Presentation is loading. Please wait.

Presentation is loading. Please wait.

Breaking Undercover: Exploiting Design Flaws and

Published byEunice Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "Breaking Undercover: Exploiting Design Flaws and"— Presentation transcript:

1 Breaking Undercover: Exploiting Design Flaws and
Nonuniform Human Behavior Toni Perković1 joint work with Asma Mumtaz2, Yousra Javed2, Shujun Li3, Syed Ali Khayam2 and Mario Čagalj1 1FESB, University of Split, Croatia 2 National University of Science and Technology, Pakistan 3 Zukunftskolleg, University of Konstanz, Germany 21/07/2011

2 Outline Introduction How does Undercover work?
Implementation CHI’2008 Implementation Pervasive’2009 Breaking Undercover Timing attack Intersection attack Can Undercover be enhanced? Attempt #1 Attempt #2 Generalizing timing attacks Summary

3 Introduction Classical PIN-entry methods (via keyboards, keypads and alike) are all vulnerable to observation attacks Thinkst.com – July 2011 [Kuhn2004] Shoulder surfing attacks Phishing attacks Malware based attacks

4 Introduction Solution: A challenge-response protocol
User (P) and Verifier (V) share secret S V  P: challenges C1(S), …, Ct(S) P  V: responses R1=f1(C1,S), …, Rt=ft(Ct,S) V: Accept P if all responses are correct Goal: design a mapping f such that the attacker cannot recover S C and R are fully observable to the attacker C and R are completelly or partially unobservable to the attacker Fully observable Partially observable [Sobrado02] [Sasamoto08]

5 It is difficult to design a secure HCI - Devil is in details
Introduction Designing a usable cognitive PIN-entry method secure against eavesdroppers is truly challenging: Matsumoto-Imai scheme (EuroCrypt’91) NOT secure (Wang et al., EuroCrypt’95) Matsumoto protocols (CCS’96) NOT secure (Hopper & Blum 2001; Li & Shum 2003) Hopper-Blum protocols (AsiaCrypt’2001) NOT usable (166 seconds for login) Cognitive Authentication Scheme (S&P’2006) Neither usable nor secure (S&P’2007) Predicate-based Authentication Scheme (ACSAC’2008) Neither secure nor usable (ACSAC’2009) Undercover (CHI’2008) Is Undercover secure? Challenge 1: Security vs. Usability Challenge 2: Weak humans vs. Powerful attackers It is difficult to design a secure HCI - Devil is in details

6 Undercover: Implementation 1
Hirokazu Sasamoto, Nicolas Christin and Eiji Hayashi, “Undercover: Authentication Usable in Front of Prying Eyes”, CHI’2008 One login session: 28 pictures: 5 pass-pictures and 23 non-pass 7 public challenges: 5 challenges with one pass-picture 2 challenges without pass-picture Each public challenge contains: One hidden challenge – trackball covered by hand Undercover system

7 Undercover: Implementation 1
Example: 4 Public challenge Hidden challenge: “Left” 2 Response: 2 Average login time: ≈ 32 sec

8 Undercover: Implementation 2
M. Hasegawa, N. Christin and E. Hayashi, “New Directions in Multisensory Authentication,” Pervasive’2009 Average login time: ≈ 10 sec. vs 32 sec. with Undercover Other solutions: VibraPass [De Luca09] Secure Haptic Key (SHK) [Binachi10] STL, Mod10 [Perkovic10] PIN digit is 2, hidden digit is 6

9 Undercover How safe is Undercover against timing/intersection attacks?
How safe is Alternative Undercover against intersection attacks? These problems are due to: Design flaws Nonuniform human behavior They can be fixed The problems are general and not prone to Undercover only Undercover Alternative Undercover

10 Undercover: Our Implementation
Software-based implementation PassFaces Hidden channel

11 Breaking Undercover A cooperative usability study at two universities:
FESB, University of Split in Croatia National University of Science and Technology (NUST) in Pakistan 28 users (students and staff members) Users were asked to login once a day Overall success login rate ≈ 84% Median login rate: 26.5 Median login time: 30.1 sec 18 used the keyboard, 10 used the mouse as input device Compared to original Undercover, the median login time is slightly shorter (32 sec. vs 30.1 sec.)

12 Timing Attack on Undercover
A design flaw  Non-uniform human behavior The human response pattern: The difference between the user’s responses to “Up” hidden challenges and to other hidden challenges is significant at 5% level. Assume that the fastest response corresponds to “Up” challenge

13 Timing Attack on Undercover
Attack procedure: Step 1: Create 28 counters, C1,…,C28, for the 28 pictures, and initialize all of them to be 0. Step 2: For each observed login session, take the fastest response and assume that it corresponds to an “Up” challenge. Then, if the corresponding public challenge contains a pass-picture i, Ci++. Step 3: Rank all the pictures according to the values of the 28 counters, and take the top five pictures as the five pass-pictures forming the password. Some settings and enhancements: 1) negative penalty; 2) multiple fastest responses; 3) successful logins only. ... ... Conuter C1 C2 C3 Ci-1 Ci Ci+1 C28 Session0 Session1 1 Session2 1 1 Session3 1 1 1 ... ... ... SessionN 15 4 10 2 6 9 15

14 Timing Attack on Undercover
Theoretical analysis: pt5 – probabilty of revealed password p*t5 - probability where the passpicture is in the top 5 ranked Real performance – best results: First fastest response, no negative penalty, successful logins First fastest response, negative penalty, successful logins The real performance is similar to the one in the theoretical analysis.

15 Are public challenges fixed or randomized?
Intersection Attack on Undercover Each pass-picture and decoy picture is shown once and only once in a single authentication process. Are public challenges fixed or randomized? Attack (randomized public challenges): Step 1: Set P to be the space of all possible passwords Step 2: For each observed public challenge, reduce the space of candidate passwords P by checking each password in P and removing invalid ones Step 3: Repeat Step 2 until the size of P becomes 1 Example: observed ith public challenge Reduced candidate passwords ... ... ... ... ... ...

16 Intersection Attack on Undercover
Results of the attack MATLAB simulations with 15 randomly generated login sessions: On average 7-10 observed login sessions reveal the password Real login data collected in our user studies: On average number 8-11 login sessions reveal the password Solution: use fixed public challenges Additionally we asked the authors of Undercover – they used fixed challenges The devil is in details

17 Intersection Attack on Alternative Undercover
Example: PIN digit is 2, hidden digit is 6 The user pushes Button “Left” (◄) and Button “Down” (▼) The set of passwords is reduced from 10 to 4 (1, 2, 3 and 4) Theoretical analysis: PIN “0459” is revealed after 9 login sessions MATLAB simulations: PINs “1236” and “0459” are revealed after median number of 11 and 9 logins sessions, respecivelly. PIN digit Combinations of button press patterns Occurrence probability in n responses ▼ + ►►►► 4 ▼ + ◄◄◄◄ 5 ▲ + ►►►► 9 ▲ + ◄◄◄◄ 1 ▼ + ►►► + ◄ 3 ▼ + ► + ◄◄◄ 6 ▲ + ►►► + ◄ 8 ▲ + ► + ◄◄◄ 2 ▼ + ►► + ◄◄ 7 ▲ + ►► + ◄◄ Theoretical analisys of Intersection attack

18 Enhancing Undercover: Attempt #1
Change the button maps to make them equally difficult Results of the evaluation: It failed! Reason: “Up” button map is closest to the public challenge Before Enhancement

19 Enhancing Undercover: Attempt #2
Equal visual distance from each button map to the public challenge The hidden challenges are changed to “1”, …, “5” Procedure: Step1: Find the hidden response in the button layout near to the pass-picture or the “no pass-picture” Step2: Press the button at the same location as the hidden response Example: Hidden challenge: “2” Response: 3

20 Enhancing Undercover: Attempt #2
Enhanced security: The response times to different hidden challenges are not significantly different. None of passwords was fully revealed; the maximum number of revealed pass-pictures is below 50% Enhanced usability: The average login time ≈ 19 sec vs 30.1 sec. with Undercover The error rate: 6% All users prefered to use this method over Undercover!

21 Generalizing Timing Attacks
Human behavior can be nonuniform and nonlinear in many aspects: Response time Response error rate Mental computation Temporal variation Personal preference Facial expression and hand/body movement User interface should be designed in a way that users have NO distinguishable nonuniform behavior. Undercover - [Sasamoto2008] [Hopper01] Mod10 [Perkovic10] CCS poster [Kune2010] (0+7)mod 10 vs. (6+7) mod 10 (6+9)mod 10=5 vs. 6-1=5

22 Summary We presented two attacks on Undercover
Security weaknes in Undercover is due to some design flaws and nonuniform human behavior User behavior reveals sensitive information We proposed enhancements – a more secure and usable design In future designers of security systems should pay attention to the human-computer interfaces Future work: Generalization of timing attacks to other Undercover-like designs and other graphical passwords Development of new Undercover-like designs with lower login time and error rate Timing Attacks on cognitive authentication schemes have to be seriously considered!

23 Thank you for your attention! Questions?

Download ppt "Breaking Undercover: Exploiting Design Flaws and"

Similar presentations

Brute Force Attack Against Wi-Fi Protected Setup

Brute Force Attack Against Wi-Fi Protected Setup
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Principles of Engineering System Design Dr T Asokan

Principles of Engineering System Design Dr T Asokan
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Arjmand Samuel Microsoft Research Muhammad Shahzad.

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Arjmand Samuel Microsoft Research Muhammad Shahzad.
Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.
Active Learning and Collaborative Filtering

Active Learning and Collaborative Filtering
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
An Improved Methodology Towards Providing Immunity Against Weak Shoulder Surfing Attack Nilesh Chakraborty And Samrat Mondal.

An Improved Methodology Towards Providing Immunity Against Weak Shoulder Surfing Attack Nilesh Chakraborty And Samrat Mondal.
3d ..

3d ..
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.

1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran.

Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Similar presentations

Ads by Google