usable and secure password management jeremiah blocki spring 2012 theory lunch

Download Usable and Secure Password Management Jeremiah Blocki Spring 2012 Theory Lunch

Post on 17-Dec-2015

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Usable and Secure Password Management Jeremiah Blocki Spring 2012 Theory Lunch
  • Slide 2
  • Password Management Competing Goals: SecurityUsability 2
  • Slide 3
  • A Challenging Problem 3 Traditional Security Advice Not too short Use mix of lower/upper case letters Change your passwords every 90 days Use numbers and letters Dont use words/names Use special symbols Dont Write it Down Dont Reuse Passwords
  • Slide 4
  • Reevaluate Traditional Advice? 4 Source: http://www.xkcd.com/936/ [Munroe]http://www.xkcd.com/936/ XKCD
  • Slide 5
  • Experiment #0 5 Memorize a random 10 character password Case Sensitive! L[IbCGa_ND
  • Slide 6
  • Experiment #1 Chaplin, Newspapers (plural) Cedric, Scanner 6
  • Slide 7
  • Experiment #2 March (Marching ing) Boats, Brie Swim ( not Michael Phelps ) 7
  • Slide 8
  • Experiment #2 Kareem, Plunge (Plunger r) Seal, Beneath 8
  • Slide 9
  • Experiment #3 9 CueActionObject Manuel Blumtorturinglion
  • Slide 10
  • Experiment #4 10 CueActionObject Stephen Rudichdestroyingshark
  • Slide 11
  • Experiment #3 Darth, Frosty Frosty, SoxDarth, Hover (Hovercraft craft) 11
  • Slide 12
  • Experiment #4 March (Marching ing) Boats, Brie Swim ( not Michael Phelps ) 12
  • Slide 13
  • Outline 13 Introduction and Experiments Memory and Usability Four Big Factors Analyzing Security Our Password Management Scheme
  • Slide 14
  • Factor 1: Chunking Memorize: nbccbsabc Memorize: tkqizrlwp 3 Chunks vs. 9 Chunks! Usability Goal: Minimize Number of Chunks in Password Source: The magical number seven, plus or minus two [Miller, 56] 14
  • Slide 15
  • Chunking 15 Source: http://www.xkcd.com/936/ [Munroe]http://www.xkcd.com/936/
  • Slide 16
  • Human Memory is Associative ? 16
  • Slide 17
  • Factor 2: Cue Strength 17 Cue: context when a memory is stored Surrounding Environment Sounds Visual Surroundings Web Site . As time passes we forget some of this context
  • Slide 18
  • Mathematical Model (Cues) 18 i {music, desk, password, amazon,}
  • Slide 19
  • Mathematical Model (Associative Memory) 19 Add the cue-association pair to memory (M) Find the memory associated with the given cue in M
  • Slide 20
  • Retrieval from Partial Cue 20 Original Cue Retrieval Cue Cue Strength
  • Slide 21
  • Retrieval from Partial Cue 21
  • Slide 22
  • Retrieval from Partial Cue 22 Probability of Recall Source: Simple memory: a theory for archicortex [Marr] Partial Cue Fraction
  • Slide 23
  • Factor 3: Interference Cue jblocki, l3tm3in jblocki, unbr3akabl3 jblocki, Tr0ub4dor&3 jblocki, horsebatterystaplecorrect 23
  • Slide 24
  • Interference (Example) 24 Impossible to identify which memory is associated with the cue! If the contexts are only slightly different there will still be significant interference!
  • Slide 25
  • Forgetting 25 What fraction of the original cue is present when the user retrieves the password? Can we ensure that we always have a significant fraction of the original cue? Too many chunks associated with one cue? Interference!
  • Slide 26
  • Factor 4: Rehearsal 26 Strengthens Associations Goal: minimize the number of rehearsals necessary to remember passwords Password may be linked to different contexts (cues)
  • Slide 27
  • Rehearsal 27 It helps if part of the context is consistent across all rehearsals/retrieval
  • Slide 28
  • Usability Desiderata 28 Minimize #chunks per password Ensure that a large part of the original cue is always available at retrieval time Minimize Interference Minimize the required number of rehearsals
  • Slide 29
  • How Do People Pick Passwords? Source: Science of Password Selection (Hunt, 2011)Science of Password Selection 29
  • Slide 30
  • Password Management Competing Goals: SecurityUsability 30
  • Slide 31
  • Competing Goals Usability easy for user to create and remember his passwords Security hard for adversary to learn passwords. After many guesses Even after seeing other passwords SecurityUsability 31
  • Slide 32
  • Outline 32 Introduction and Experiments Memory and Usability Analyzing Security Our Password Management Scheme
  • Slide 33
  • Security (what could go wrong?) OnlineOfflinePhishing Danger Three Types of Attacks 33
  • Slide 34
  • Online Attack 1234 34 Limit Guesses: Three Strike Policy
  • Slide 35
  • Offline Dictionary Attack Source: CERT Incident Note IN-98.03: Password Cracking Activity MD5(UnBr3akabl3) + UnBr3akabl3 35
  • Slide 36
  • Malicious Sites/Phishing Source: CERT Incident Note IN-98.03: Password Cracking Activity PayPaul.com + 36 pwd
  • Slide 37
  • Measuring Security 37 Past Measurements and Their Weaknesses Password Strength Meters Entropy Min Entropy Our Definition of Security
  • Slide 38
  • Password Strength Meters mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm Impossible to know what background knowledge the adversary will have! 38 Source: https://www.microsoft.com/security/pc-security/password-checker.aspxhttps://www.microsoft.com/security/pc-security/password-checker.aspx Our Approach: Measure the security of the password generator instead
  • Slide 39
  • Password Generator (G) 39
  • Slide 40
  • Entropy Source: The mathematical theory of communication (Shannon, 1959) Intuition: 30 bits of entropy => Average # Guesses ~ 2 30 40 # Bits to encode password x Average # Bits to encode password x
  • Slide 41
  • Entropy Example: 41
  • Slide 42
  • Entropy (Strengths) Source: Prediction and entropy of printed English (Shannon, 1951) There are techniques for estimating the entropy of an individual password 42
  • Slide 43
  • Entropy (Weaknesses) Both password generators have same entropy! One guess breaks scheme one half of the time! 43
  • Slide 44
  • Entropy (Weaknesses) mmmm G 1 has high entropy, but is insecure! 44
  • Slide 45
  • Entropy (Weaknesses) High Entropy Does Not Guarantee Safety! OnlineOfflinePhishing 45
  • Slide 46
  • Min-Entropy 46 # Bits to encode most likely password x # Bits to encode password x
  • Slide 47
  • Min Entropy (Strengths) + horsebatterystaplecorrect MD5(pwd) 47
  • Slide 48
  • Min Entropy (Strengths) High Minimum Entropy OnlineOfflinePhishing 48
  • Slide 49
  • Min-Entropy (Weaknesses) Unlike regular entropy, Min- Entropy is hard to estimate 49
  • Slide 50
  • Min-Entropy (Weaknesses) H min (G 1 ) = 2n = H min (G 2 ) Min-Entropy ignores correlations between passwords 50
  • Slide 51
  • Min-Entropy (Weaknesses) PayPaul.com x x x 51
  • Slide 52
  • Our Security Approach 52 Dangerous World Assumption Not enough to defend against existing adversaries Adversary can adapt after learning the users new password management strategy Provide guarantees even when things go wrong Offline attacks should fail with high probability Limit damage of a successful phishing attack
  • Slide 53
  • The Adversarys Game Adversary can compromise at most k sites (phishing). Adversary can execute offline attacks against at most t additional sites Resource Constraints => at most M guesses Adversary wins if he can compromise any new sites. 53 pwd MD5(pwd)
  • Slide 54
  • (k,t,M, )-Security We say that a password management scheme is (k,t,M, )-Secure if for any adversary Adv k = #t = # 54 Offline AttacksPhishing Attacks M = # Guesses
  • Slide 55
  • Example: (1,1,M, )-Security PayPaul.com + M guesses k=1 t=1 55
  • Slide 56
  • Outline 56 Introduction and Experiments Memory and Usability Analyzing Security Our Password Management Scheme
  • Slide 57
  • Review Usability Desiderata 57 Minimize #chunks per password Ensure that a large part of the original cue is always available at retrieval time Minimize Interference What mnemonic techniques do the memory experts use?
  • Slide 58
  • Memory Palace 58 Memory champions like Dominic O'Brien regularly use memory palaces
  • Slide 59
  • Memory Palace Idea: Humans have excellent visual/spatial memory Memorize a list of words Memorize: Mentally walk through your house and store one word in each location Recall: Mentally walk past each location to recover each word Key Point: By associating each word with a familiar location we can always recover part of the original cue Source: Rhetorica ad Herennium [Cicero?] 59
  • Slide 60
  • Memory Palace Interference? Dont reuse the same memory palace very often! Memory Champions have hundreds of memory palaces! Spend