 5 6 7 8 9 0 1 2 3 4 Response: σ+ σ= 2 mod 10

  13. Single-Digit Challenge 5 6 7 8 9 0 1 2 3 4 Response: σ+ σ= 2 mod 10

  14. Single-Digit Challenge 5 6 7 8 9 0 1 2 3 4 Response: σ+ σ+ σ = 7 + 4 + 5 = 6 mod 10

  15. Passwords 5 6 7 8 9 0 1 2 3 4 Username: σ + σ + σ = 7 + 4 + 5 = 6 mod 10 jblocki Password:

  16. Passwords 5 6 7 8 9 0 1 2 3 4 Username: jblocki Password: *

  17. Passwords 5 6 7 8 9 0 1 2 3 4 Username: jblocki Password: **

  18. Usability • Memorization is a one time cost • Mapping f is rehearsed naturally • Can Add new Images over Time • Time • 75 seconds for a 10 digit password • 7.5 seconds per digit (average)

  19. Open Challenge • Random mapping • Examples • 1000 single-digit challenge response pairs • Can you crack the code and guess one of the challenge passwords? http://www.cs.cmu.edu/~jblocki/HumanComputablePasswordsChallenge/challenge.htm

  20. Open Challenge http://www.cs.cmu.edu/~jblocki/HumanComputablePasswordsChallenge/challenge.htm

More Related