Presentation is loading. Please wait.

Presentation is loading. Please wait.

HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and.

Published byDarleen May Modified over 9 years ago

Similar presentations

Presentation on theme: "HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and."— Presentation transcript:

1 HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and Stuart, S. (August, 2014). In the proceedings of the 23rd USENIX security symposium. Isbn 978-1-931971-15-7 Presented by ZHAI Yuxiao(Eric)

2 LEARNING FROM TEXAS HOLD’EM Level 0 -- Know nothing Level 1 -- Know what cards I have (at least know the rule) Level 2 -- Know what cards opponents have Level 3 -- Know what cards opponents believe I have Level 4 -- Know what cards opponents believe I believe they have … http://eoto.blogs.tamk.fi/author/b4asvidk/

3 SUMMARY Background –Users are required to choose passwords that comply with certain policies Outline –Proposed a solution, the Telepathwords system –Described the design, implementation, human-subjects testing, public deployment and user response to the Telepathwords system My focus –Prediction Algorithms

4 USER INTERFACE

5 PREDICTION ALGORITHMS – DATA STRUCTURE A RESULT SETTRIE DATA STRUCTURE

6 PREDICTION ALGORITHMS – COMMON CHARACTER SEQUENCES LIKELIHOOD Likelihood increases with the length and frequency. A 1.5 GB English-language model derived from browser search queries A set of passwords which occurred five time or more in the RockYou dataset BEGIN ANYWHERE

7 PREDICTION ALGORITHMS – ‘PASSWORD-CREATION GUIDANCE’ LETTERS & DIGITSSUBSTITUTION One window walks the trie only where letters are typed One that does so only when digits are typed A table mapping common character substitution, such as 3 for e, $ for s, 0 for o Guide or misguide?

8 PREDICTION ALGORITHMS – OTHER TECHNIQUES Keyboard movements –X and Y coordinates represents row and column –A n-character prefix for a n-key-position sequence Repeated strings –Look for each repeated suffix of length n –The longer, the stronger prediction Interleaved strings –Split passwords to odd- and even-indexed characters –Run the other predictors on the substrings

9 Thank you!

Download ppt "HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and."

Similar presentations

CLOSENESS: A NEW PRIVACY MEASURE FOR DATA PUBLISHING

CLOSENESS: A NEW PRIVACY MEASURE FOR DATA PUBLISHING
Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.

Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.
Spelling Correction for Search Engine Queries Bruno Martins, Mario J. Silva In Proceedings of EsTAL-04, España for Natural Language Processing Presenter:

Spelling Correction for Search Engine Queries Bruno Martins, Mario J. Silva In Proceedings of EsTAL-04, España for Natural Language Processing Presenter:
Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna

Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna
Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
OUTLINE Suffix trees Suffix arrays Suffix trees Indexing techniques are used to locate highest – scoring alignments. One method of indexing uses the.

OUTLINE Suffix trees Suffix arrays Suffix trees Indexing techniques are used to locate highest – scoring alignments. One method of indexing uses the.
Suffix Trees and Derived Applications Carl Bergenhem and Michael Smith.

Suffix Trees and Derived Applications Carl Bergenhem and Michael Smith.
The Essence of Command Injection Attacks in Web Applications Zhendong Su and Gary Wassermann Present by Alon Kremer April 2011.

The Essence of Command Injection Attacks in Web Applications Zhendong Su and Gary Wassermann Present by Alon Kremer April 2011.
Suffix Trees String … any sequence of characters. Substring of string S … string composed of characters i through j, i ate is.

Suffix Trees String … any sequence of characters. Substring of string S … string composed of characters i through j, i ate is.
CS 261 – Data Structures Hash Tables Part III: Hash like sorting algorithms.

CS 261 – Data Structures Hash Tables Part III: Hash like sorting algorithms.
Sequence Alignment Variations Computing alignments using only O(m) space rather than O(mn) space. Computing alignments with bounded difference Exclusion.

Sequence Alignment Variations Computing alignments using only O(m) space rather than O(mn) space. Computing alignments with bounded difference Exclusion.
Module C9 Simulation Concepts. NEED FOR SIMULATION Mathematical models we have studied thus far have “closed form” solutions –Obtained from formulas --

Module C9 Simulation Concepts. NEED FOR SIMULATION Mathematical models we have studied thus far have “closed form” solutions –Obtained from formulas --
Fall 2006Costas Busch - RPI1 Languages. Fall 2006Costas Busch - RPI2 Language: a set of strings String: a sequence of symbols from some alphabet Example:

Fall 2006Costas Busch - RPI1 Languages. Fall 2006Costas Busch - RPI2 Language: a set of strings String: a sequence of symbols from some alphabet Example:
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Fall 2004COMP 3351 Languages. Fall 2004COMP 3352 A language is a set of strings String: A sequence of letters/symbols Examples: “cat”, “dog”, “house”,

Fall 2004COMP 3351 Languages. Fall 2004COMP 3352 A language is a set of strings String: A sequence of letters/symbols Examples: “cat”, “dog”, “house”,
1 Exact Set Matching Charles Yan 2008. 2 Exact Set Matching Goal: To find all occurrences in text T of any pattern in a set of patterns P={p 1,p 2,…,p.

1 Exact Set Matching Charles Yan Exact Set Matching Goal: To find all occurrences in text T of any pattern in a set of patterns P={p 1,p 2,…,p.
A Presentation on the Implementation of Decision Trees in Matlab

A Presentation on the Implementation of Decision Trees in Matlab
A Cryptography Education Tool Anna Yu Department of Computer Science College of Engineering North Carolina A&T State University June 18, 2009.

A Cryptography Education Tool Anna Yu Department of Computer Science College of Engineering North Carolina A&T State University June 18, 2009.

Similar presentations

Ads by Google