D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人：張淯閎.

Slides:

Advertisements

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Advertisements

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

HumanAUT Secure Human Identification Protocols Adam Bender Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

HumanAUT Secure Human Identification Protocols Adam Bender Avrim Blum Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.

Strong Password Protocols

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Authentication Approaches over Internet Jia Li

Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and.

A SECURE RECOGNITION BASED ON GRAPHICAL PASSWORD

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.

Lecture 11: Strong Passwords

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.

Honey Encryption: Security Beyond the Brute-Force Bound

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Visual Authentication Mechanisms. Rationale “Human memory for images is better than for words” Human memory for faces in particular is extremely good.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.

Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

TECHNICAL SEMINAR PRESENTATION BIOMETRICS:THE MAGIC OF IDENTIFICATION.

Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (Short Paper) FC 2010 Toni Perković joint work with Mario Čagalj and Nitesh Saxena.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.

Designing an Embedded Algorithm for Data Hiding using Steganographic Technique by File Hybridization G. Sahoo1 and R. K. Tiwari2 Presented by Pan Meng.

1 Authentication Technologies Authentication Mechanisms –Something you know –Something you have –Something you are Features –Authenticator & Base secret.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Computer Security Set of slides 8 Dr Alexei Vernitski.

Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.

TING-YI CHANG ( 張庭毅 ) Phone: EXT 7381 GRADUATE INSTITUTE OF E-LEARNING, NATIONAL CHANGHUA UNIVERSITY OF EDUCATION.

Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

Authentication Schemes for Session Passwords using Color and Images

ATM using fingerprint

By Hyun-Chul Kim, Hong-Woo Lee, Kyung-Seok Lee, Moon-Seog Jun

Computer Security Protection in general purpose Operating Systems

Presentation transcript:

D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人：張淯閎

Outline Introdution Password-Based Authentication D´ej`a Vu System Architecture Sample Applications User Study Conclution

Introduction User authentication is a central component of currently deployed security infrastructure. –Knowledge-based –Token-based –Biometrics Human’s vast memory for picture. Recognition-based authentication in D´ej`a Vu system.

Shortcomings of Password- Based Authentication Relies on precise recall of the secret information. Security problem –15% users picked passwords shorter or equal to three characters. –85% passwords can be easily broken by using dictionary. –Users often employ similar passwords for different purposes. Current Solutions –Aim to identify weak passwords. –Establish rules to guide user to follow.

D´ej`a Vu Three requirements –Not rely on precise recall. –Prevent users from choosing weak passwords. –Difficult to write passwords down or share to others. System Architecture –Based on the observation that people have an excellent memory for images. –Three phases: Portfolio Creation Phase Training Phase Authentication Phase

Portfolio Creation Phase System based on photographs or random art.random art. Not store images pixel-by- pixel in random art.

Training and Authentication Phase Training phase –To improve the memorability of the portfolio images. –Need to occur in a secure environment. Authentication phase –Server only needs to store the seed. –If user correctly identifies all portfolio images from challenges set (portfolio and decoy images), then she authenticated. –Portfolio can be to split among multiple servers to increase security.

Attacks and Countermeasures Brute-force attack –Challenge set consisting of n images. –Portfolio consisting of m images. –Probability Educated Guess Attack –Random art makes it hard to predict. –Hand select images to ensure that no weak images are used.

Attacks and Countermeasures Observer Attack –The position of the portfolio images with in the challenge set is randomized. –The method for the image selection is hidden. –The portfolio images can be slightly changed in each authentication. Intersection Attack –Use same challenge set –Split up into multiple stages –Tighten the bound on un successful logins before the account is blocked

Sample Applications Customer Authentication at ATM –Avoiding write PIN on the ATM card. –Portfolio selection and training can be don in a secure environment at the bank. –A one-time PIN to bootstrap the system. Web Authentication –Users often use the same username and password for the different purpose –Users often forget their passwords –D´ej`a Vu is well suited, because the recovery rate is lower than using passwords.

User Study Task Completion Time and Error Rate.

Conclusion This system has the advantage that the authentication task is more reliable, easier and fun to use. Prevent users from choosing weak passwords and write passwords down. Has potential applications,especially where text input is hare like PDAs or ATMs. The authentication schemes take advantage of innate human abilities.

Random Art A proposed hash visualization algorithm. The basic idea is to use a binary string s as a seed for a random number generator. Random Art is an algorithm such that given a bit-string as input, it will generate a function F:[-1,1] 2 ->[-1,1] 3,which defines an image. F maps each pixel (x,y) to a RGB value (r,g,b) which is a triple of intensities for the red, green and blue values, respectively.

Random Art