Breaking Undercover: Exploiting Design Flaws and
-
Upload
eunice-edwards -
Category
Documents
-
view
222 -
download
0
description
Transcript of Breaking Undercover: Exploiting Design Flaws and
Breaking Undercover: Exploiting Design Flaws and
Nonuniform Human Behavior Toni Perkovi1 joint work with Asma
Mumtaz2, Yousra Javed2, Shujun Li3, Syed Ali Khayam2 and Mario
agalj1 1FESB, University of Split, Croatia 2 National University of
Science and Technology, Pakistan 3 Zukunftskolleg, University of
Konstanz, Germany 21/07/2011 Outline Introduction How does
Undercover work?
Implementation CHI2008 Implementation Pervasive2009 Breaking
Undercover Timing attack Intersection attack Can Undercover be
enhanced? Attempt #1 Attempt #2 Generalizing timing attacks Summary
Introduction Classical PIN-entry methods (via keyboards, keypads
and alike) are all vulnerable to observation attacks Thinkst.com
July 2011 [Kuhn2004] Shoulder surfing attacks Phishing attacks
Malware based attacks Introduction Solution: A challenge-response
protocol
User (P) and Verifier (V)share secret S V P: challenges C1(S), ,
Ct(S) P V: responses R1=f1(C1,S), , Rt=ft(Ct,S) V: Accept P if all
responses are correct Goal: design a mapping f such that the
attacker cannot recover S C and R are fully observable to the
attacker C and R are completelly or partially unobservable to the
attacker Fully observable Partially observable [Sobrado02]
[Sasamoto08] It is difficult to design a secure HCI - Devil is in
details
Introduction Designing a usable cognitive PIN-entry method secure
againsteavesdroppers is truly challenging: Matsumoto-Imai scheme
(EuroCrypt91) NOT secure (Wang et al., EuroCrypt95) Matsumoto
protocols (CCS96) NOT secure (Hopper & Blum 2001; Li & Shum
2003) Hopper-Blum protocols (AsiaCrypt2001) NOT usable (166 seconds
for login) Cognitive Authentication Scheme (S&P2006) Neither
usable nor secure (S&P2007) Predicate-based Authentication
Scheme (ACSAC2008) Neither secure nor usable (ACSAC2009) Undercover
(CHI2008) Is Undercover secure? Challenge 1: Security vs. Usability
Challenge 2: Weak humans vs. Powerful attackers It is difficult to
design a secure HCI - Devil is in details Undercover:
Implementation 1
Hirokazu Sasamoto, Nicolas Christin and Eiji Hayashi,
Undercover:Authentication Usable in Front of Prying Eyes, CHI2008
One login session: 28 pictures: 5 pass-pictures and 23 non-pass 7
public challenges: 5 challenges with one pass-picture 2 challenges
without pass-picture Each public challenge contains: One hidden
challenge trackball covered by hand Undercover system Undercover:
Implementation 1
Example: 4 Public challenge Hidden challenge: Left 2 Response: 2
Average login time: 32 sec Undercover: Implementation 2
M. Hasegawa, N. Christin and E. Hayashi, New Directions in
Multisensory Authentication, Pervasive2009 Average login time: 10
sec. vs 32 sec. with Undercover Other solutions: VibraPass [De
Luca09] Secure Haptic Key (SHK) [Binachi10] STL, Mod10 [Perkovic10]
PIN digit is 2, hidden digit is 6 Undercover How safe is Undercover
against timing/intersection attacks?
How safe is Alternative Undercover against intersection attacks?
These problems are due to: Design flaws Nonuniform human behavior
They can be fixed The problems are general and not prone to
Undercover only Undercover Alternative Undercover Undercover: Our
Implementation
Software-based implementation PassFaces Hidden channel Breaking
Undercover A cooperative usability study at two universities:
FESB, University of Split in Croatia National University of Science
and Technology (NUST) in Pakistan 28 users (students and staff
members) Users were asked to login once a day Overall success login
rate 84% Median login rate: 26.5 Median login time: 30.1 sec 18
used the keyboard, 10 used the mouse as input device Compared to
original Undercover, the median login time is slightly shorter (32
sec. vs 30.1 sec.) Timing Attack on Undercover
A design flaw Non-uniform human behavior The human response
pattern: The difference between the users responses to Up hidden
challenges and to other hidden challenges is significant at 5%
level. Assume that the fastest response corresponds to Up challenge
Timing Attack on Undercover
Attack procedure: Step 1: Create 28 counters, C1,,C28, for the 28
pictures, and initialize all of them to be 0. Step 2: For each
observed login session, take the fastest response and assume that
it corresponds to an Up challenge. Then, if the corresponding
public challenge contains a pass-picture i, Ci++. Step 3: Rank all
the pictures according to the values of the 28 counters, and take
the top five pictures as the five pass-pictures forming the
password. Some settings and enhancements: 1) negative penalty; 2)
multiple fastest responses; 3) successful logins only. ... ...
Conuter C1 C2 C3 Ci-1 Ci Ci+1 C28 Session0 Session1 1 Session2 1 1
Session3 1 1 1 ... ... ... SessionN 15 4 10 2 6 9 15 Timing Attack
on Undercover
Theoretical analysis: pt5 probabilty of revealed password p*t5 -
probability where the passpicture is in the top 5 ranked Real
performance best results: First fastest response, no negative
penalty, successful logins First fastest response, negative
penalty, successful logins The real performance is similar to the
one in the theoretical analysis. Are public challenges fixed or
randomized?
Intersection Attack on Undercover Each pass-picture and decoy
picture is shown once and only once in a single authentication
process. Are public challenges fixed or randomized? Attack
(randomized public challenges): Step 1: Set P to be the space of
all possible passwords Step 2: For each observed public challenge,
reduce the space of candidate passwords P by checking each password
in P andremoving invalid ones Step 3: Repeat Step 2 until the size
of P becomes 1 Example: observed ith public challenge Reduced
candidate passwords ... ... ... ... ... ... Intersection Attack on
Undercover
Results of the attack MATLAB simulations with 15 randomly generated
login sessions: On average 7-10 observed login sessions reveal the
password Real login data collected in our user studies: On average
number 8-11 login sessions reveal the password Solution: use fixed
public challenges Additionally we asked the authors of Undercover
they used fixed challenges The devil is in details Intersection
Attack on Alternative Undercover
Example: PIN digit is 2, hidden digit is 6 The user pushes Button
Left () and Button Down () The set of passwords is reduced from 10
to 4 (1, 2, 3 and 4) Theoretical analysis: PIN 0459 is revealed
after 9 login sessions MATLAB simulations: PINs 1236 and 0459 are
revealed after median number of 11 and 9 logins sessions,
respecivelly. PIN digit Combinations of button press patterns
Occurrence probability in n responses + 4 + 5 + 9 + 1 + + 3 + + 6 +
+ 8 + + 2 + + 7 + + Theoretical analisys of Intersection attack
Enhancing Undercover: Attempt #1
Change the button maps to make them equally difficult Results of
the evaluation: It failed! Reason: Up button map is closest to the
public challenge Before Enhancement Enhancing Undercover: Attempt
#2
Equal visual distance from each button map to the public challenge
The hidden challenges are changed to 1, , 5 Procedure: Step1: Find
the hidden response in the button layout near to the pass-picture
or the no pass-picture Step2: Press the button at the same location
as the hidden response Example: Hidden challenge: 2 Response: 3
Enhancing Undercover: Attempt #2
Enhanced security: The response times to different hidden
challenges are not significantly different. None of passwords was
fully revealed; the maximum number of revealed pass-pictures is
below 50% Enhanced usability: The average login time 19 sec vs 30.1
sec. with Undercover The error rate: 6% All users prefered to use
this method over Undercover! Generalizing Timing Attacks
Human behavior can be nonuniform and nonlinear in many aspects:
Response time Response error rate Mental computation Temporal
variation Personal preference Facial expression and hand/body
movement User interface should be designed in a way that users have
NO distinguishable nonuniform behavior. Undercover - [Sasamoto2008]
[Hopper01] Mod10 [Perkovic10] CCS poster [Kune2010] (0+7)mod 10 vs.
(6+7) mod 10 (6+9)mod 10=5 vs. 6-1=5 Summary We presented two
attacks on Undercover
Security weaknes in Undercover is due to some design flaws
andnonuniform human behavior User behavior reveals sensitive
information We proposed enhancements a more secure and usable
design In future designers of security systems should pay attention
to thehuman-computer interfaces Future work: Generalization of
timing attacks to other Undercover-like designsand other graphical
passwords Development of new Undercover-like designs with lower
login time and error rate Timing Attacks on cognitive
authentication schemes have to be seriously considered! Thank you
for your attention! Questions?