HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and.

Slides:



Advertisements
Similar presentations
CLOSENESS: A NEW PRIVACY MEASURE FOR DATA PUBLISHING
Advertisements

Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.
Spelling Correction for Search Engine Queries Bruno Martins, Mario J. Silva In Proceedings of EsTAL-04, España for Natural Language Processing Presenter:
Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna
Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
OUTLINE Suffix trees Suffix arrays Suffix trees Indexing techniques are used to locate highest – scoring alignments. One method of indexing uses the.
Suffix Trees and Derived Applications Carl Bergenhem and Michael Smith.
The Essence of Command Injection Attacks in Web Applications Zhendong Su and Gary Wassermann Present by Alon Kremer April 2011.
Suffix Trees String … any sequence of characters. Substring of string S … string composed of characters i through j, i ate is.
CS 261 – Data Structures Hash Tables Part III: Hash like sorting algorithms.
Sequence Alignment Variations Computing alignments using only O(m) space rather than O(mn) space. Computing alignments with bounded difference Exclusion.
Module C9 Simulation Concepts. NEED FOR SIMULATION Mathematical models we have studied thus far have “closed form” solutions –Obtained from formulas --
Fall 2006Costas Busch - RPI1 Languages. Fall 2006Costas Busch - RPI2 Language: a set of strings String: a sequence of symbols from some alphabet Example:
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Fall 2004COMP 3351 Languages. Fall 2004COMP 3352 A language is a set of strings String: A sequence of letters/symbols Examples: “cat”, “dog”, “house”,
1 Exact Set Matching Charles Yan Exact Set Matching Goal: To find all occurrences in text T of any pattern in a set of patterns P={p 1,p 2,…,p.
A Presentation on the Implementation of Decision Trees in Matlab
A Cryptography Education Tool Anna Yu Department of Computer Science College of Engineering North Carolina A&T State University June 18, 2009.
Chapter The Basics of Counting 5.2 The Pigeonhole Principle
Basic Counting. This Lecture We will study some basic rules for counting. Sum rule, product rule, generalized product rule Permutations, combinations.
EXAMPLE 1 Writing Factors Members of the art club are learning to do calligraphy. Their first project is to make posters to display their new lettering.
Costas Busch - LSU1 Languages. Costas Busch - LSU2 Language: a set of strings String: a sequence of symbols from some alphabet Example: Strings: cat,
User Management: Passwords cs3353. Passwords Policy: “Choose a password you can’t remember and don’t write it down”
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.
DBXplorer: A System for Keyword- Based Search over Relational Databases Sanjay Agrawal, Surajit Chaudhuri, Gautam Das Cathy Wang
Kevin Killourhy Visualization & Usability Group Information Access Division Information Technology Laboratory Usability Research in Support Of Cyber-Security:
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Can Cloud Computing be Used for Planning? An Initial Study Authors: Qiang Lu*, You Xu†, Ruoyun Huang†, Yixin Chen† and Guoliang Chen* from *University.
Text Mining In InQuery Vasant Kumar, Peter Richards August 25th, 1999.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
1 Languages. 2 A language is a set of strings String: A sequence of letters Examples: “cat”, “dog”, “house”, … Defined over an alphabet:
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.
Clearly Visual Basic: Programming with Visual Basic 2008 Chapter 24 The String Section.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Protecting Your Password
Student Experience It’s your education Type the web site address into the browser given to you by your junior high or high school Select “I am a student”
SQL CREATING AND MANAGING TABLES lecture4 1. Database Objects ObjectDescription TableBasic unit of storage; composed of rows and columns ViewLogically.
Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,
Date: 2015/11/19 Author: Reza Zafarani, Huan Liu Source: CIKM '15
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 4: Events Programming with Alice and Java First Edition by John Lewis.
Guess again (and again and again) Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
Vigenère Tableau Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.
1 Utkarsha MishraCOMPSCI 725 David Silver, Suman Jana, Eric Chen, Collin Jackson, and Dan Boneh. “Password Managers: Attacks and Defenses.” In Proceedings.
Chapter 23 The String Section (String Manipulation) Clearly Visual Basic: Programming with Visual Basic nd Edition.
Task Mapping and Partition Allocation for Mixed-Criticality Real-Time Systems Domițian Tămaș-Selicean and Paul Pop Technical University of Denmark.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Section Basic Counting Principles: The Product Rule The Product Rule: A procedure can be broken down into a sequence of two tasks. There are n 1.
CPSC 233 Tutorial 5 February 2 th /3 th, Java Loop Statements A portion of a program that repeats a statement or a group of statements is called.
Substitution Ciphers Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.
A Predictive Blissymbolic to English Translation System
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
Tries 07/28/16 11:04 Text Compression
Languages Prof. Busch - LSU.
13 Text Processing Hongfei Yan June 1, 2016.
Timing Analysis of Keystrokes and Timing Attacks on SSH
Objective: Today we will investigate the ‘magic’ in magic squares.
Basic Counting.
CSE 1020:Software Development
Pattern Matching 1/14/2019 8:30 AM Pattern Matching Pattern Matching.
Student Experience It’s your education.
Suffix Trees String … any sequence of characters.
Knuth-Morris-Pratt Algorithm.
Pattern Matching 4/27/2019 1:16 AM Pattern Matching Pattern Matching
Trees in java.util A set is an object that stores unique elements
Languages Fall 2018.
Presentation transcript:

HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and Stuart, S. (August, 2014). In the proceedings of the 23rd USENIX security symposium. Isbn Presented by ZHAI Yuxiao(Eric)

LEARNING FROM TEXAS HOLD’EM Level 0 -- Know nothing Level 1 -- Know what cards I have (at least know the rule) Level 2 -- Know what cards opponents have Level 3 -- Know what cards opponents believe I have Level 4 -- Know what cards opponents believe I believe they have …

SUMMARY Background –Users are required to choose passwords that comply with certain policies Outline –Proposed a solution, the Telepathwords system –Described the design, implementation, human-subjects testing, public deployment and user response to the Telepathwords system My focus –Prediction Algorithms

USER INTERFACE

PREDICTION ALGORITHMS – DATA STRUCTURE A RESULT SETTRIE DATA STRUCTURE

PREDICTION ALGORITHMS – COMMON CHARACTER SEQUENCES LIKELIHOOD Likelihood increases with the length and frequency. A 1.5 GB English-language model derived from browser search queries A set of passwords which occurred five time or more in the RockYou dataset BEGIN ANYWHERE

PREDICTION ALGORITHMS – ‘PASSWORD-CREATION GUIDANCE’ LETTERS & DIGITSSUBSTITUTION One window walks the trie only where letters are typed One that does so only when digits are typed A table mapping common character substitution, such as 3 for e, $ for s, 0 for o Guide or misguide?

PREDICTION ALGORITHMS – OTHER TECHNIQUES Keyboard movements –X and Y coordinates represents row and column –A n-character prefix for a n-key-position sequence Repeated strings –Look for each repeated suffix of length n –The longer, the stronger prediction Interleaved strings –Split passwords to odd- and even-indexed characters –Run the other predictors on the substrings

Thank you!