Presentation is loading. Please wait.

Presentation is loading. Please wait.

REU Summer Research in Computer Security

Published byΝέμεσις Πέρσις Σερπετζόγλου Modified over 6 years ago

Similar presentations

Presentation on theme: "REU Summer Research in Computer Security"— Presentation transcript:

1 REU Summer Research in Computer Security
Phillip G. Bradford Computer Science Department The University of Alabama

2 Computer Security: Summer 2003
Outline Goals Motivation The Challenge Visual Authentication for Small Wireless Devices Built in Java 2 Target to have it ported to J2ME 1/16/2019 Computer Security: Summer 2003

3 Computer Security: Summer 2003
Objective My Goal for your Summer Project Consists of Research & Design System [1-2 weeks] Build & Perform Analysis [4-5 weeks] Tuning and Write Up [3-4 weeks] Potential Submission to JOSHUA or other venue Journal of Science and Health at UA 1/16/2019 Computer Security: Summer 2003

4 Starting at the Beginning
Computer Passwords What makes a good password? For whom? Easy to recall for the human Relationship chasing Easy to guess for the attacker Dictionary Attacks Many responses Check your own users! Timeouts 1/16/2019 Computer Security: Summer 2003

5 Mobile and Wireless Issues
Passwords Hard to type PDAs are “one-hand” devices Mobility Physical Insecurity 1/16/2019 Computer Security: Summer 2003

6 Graphical Passwords Undergrad Project: Sobrado and Birget
Classical Passwords are Alpha-numeric Often with strong relationship to the user Easy to define search space Enlist another human association power Graphical & visual cognition! Consider human face recognition Much security is based on face recognition 1/16/2019 Computer Security: Summer 2003

7 Computer Security: Summer 2003
Graphical Passwords Human ability to recognize faces is extraordinary! Use human ability to recognize faces Not the computer’s inabilities! How can we create a password scheme That builds on Human Face recognition? See citations in Sobrado and Birget for history and background 1/16/2019 Computer Security: Summer 2003

8 Computer Security: Summer 2003
Start with a Famous Urn 1/16/2019 Computer Security: Summer 2003

9 Define Sequence of Clicks In Specific Places
4 1 3 2 1/16/2019 Computer Security: Summer 2003

10 Computer Security: Summer 2003
Pros and Cons The bad news “Shoulder Surfing” Even worse than for typed passwords The good news Quick and Easy for humans to process To Help correct for Shoulder Surfing Challenge-Response Authentication 1/16/2019 Computer Security: Summer 2003

11 Computer Security: Summer 2003
Random Scatter-Grams 1/16/2019 Computer Security: Summer 2003

12 Challenge-Response Authentication
Alice proves to Bob that she knows their common secret Without letting an observer know the secret! This allows us to foil shoulder surfers It also happens to have both Important applications, and Deep theoretical foundations 1/16/2019 Computer Security: Summer 2003

13 Computer Security: Summer 2003
Project Structure Read: Understand the Challenge How Strong is a Visual Security System? 3610 for length 10 “random” password From {a,b,…,z; 0,1,2,…,9} K-common objects from N total N Choose k; N=1000 and k=10 gives about 3615 1/16/2019 Computer Security: Summer 2003

14 Computer Security: Summer 2003
Project Structure Read: Define Small Variable-size Screen Challenge-Authentication Using “Random” Hash Function Geometric Objects Variable Strength Testable & Portable 1/16/2019 Computer Security: Summer 2003

15 Computer Security: Summer 2003
Project Structure Test-bed for human threshold limits Can we add “Lamport’s Hash Chain” Technology? Document Code and Write-up project 1/16/2019 Computer Security: Summer 2003

Download ppt "REU Summer Research in Computer Security"

Similar presentations

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Chameleon: A Novel System for Defending Eavesdropping of Secret Information Saiyma Sarmin Department of Computer.

Chameleon: A Novel System for Defending Eavesdropping of Secret Information Saiyma Sarmin Department of Computer.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi.

A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost devices Clemente Galdi Università di Napoli “Federico II” Luigi.
Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.

Duress Detection for Authentication Attacks Against Multiple Administrators Emil Stefanov UC Berkeley Mikhail Atallah Purdue University.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Secure Space: Location-based Secure Wireless Group Communication Arunesh Mishra, Suman Banerjee Department of Computer Science, University of Maryland,

Secure Space: Location-based Secure Wireless Group Communication Arunesh Mishra, Suman Banerjee Department of Computer Science, University of Maryland,
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Similar presentations

Ads by Google