Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Who is the adversary?The difference between shoulder surfers at
ATMs and smartphones
Oliver Wiese
Joint work with Volker Roth • Freie Universitat Berlin •[email protected]
THE ORIGINS OFSHOULDER SURFING
• One observation of one random person• Opportunistic observer (OO)
10 years of studying shoulder surfing resistance
Basic experimental setup:
• Cast participants into the roles of users and adversaries• Simulate a small number of authentication sessions• Ask adversaries for the PIN• Count successes
Roth et al., De Luca et al., von Zezschwitz et al., Kim et al. and others. . .
AUTHENTICATION INCRYPTOGRAPHY
Formal setup:
• Rigorous and precise definitions• Precisely state unproven assumptions• Rigorous proof of security
Hopper and Blum, Lamport, Yan et al., Katz and Lindell, . . .
COMPARSION OFMODELS
Method HCI-SEC CryptoType empirical formal
Adversary human algorithmObservations single multiple
Mechanism HCI-SEC CryptoSecurity low highUsability fair bad
SMARTPHONES ANDINSIDERS
Muslukhov et al.
Capabilities and limitations:1. Undetectable access2. Human partial observations3. Multiple observations
PARTIAL OBSERVATIONS
User’s PIN: 3548
1.
1 2 34 5 67 8 9
0
Secure in the OO model (two missing)Pr[success] = 1/100
2.
1 2 34 5 67 8 9
0
Limited security in insider model (5 is duplicate)Pr[success] = 1/10
3.
1 2 34 5 67 8 9
0
Insecure in insider model (all digits known)Pr[success] = 1
User’s PIN: 3548
1.
1 2 34 5 67 8 9
0
Secure in the OO model (two missing)Pr[success] = 1/100
2.
1 2 34 5 67 8 9
0
Limited security in insider model (5 is duplicate)Pr[success] = 1/10
3.
1 2 34 5 67 8 9
0
Insecure in insider model (all digits known)Pr[success] = 1
User’s PIN: 3548
1.
1 2 34 5 67 8 9
0
Secure in the OO model (two missing)Pr[success] = 1/100
2.
1 2 34 5 67 8 9
0
Limited security in insider model (5 is duplicate)Pr[success] = 1/10
3.
1 2 34 5 67 8 9
0
Insecure in insider model (all digits known)Pr[success] = 1
User’s PIN: 3548
1.
1 2 34 5 67 8 9
0
Secure in the OO model (two missing)Pr[success] = 1/100
2.
1 2 34 5 67 8 9
0
Limited security in insider model (5 is duplicate)Pr[success] = 1/10
3.
1 2 34 5 67 8 9
0
Insecure in insider model (all digits known)Pr[success] = 1
HOW CAN WE STUDYSECURITY?
• Enumerate and rank partial observations• Determine feasible observations
⇒ empirical study
• Simulate adversary based on observations⇒ analysis of algorithm
Wiese and Roth
Method HCI-SEC Crypto InsidersType empirical formal both
Adversary human algorithm bothObservations single multiple multiple
Mechanism HCI-SEC Crypto InsidersSecurity low high realisticUsability fair bad ?
(IN-)SECURITYPRINCIPLES
FIXED GRID
• Observe only input• PIN digits independent⇒ single attacks⇒
small space (4 · 10 instead of 104)
CHALLENGE ANDRESPONSE
• Observe challenge and response⇒ partial observations!
⇒ Choose and verify attack
Example: SwiPIN (2015) insecure after 6observations
AMBIGUOUSOBSERVATIONS
• We can only reject and not accept an item⇒ Repeat observations to exclude items
⇒ Choose and reject attack
Example: PressureFACE (2010), CognitiveTrapdoor (2004) ≥ 20 obs.
• Only feedback without choosing item• Count frequency for possible items• Select item with highest frequency
⇒ Frequency attackExample: PressureFACE (2010), Cognitive
Trapdoor (2004) ≥ 100 obs.
• Hidden channels: GlassUnlock (2015)• False response: Hopper & Blum (2001)
⇒ Increase security
WRAPPING UP
• More usable but less secure• Partial observations are powerful
• Formal security analysis in design process
QUESTIONS?