Presentation is loading. Please wait.

Presentation is loading. Please wait.

Human-Computable Passwords Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala.

PublishBrett Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "Human-Computable Passwords Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala."— Presentation transcript:

1 Human-Computable Passwords Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala

2 Password Management p5p5 p4p4 p3p3 p2p2 p1p1 2 Competing Goals: SecurityUsability

3 Password Security Game PayPaul.com + q $1,000,000 guesses p5p5 BCRYPT(p 4 ) p5p5 p4p4 p3p3 p2p2 p1p1 3

4 Previous Work Naturally Rehearsing Passwords – Presentation on Thursday – Password Management Scheme: Shared Cues

5 Security Results Attacks k= 1 t=1 k=2 ReuseNo Strong Random Independent Yes Shared CuesYes No 5 Usable + Insecure Unusable + Secure Usable + Secure Phishing Attack Offline Attack

6 Security Results Attacks k= 1 t=1 k=2 ReuseNo Strong Random Independent Yes Shared CuesYes No 6 Usable + Insecure Unusable + Secure Usable + Secure Phishing Attack Offline Attack

7 Previous Work Naturally Rehearsing Passwords – Presentation on Thursday – Password Management Scheme: Shared Cues Key Question: Can we get better security if we ask the user to perform simple computations to generate his passwords?

8 Human Computation Restricted – Simple operations (addition, lookup) – Operations performed in memory (limited space)

9 Human Computation Restricted – Simple operations (addition, lookup) – Operations performed in memory (limited space) Improve Security? – Simple Computations vs. Pure Recall

10 Candidate Scheme Memorize a Random Mapping – One time step! Password Computed as a Response to Public Challenges Required Operations – Addition modulo 10 – Memory lookups

11 Random Mapping Image I … σ(I)93…6

12 Single-Digit Challenge 0123401234 5678956789 Response: σ + σ = 2 mod 10

13 Single-Digit Challenge 0123401234 5678956789 Response: σ + σ = 2 mod 10

14 Single-Digit Challenge 0123401234 5678956789 Response: σ + σ + σ = 7 + 4 + 5 = 6 mod 10

15 Passwords 0123401234 5678956789 Password: Username: jblocki σ + σ + σ = 7 + 4 + 5 = 6 mod 10

16 Passwords 0123401234 5678956789 Password: * Username: jblocki

17 Passwords 0123401234 5678956789 Password: ** Username: jblocki

18 Usability Memorization is a one time cost – Mapping f is rehearsed naturally – Can Add new Images over Time Time – 75 seconds for a 10 digit password – 7.5 seconds per digit (average)

19 Usability (Time) It takes me 7.5 seconds per digit (average) 2.5 minutes for a 20-digit password <30 seconds for a 4-digit password

20 Open Challenge http://www.cs.cmu.edu/~jblocki/HumanComputablePasswordsChallenge/challenge.htm

21 Open Challenge http://www.cs.cmu.edu/~jblocki/HumanComputablePasswordsChallenge/challenge.htm

Download ppt "Human-Computable Passwords Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala."

Similar presentations

Securing Passwords against Dictionary Attacks

Securing Passwords against Dictionary Attacks
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Naturally Rehearsing Passwords Jeremiah Blocki ASIACRYPT 2013 Manuel Blum Anupam Datta.

Naturally Rehearsing Passwords Jeremiah Blocki ASIACRYPT 2013 Manuel Blum Anupam Datta.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.

1 J. Alex Halderman A Convenient Method for Securely Managing Passwords J. Alex Halderman Princeton Brent Waters Stanford Edward W. Felten Princeton.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords Jeremiah Blocki Saranga Komanduri Lorrie Cranor Anupam Datta NDSS 2015.

Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords Jeremiah Blocki Saranga Komanduri Lorrie Cranor Anupam Datta NDSS 2015.
GOTCHA Password Hackers! Jeremiah Blocki Manuel Blum Anupam Datta AISec2013 Presented by Arunesh Sinha.

GOTCHA Password Hackers! Jeremiah Blocki Manuel Blum Anupam Datta AISec2013 Presented by Arunesh Sinha.
Usable and Secure Password Management Jeremiah Blocki Spring 2012 Theory Lunch.

Usable and Secure Password Management Jeremiah Blocki Spring 2012 Theory Lunch.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta.

Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.

1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.
Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Similar presentations

Ads by Google