View
215
Download
0
Category
Preview:
Citation preview
Visual AuthenticationMechanisms
Rationale
• “Human memory for images is better than for words”
• Human memory for faces in particular is extremely good.
Graphical Cues - Passfaces
• 1 response, 8 distractors
• 4 panels• High recall rates
after long periods of non-use
Passfaces
• Pros– Good recall rates even after long periods of non-use
(95% after one week, ~90% after up to 3 months)
• Cons– load on end-system and network
– Takes longer than standard password; not suitable for frequent tasks (see Brostoff & Sasse, 2000)
– performance plummets with change more than one set of faces is used
Graphical cues - Déjà vu
• User creates image portfolio, selecting random art images from a set
• System presents challenge set, user picks correct response– n portfolio images from set of m distractors– 1 image from n sets
Déjà vu
• Pros– Registration is faster than photo– Better recall rates (90%) after one week than
password or PINs (65%) but worse than photo
• Cons– 70% of random art images are usable – selection
must be done by hand– Registration & login take longer than than PINs,
passwords, or photographs– Image files must be stored on trusted and secured
server (Kerberos)
Graphical passwords – v-go
User clicks on a selected number of objects in particular order
Single sign-on
• Central service for authentication and changing passwords
• Server- or client-based• Password-based, graphics-based
– e.g. Passlogix v-go SSO• www.passlogix.com
• Biometric-based– e.g. Siemens ID mouse plus ID Centre
• http://www.siemensidmouse.com/
Single sign-on
• Pros– Reduces number of user_ids and passwords– Can incorporate policies (e.g. password content and
change regimes)
• Cons– High cost of retro-fitting– Needs to be very well set up and administred to work
(users will have no idea about “downstream passwords)
– Server-based provides point of failure/vulnerability
Compound Weak Clues
• Pros– Can use memorable clues
– Can be configured to tolerate some misses
• Cons– Takes longer than standard login
– Users often still unsure of “correct” answer e.g.• “Fake” answers to protect themselves
• Different ways of referring to first school
– Clues are not a secret
Example: Compound Clues in Telephone Banking
Q: Letter 2 and 4 of your password?
A: i, and i
Q: First and last digit of your PIN?
A: 6 and 9
Q: What is your mother’s maiden name?
A: Kummerbund
Q: First school you visited?
A: Ampleforth
Passfaces
• Use homogeneous image sets (same gender, same ethnicity)
• With multiple passwords, different image sets can be used
Compound Weak Clues, v. 2
Q: Your password?
A: indiana
Q: Your PIN?
A: 6789
Q: What is your mother’s maiden name?
A: Kummerbund
Q: First school you visited?
A: Ampleforth
Compound weak clues
• Are clues a secret?
• If not, users may attempt to “fix” this by generating “fake” answers, then have trouble recalling that/how they faked it.
Changes to policies
• Increase number of login attempts– Many users succeed on 4th, 5th, 6th attempt
(see Brostoff & Sasse, 2003)
• Allow usage of same password on several systems
• Decrease frequency of password changes
Personal Entropy (2)
• Reminder: Draw on strong personal memories that are well-established in long-term memory (childhood).
“Choosing good questions is difficult but probably the most important part of the system.”
C. Ellison, C. Hall, R. Milbert & B. Schneier: Protecting secret keys with personal entropy.
Example questions
Q: First song I danced to with an unrelated member of the opposite sex?
Q: First car I wish I could have owned?
Q: First car I drove?
Q: Where was I during my first romantic kiss?
Example questions
1) Response to the sentence “I really like the clever way you ________”
2) (first) (last) (past) (prep) on the timetable
3) (past) (first) (last) in the swimming pool
Custom questions
“It takes considerable time to get into the right frame of mind. However, once in that frame of mind, it is possible to generate prompts at the rate of about 1 per minute.”
C. Ellison, C. Hall, R. Milbert & B. Schneier: Protecting secret keys with personal entropy.
Mnemonic techniques (1)
• Make up sentence to memorise password or PIN– Personal entropy– funny, outrageous content helps to memorise
(and prevents disclosure)– Tie word to name of system or application
(especially for owners of multiple passwords)– Repeat often during day of construction
Examples
• Make up sentence on randomly generated phrase
m,1aNibs0n
• Make up your own phrase
wm”&itMoG
• Abbreviate and contract several words and use SALT
Mnemonic techniques (2)
• Play to users’ memory strength– Visual (images)
n5us3Ff– Perceptual-motor (keyboard)
Ydceid[z– Rhymes, songs, poems
W1’m64
Mnemonic techniques (3)
• Use context as cue or mnemonic– Physical environment– Workspace– People
v-go graphical passwords
Personal Entropy
• Encrypting a password or passphrase using answers to several personal questions.
• Users can forget answers to a subset of questions and still recover the personal key.– Split long passphrase into several short ones that are
independent of each other; effort of guessing equivalent to brute force attack.
– Each encrypt each question separately, use personal hints to recover.
Pro-active password checking• Purpose: prevent weak passwords• Regular checks on password file (sysadmin
mimicks hacker)• Immediate feedback at registration stage is
better• Feedback should be polite and constructive• Complex policies on password content +
unhelpful password checker = very frustrated user
Exercise
Design a visual authentication system.
Recommended