308 research outputs found
Naturally Rehearsing Passwords
We introduce quantitative usability and security models to guide the design
of password management schemes --- systematic strategies to help users create
and remember multiple passwords. In the same way that security proofs in
cryptography are based on complexity-theoretic assumptions (e.g., hardness of
factoring and discrete logarithm), we quantify usability by introducing
usability assumptions. In particular, password management relies on assumptions
about human memory, e.g., that a user who follows a particular rehearsal
schedule will successfully maintain the corresponding memory. These assumptions
are informed by research in cognitive science and validated through empirical
studies. Given rehearsal requirements and a user's visitation schedule for each
account, we use the total number of extra rehearsals that the user would have
to do to remember all of his passwords as a measure of the usability of the
password scheme. Our usability model leads us to a key observation: password
reuse benefits users not only by reducing the number of passwords that the user
has to memorize, but more importantly by increasing the natural rehearsal rate
for each password. We also present a security model which accounts for the
complexity of password management with multiple accounts and associated
threats, including online, offline, and plaintext password leak attacks.
Observing that current password management schemes are either insecure or
unusable, we present Shared Cues--- a new scheme in which the underlying secret
is strategically shared across accounts to ensure that most rehearsal
requirements are satisfied naturally while simultaneously providing strong
security. The construction uses the Chinese Remainder Theorem to achieve these
competing goals
Towards Human Computable Passwords
An interesting challenge for the cryptography community is to design
authentication protocols that are so simple that a human can execute them
without relying on a fully trusted computer. We propose several candidate
authentication protocols for a setting in which the human user can only receive
assistance from a semi-trusted computer --- a computer that stores information
and performs computations correctly but does not provide confidentiality. Our
schemes use a semi-trusted computer to store and display public challenges
. The human user memorizes a random secret mapping
and authenticates by computing responses
to a sequence of public challenges where
is a function that is easy for the
human to evaluate. We prove that any statistical adversary needs to sample
challenge-response pairs to recover , for
a security parameter that depends on two key properties of . To
obtain our results, we apply the general hypercontractivity theorem to lower
bound the statistical dimension of the distribution over challenge-response
pairs induced by and . Our lower bounds apply to arbitrary
functions (not just to functions that are easy for a human to evaluate),
and generalize recent results of Feldman et al. As an application, we propose a
family of human computable password functions in which the user
needs to perform primitive operations (e.g., adding two digits or
remembering ), and we show that .
For these schemes, we prove that forging passwords is equivalent to recovering
the secret mapping. Thus, our human computable password schemes can maintain
strong security guarantees even after an adversary has observed the user login
to many different accounts.Comment: Fixed bug in definition of Q^{f,j} and modified proofs accordingl
Usability of Humanly Computable Passwords
Reusing passwords across multiple websites is a common practice that
compromises security. Recently, Blum and Vempala have proposed password
strategies to help people calculate, in their heads, passwords for different
sites without dependence on third-party tools or external devices. Thus far,
the security and efficiency of these "mental algorithms" has been analyzed only
theoretically. But are such methods usable? We present the first usability
study of humanly computable password strategies, involving a learning phase (to
learn a password strategy), then a rehearsal phase (to login to a few
websites), and multiple follow-up tests. In our user study, with training,
participants were able to calculate a deterministic eight-character password
for an arbitrary new website in under 20 seconds
GOTCHA Password Hackers!
We introduce GOTCHAs (Generating panOptic Turing Tests to Tell Computers and
Humans Apart) as a way of preventing automated offline dictionary attacks
against user selected passwords. A GOTCHA is a randomized puzzle generation
protocol, which involves interaction between a computer and a human.
Informally, a GOTCHA should satisfy two key properties: (1) The puzzles are
easy for the human to solve. (2) The puzzles are hard for a computer to solve
even if it has the random bits used by the computer to generate the final
puzzle --- unlike a CAPTCHA. Our main theorem demonstrates that GOTCHAs can be
used to mitigate the threat of offline dictionary attacks against passwords by
ensuring that a password cracker must receive constant feedback from a human
being while mounting an attack. Finally, we provide a candidate construction of
GOTCHAs based on Inkblot images. Our construction relies on the usability
assumption that users can recognize the phrases that they originally used to
describe each Inkblot image --- a much weaker usability assumption than
previous password systems based on Inkblots which required users to recall
their phrase exactly. We conduct a user study to evaluate the usability of our
GOTCHA construction. We also generate a GOTCHA challenge where we encourage
artificial intelligence and security researchers to try to crack several
passwords protected with our scheme.Comment: 2013 ACM Workshop on Artificial Intelligence and Security (AISec
Changing users' security behaviour towards security questions: A game based learning approach
Fallback authentication is used to retrieve forgotten passwords. Security
questions are one of the main techniques used to conduct fallback
authentication. In this paper, we propose a serious game design that uses
system-generated security questions with the aim of improving the usability of
fallback authentication. For this purpose, we adopted the popular picture-based
"4 Pics 1 word" mobile game. This game was selected because of its use of
pictures and cues, which previous psychology research found to be crucial to
aid memorability. This game asks users to pick the word that relates to the
given pictures. We then customized this game by adding features which help
maximize the following memory retrieval skills: (a) verbal cues - by providing
hints with verbal descriptions, (b) spatial cues - by maintaining the same
order of pictures, (c) graphical cues - by showing 4 images for each challenge,
(d) interactivity/engaging nature of the game.Comment: 6, Military Communications and Information Systems Conference
(MilCIS), 2017. arXiv admin note: substantial text overlap with
arXiv:1707.0807
Cue-Pin-Select, a Secure and Usable Offline Password Scheme
People struggle to invent safe passwords for many of their typical online activities. This leads to a variety of security problems when they use overly simple passwords or reuse them multiple times with minor modifications. Having different passwords for each service generally requires password managers or memorable (but weak) passwords, introducing other vulnerabilities [10, 18]. Recent research [14, 6] has offered multiple alternatives but those require either rote mem-orization [8] or computation on a physical device [23, 7]. This paper presents the Cue-Pin-Select password family scheme, which uses simple mental operations (counting and character selection) to create a password from a passphrase and the name of the service the password is targeted for. It needs little memorization to create and retrieve passwords, and requires no assistance from any physical device. It is durable and adaptable to different password requirements. It is secure against known threat models, including against adversaries with stolen passwords. A usability test shows the successes of users in real-life conditions over four days
- …