Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

Published byMyra Hudson Modified over 9 years ago

Similar presentations

Presentation on theme: "Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,"— Presentation transcript:

1 Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. In 23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, pp. 591-606. 2014. Presented by: Nazish Khan

2 Summary  Requires efficient algorithms to model users’ behaviour and employ already-typed characters to predict subsequent ones  Real time predictions based on numerous predictors  Common character sequences  Keyboard movements  Repeated strings  Interleaved strings  Compared Telepathwords with composition rules 2 Feedback bar Prediction display

3 Storing Previous Queries  In an ideal situation, we would want no evidence of past requests  Authors take a security risk by maintaining a cache of previously queried prefixes on the server 3 Cache of past requests ---  Removal of past requests

4 Issues Why is it a security risk?  Cache becomes central point of storage (of previous queries- prone to attacks)  Is confidentiality guaranteed? No  Is integrity guaranteed? No  Protect the log but what about the cache? 4

5 Securing the Log 5 Requests one-time session key Generates session key, encrypt it with a public key and writes encrypted session key to the log Log Sends the session key XORs traffic with stream cipher and using symmetric encryption (AES)

6 Justification Authors hardly justify their decision to go ahead with this risk. Why did they take this risk?  Reuse queries  Faster processing  Route all client-server communications over HTTPS  Server is unable to read the contents of the online log 6

7 Conclusion 7  Cache is not protected  An attacker could gain access to the data  No confidentiality or integrity  When a user is typing text, no protection mechanism in memory.  Log has only been encrypted to cater for confidentiality  An attacker could modify its contents- threat to integrity

8 Thank you Questions?

9 My opinion  I have my doubts regarding the realistic use of this system 9  Need to give some crucial thought to the following questions:  Is security really important in such a system?  How to cater for the trade-off between security and usability? What’s more important? To whom?

Download ppt "Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,"

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Conner Hansen Alex Summer Andreas Floeck Safe Message System.

Conner Hansen Alex Summer Andreas Floeck Safe Message System.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Dr.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Similar presentations

Ads by Google