HUMAN DISTINGUISHABLE VISUAL KEY FINGERPRINTS

USENIX Security '20

Mozhgan Azimpourkivi1, Umut Topkara1, and Bogdan Carbunar2

1 Bloomberg LP2 Florida International University

August 2020

Key Fingerprints (KF)2

q Compact version of a crypto keyq Used for authentication

q Easier to compare by humans against reference value

Key Fingerprint Authentication3

TrustedReference

CryptoKey

IPAddress

BitcoinAddress

Human Verifier

DeviceID

File

Key Fingerprint

Key Fingerprint Generator (KFG)

4

MitMAdversary

Generate and inject string whose key representation is human-indistinguishable from expected value

CryptoKey

IPAddress

BitcoinAddress

Human Verifier

DeviceID

File

Key Fingerprint Generator (KFG)

bc1qar0srrr7xfkvy5l643lybsw9re59gtmzzw5mdq

Corrupted Fingerprint

bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq

Trusted Reference

bc1qar0srrr7xfkvy5l643lybsw9re59gtmzzw5mdq

bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq

Adversary Model

Applications5

1. Remote authentication (SSH, OpenPGP/GnuPG)q Encode pub key hash into human readable format

2. End-to-End Encrypted (E2EE) messaging applicationsq WhatsApp, Viber, Facebook messenger

3. Device pairingq Bluetooth Secure Simple Pairing using ECDH

4. Prevent phishing & Bitcoin clipboard hijacking attacks

5. File checksums

Example Key Fingerprints (KF)6

OpenSSHVisual Host Key

Vash Unicorn

Textual representation Visual representation

Alphanumeric Pronounceable words

Sentences

learning equal education bent collar religion new shelf angle table train sad keep meal

The basket ends your right cat on his linen. Her range repeats her nerve.

3A70 F9A0 4ECD B5D7 8A89 D32C EDA0 A352 66E2 C53D

Tan, Joshua, et al. "Can unicorns help users compare crypto key fingerprints?." Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017.

Vash: Visual KFG (VKFG)7

q Tan et al., CHI’17:

q Visual representations verified faster and easier than text-based

q Generate images using

q Set of rules

q Hand curated functions

q Human visual system limitations

q Human error rate > 10%

8

CEAL: DNN for KFG

Generate realistic images to improve usability

Input Vector

FingerprintImage

GAN-basedImage

GeneratorInputString

Key

Fing

erpr

int

Gene

ratio

n

…

Input Mapper

9

Visual Key Fingerprint Generator

Internal Representations

Key Fingerprint Visual Key FingerprintGenerator

-1

…

+1

…Another Key Fingerprint

Hum

anDi

stin

guish

able

Sing

le-v

alue

ch

ange

CEAL (CrEdential Assurance Label)10

q Fingerprints should be realistic and human-distinguishableq Remove humans from evaluation process

FingerprintImage

GeneratorInputString

Input Mapper

Training Process

…

Input Vector

CL-GAN11

Same vs. Different

RealismDiscriminator

Real vs. Fake

GeneratorNetwork

(Gceal)

Pre-trained Human

PerceptionDiscriminator

(HPD)

+FeedbackReal Images

Vector Representations(Slightly Different)

-1 …

+1 …

Human Perception Discriminator (HPD)12

50,176

Contrastive loss

Same (0)Different (1)

2

Cross entropy loss ("#$)

1024 102450

50

Eucli

dean

Dist

ance

O1

O2

&1

&2

Inception.v1up to Mixed_5c

Inception.v1up to Mixed_5c

HPD Evaluation13

q Training: > 26,000 image pairsq 558 labeled by Mechanical Turk (MTurk) workers

q Each image labeled by up to 100 workersq 26,244 synthetically generated images

q 84% Precision, 82% F1-scoreq Holdout subset of 112 image pairs

Major vs. Minor Components14

…Input

Vector

…

… Majorcomponents

Minorcomponents

q Some components are equivalent of othersq We can train some components to be major

CL-GAN generator15

CEAL Generator Network

λ=512

256

256 …

…

Majorcomponents

Minorcomponents

44

8

8

16

16

1024

32

32

512

256

128

64

64

16

Train Majors for Distinguishability

GeneratorNetwork(Gceal)

HumanDistinguishable

……Major Minor

-1

+1 ……Major Minor

Input Vectors Key Fingerprints

Train Minors17

GeneratorNetwork(Gceal)

HumanIndistinguishable

……Major Minor

-1

…… +1

Major Minor

Input Vectors Key Fingerprints

18

Train Majors for Diversity

GeneratorNetwork(Gceal)

HumanDistinguishable

……Major Minor

+1

+1 ……Minor

Input Vectors Key Fingerprints

(G, d)-adversary [Dechand et al. Usenix ‘16]

19

q Generate target keys (G bits)

q Generate attack keys different in d bits from target

q Generate corresponding visual key fingerprints

q Use a HPD to filter similar fingerprints to target

1 0 0 0 1 1…

Target Key

Attack Key

Different in d positions

1 1 0 0 0 1…

G bit keys

19

CEAL Under (G, d)-attack20

Attack Dataset

DatasetSize

# Attacks Identified by HPD-Attacker

Human Verified Attacks

(123,1)-adversary

123M 121 2 (1.7%)

(123,d)-adversary

123M 1,473 23 (1.6%)

Evaluate potential attack images using 374 MTurk workers

(G, d) Attack Examples21

Targets

Attacks

Humans labeled as different Humans labeled as same

CEAL vs. Vash22

q Generate 10,000 random Vash and CEAL imagesq Compare all key fingerprint pairs using HPD

q Approx. 50 million image pair comparisons

VKFG Attack Dataset Size

# Attacks Identified by HPD

Human Verified Attacks

CEAL ~50M 1 0 (0%)

Vash ~50M 150 24 (16%)

Attack datasets of 10,000 random images

Conclusions23

q CEAL: Visual key fingerprint generation solutionq Human-distinguishable fingerprintsq Resilient to powerful adversaries

q CEAL improves on state-of-the-art Vashq Resilient to attackq Fast to compare: 2.73s for CEAL vs. 3.03s for Vash

q Incentive to adversaries to improve HPDq Applications to CAPTCHA

Backup Slides

Input Mapper25

BCH(!=255, "=123, dmin =19) for CL-GAN

dmin = min Hamming distance between codewords

PRNG

ECC

Input Mapper

Input Binary String

Major Components

Minor Components

# = 123 bits

M = 255 codeword bits +

1 padding bit

Attack Success Relation to d26

The break ratio of 1 million target CEAL images for each value ofd, the Hamming distance between the attack and the targetbinary fingerprints, according to (left) HPD_model_1 and (right)HPD_attacker.

Datasets for Training HPD27

Dataset Name # Image Pairs LabelsLabeled Synthetic Image Pairs 558 Mixed

Unrealistic DCGAN Image Pairs 11,072 Same

Minor Change Image Pairs Dataset 7,040 Same

Blob Image Pairs Dataset 2,108 Different

10%-different Image Pairs Dataset 1,024 Different

Enhanced Synthetic Image Pairs Dataset 5000 Different

Total 26,802 Mixed

Ground Truth Human Perception and Synthetic Image Pair Datasets we used to train HPD

HPD Performance on Vash Images28

Model F1 FPR FNR Recall Precision

HPD_model_1 0.76 0.21 0.14 0.86 0.69

Performance of HPD over 120 labeled Vash images

CEAL vs. Vash: Time to Verify29

Vash: 3.03s (SD=5.42s) avg over 150 attacksCEAL: 2.73s (SD=2.33s) avg over 48 attacks