Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004
Outline Speech-Generated Cryptographic Keys Password Hardening Based on Keystroke Dynamics Other new ideas for non-text passwords based on behavioral biometric features
Key Generation Based on repeatable behavioral biometric characteristics timing force of keystrokes voice frequencies Aims to achieve two goals Breaking passwords will be no easier For some or most, breaking them will be harder
Speech-Generated Keys – Monrose & Reiter System initialization Generate key K Generate 2m shares of K using generalized secret sharing scheme, with m a system param Shares arranged within an m x 2 table such that K can be reconstructed from any set of m shares consisting of one share from each row m K 2
Twist on traditional secret sharing Traditional defense: attacker will not possess enough shares to reconstruct the secret In this case, an attacker would have all shares if he had access to the physical device Requirement change: that the attacker will not be able to find a sufficient set of valid shares in the table (make an exhaustive search computationally difficult)
Speech-Generated Keys – Monrose & Reiter My voice is my passport. Verify me? (photo from Gathering behavioral measurements User utters passphrase System performs front-end signal processing and records measurements about voice features
Signal processing User utterance sampled at predefined sampling rate Minimum sampling rate on Compaq IPAQ: 32 kHz Reduce computational and storage cost by down sampling to 8 kHz (sufficient to accurately capture signal) – throw 3 of 4 samples away
Signal processing Signal then broken down and cleaned up Sample must be clean so as to be an accurate representation of user’s voice Arranged into frames – 12-dimensional vectors of reals Background noise removed by calculating avg. noise in white space in the sample and subtracting it from entire length of sample Sample data converted to bit sequence called a feature descriptor; used to regenerate key
Gathering behavioral statistics System measures m behavioral features of a user’s utterance Array of measurements concatenated into a bit string for each login attempt
Gathering behavioral statistics For each successful login attempt, the system updates the history of feature descriptors (consistent behavioral features)
Distinguishing features Security depends upon number of distinguishing features of voice A feature b ai (a the account, i the feature) is a distinguishing feature if T i > avg(b ai ) - k stddev(b ai ) or T i < avg(b ai ) - k stddev(b ai )
Going back to the 2 x m table… Elements of table not consistently accessed are randomly perturbed Correct user should not encounter perturbed (invalid) elements in table The more often the user logs in, the stronger the system becomes
Empirical results For an implementation in which the table was also encrypted with a password – makes a dictionary attack against the password up to 2^15 times more difficult
Password hardening based on keystroke dynamics Very similar concept – system begins as secure as a traditional password system and begins perturbing values in secret- sharing table that are not repeated consistently
Potential problems Painful to change password, if security greater than traditional systems is essential – cost associated with retraining the system In keystroke system, some degree of inference can be made about keystroke dynamics if password is known, and vice versa Not ideal for users who use different keyboards Security determined by degree of uniqueness of user’s voice or typing style
Is it accurate enough? Bergadano, Gunetti, and Picardi think not Inherent variability in most behavioral biometric identifiers is too great Propose using much longer samples and generating key based on duration of digraphs and trigraphs (sets of two and three consecutive letters) Not an appropriate substitute for traditional password systems Greater inherent variability with longer samples?
For more information Free demo