Optimizing Password Composition Policies
description
Transcript of Optimizing Password Composition Policies
![Page 1: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/1.jpg)
Optimizing Password Composition Policies
Jeremiah BlockiSaranga Komanduri
Ariel ProcacciaOr Sheffet
To appear at EC 2013
![Page 2: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/2.jpg)
2
![Page 3: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/3.jpg)
3
Password Composition Policy
password
Password Composition Policy
![Page 4: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/4.jpg)
4
How Do Users Respond?
Password1
![Page 5: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/5.jpg)
6
Predictable Responses
1. password2. 1234563. 123456784. abc1235. qwerty6. monkey7. letmein8. dragon9. 111111….25. password1
![Page 6: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/6.jpg)
7
Previous Work
• Initial password composition policies designed without empirical data [BDP, 2006].
• User’s respond to password composition policies in predictable ways [KSKMBCCE, 2011]
• Trivial password choices vary widely across contexts [BX, 2012].
• No theoretical models of password composition policies.
![Page 7: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/7.jpg)
8
Our Contributions
We initiate an algorithmic study of password composition policies.
Theoretical Model
Security Goal
Policy Structure
User Model
![Page 8: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/8.jpg)
9
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments
![Page 9: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/9.jpg)
10
Rankings ModelUser 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Each User: Passwords P ordered by preference.n = 7 (number of users).
![Page 10: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/10.jpg)
11
Rankings Model: Example 1User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Allowed Passwords All Passwords
𝑨=𝑷− { 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 ′ }
![Page 11: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/11.jpg)
12
Rankings Model: Example 1
Pr[111111 | A] = 3/7Pr[letmein | A] = 2/7Pr[123456 | A]=Pr[12345 | A]=1/7
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
![Page 12: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/12.jpg)
13
Rankings Model: Example 2User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
)}(|{ wNoNumberswPAAllowed Passwords All Passwords
![Page 13: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/13.jpg)
14
Warm-up
Fact: Let A’ A then for any w A’ Pr[w|A] ≤ Pr[w|A’]
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Initially one person uses letmein as their password.
letmein
![Page 14: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/14.jpg)
15
Warm-up
Fact: Let A’ A then for any w A’ Pr[w|A] ≤ Pr[w|A’]
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Every user who used letmein before is still using the same password.
![Page 15: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/15.jpg)
16
Outline
• User Model• Policy Structure– Positive Rules – Negative Rules – Singleton Rules
• Goal• Algorithms and Reductions• Experiments
![Page 16: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/16.jpg)
17
Positive Rules
Rules R1,…,Rm P
R1 = {w | Length(w) 14}.
Active Rules: S {1,…,m}.
.
![Page 17: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/17.jpg)
18
Positive Rules - Example
Rules R1,…,Rm P
R1 = {w | Length(w) 14}.
Active Rules: S {1,…,m}.
A{1}= {w | Length(w) 14}.
![Page 18: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/18.jpg)
19
Negative Rules
Rules R1,…,Rm P
R1 = {w | Length(w) < 8}.
Active Rules: S {1,…,m}.
![Page 19: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/19.jpg)
20
Negative Rules - Example
Rules R1,…,Rm P
R1 = {w | Length(w) < 8}.
Active Rules: S {1,…,m}.
A{1}= P - {w | Length(w) < 8}.
![Page 20: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/20.jpg)
21
Singleton Rules
Rule Rw= {w} for each w P.
Can allow/ban any individual password.
Special Case of Positive Rules/Negative Rules.
![Page 21: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/21.jpg)
22
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments
![Page 22: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/22.jpg)
23
Online Attack
password
Guess Limit: k-strikes policy
12345
12345
p(k, A) – probability of a successful untargeted attack given A.
![Page 23: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/23.jpg)
25
p(k,A) - Example
p(1,A) = Pr[111111] = 3/7p(2,A) = p(1,A) + Pr[letmein] = 5/7p(3,A) = p(2,A) + Pr[123456]= 6/7
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
![Page 24: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/24.jpg)
26
Goal: Optimize p(k,A)
Goal: Find a password composition policy S {1,…,m} which minimizes p(k,AS) for some k.
p(k, A) – Fraction of accounts an adversary can crack with k guesses per account given policy A.
p(1, A): minimum entropy of the password distribution resulting from policy A.
![Page 25: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/25.jpg)
28
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments
![Page 26: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/26.jpg)
29
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
n1/3-approx is NP-Hard
Parameters: n, m, |P|
![Page 27: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/27.jpg)
30
Negative Rules are Hard!
Theorem: Unless P = NP no polynomial time algorithm can even approximate p(1,AS) to a factor of n1/3- in the negative rules setting.
![Page 28: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/28.jpg)
31
Reduction
Maximum Independent Set: g vertices e edges
Theorem [Hastad 1996]: NP-Hard to distinguish the following two cases (1) any independent set has size at most K = g or (2) the maximum independent set has size g1-.
![Page 29: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/29.jpg)
32
Reduction (Preference Lists)Preference Lists: Type 1
W1 … W1
W2 … W2
… … …WK … WK
B1 … Bg
… … …
Observation: Unless we ban W1,…,WK we have p(1,AS) ≥ g/n
![Page 30: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/30.jpg)
33
Reduction (Preference Lists)
Preference Lists: Type 2 (for each edge e = {u,v})(u,v,1) … (u,v,g)(v,u,1) … (v,u,g)
X … X… … …
Observation: If for any edge e = {u,v} we ban (u,v,1),…,(u,v,g) and (v,u,1),…,(v,u,g) then p(1,AS) ≥ g/n.
![Page 31: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/31.jpg)
34
Reduction (Preference Lists)
Preference Lists: Type 3 (for each vertex v, i j [K])(v,i,j,1) … (v,i,j,g)(v,j,i,1) … (v,j,i,g)
X … X… … …
Observation: If we ban (v,i,j,1),…,(v,i,j,g) and (v,j,i,1),…,(v,j,i,g) then p(1,AS) ≥ g/n.
![Page 32: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/32.jpg)
35
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4Preference Lists: Type 1
W1 … W1
W2 … W2
… … …
WK … WK
B1 … Bg
… … …
s
t
![Page 33: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/33.jpg)
36
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4 Preference Lists: Type 2 (edge e = {u,x})
(u,x,1) … (u,x,g)
(x,u,1) … (x,u,g)
X … X
… … …
s
t
p(1,AS) ≥ g/n
![Page 34: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/34.jpg)
37
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4 Preference Lists: Type 2 (edge e = {u,s})
(u,s,1) … (u,s,g)
(s,u,1) … (s,u,g)
X … X
… … …
s
t
![Page 35: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/35.jpg)
38
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4 Preference Lists: Type 2 (edge e = {s,t})
(s,t,1) … (s,t,g)
(t,s,1) … (t,s,g)
X … X
… … …
s
t
![Page 36: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/36.jpg)
39
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=5Preference Lists: Type 1
W1 … W1
W2 … W2
… … …
WK … WK
B1 … Bg
… … …
s
t
p(1,AS) ≥ g/n
![Page 37: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/37.jpg)
40
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=5Preference Lists: Type 1
W1 … W1
W2 … W2
… … …
WK … WK
B1 … Bg
… … …
s
t
Rv,5
![Page 38: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/38.jpg)
41
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=5
s
t
Rv,5
Preference Lists: Type 3 (for each vertex u, i j [K])
(v,2,5,1) … (v,2,5,g)
(v,5,2,1) … (v,5,2,g)
X … X
… … …
p(1,AS) ≥ g/n
![Page 39: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/39.jpg)
42
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=4
s
tPreference Lists: Type 3 (w, i=4, j=2)
(w,4,2,1) … (w,4,2,g)
(w,2,4,1) … (w,2,4,g)
X … X
… … …
![Page 40: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/40.jpg)
44
ReductionIndependent Set of Size K? maxS [m] p(1,AS)Yes 1/n
No g/n where n = O(g3)
![Page 41: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/41.jpg)
45
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
P
Parameters: n, m, |P|
![Page 42: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/42.jpg)
46
Key Difference: Positive vs. Negative
Let S w = {i | w Ri} (all rules Ri that contain w).
Negative Rules: Ban w - activate any rule in Sw.
Positive Rules: Ban w - deactivate all rules in Sw.
![Page 43: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/43.jpg)
47
Positive Rules
Fact: Let S* {1,…m} denote the optimal solution, and let S S* then either
(1) p(1,AS) = p(1,AS*), or (S is optimal) (2) S-Sw S*, where Pr[w|AS] = p(1,AS).
All rules Ri that contain the most popular word in AS.
![Page 44: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/44.jpg)
48
Positive Rules
Fact: Let S* {1,…m} denote the optimal solution, and let S S* then either
(1) p(1,AS) = p(1,AS*), or (S is optimal) (2) S-Sw S*, where Pr[w|AS] = p(1,AS).
Proof: Suppose for contradiction that w AS*, and observe that .
Therefore, . Contradiction!S*S AA
Si
iSi
i RR*
S*S*S AA|wA |PrPr,1 wp
![Page 45: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/45.jpg)
49
Positive Rules Algorithm
Iterative Elimination: Initialize: S0 = {1,…,m} Repeat: (Ban w - current most popular password)
Si+1 = Si – Sw
Claim: One of the Si’s must be the optimal solution!
![Page 46: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/46.jpg)
50
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
Question: What if we don’t have access to the full preference lists of each user? What if we don’t want to run in time n?
Parameters: n, m
![Page 47: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/47.jpg)
51
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
Sampling Algorithm: ε-approximation with probability 1-δ
Parameters: m, 1/ε, 1/δ
![Page 48: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/48.jpg)
52
Sampling Algorithm
Theorem: There is an efficient algorithm that makes O(m log (m/𝛿)/𝜀2) queries and with probability at least 𝛿 outputs positive rules S ⊆ [m] s.t
p(1,AS) ≤ p(1,AS*)+𝜀.
Sample: q(A) returns w with probability P[w|A].
Idea: Run iterative elimination. In each round use sampling to estimate the probability of the most popular word.
![Page 49: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/49.jpg)
53
Sampling Lemma
Lemma: Let s=100 log (m/)/2 denote the number of samples in each round, and let BADi denote the event that in iteration i, there exists a password w s.t.
(e.g., our probability estimate off by /2). ThenPr[i.BADi]≤
2
|Pr
ssw w
iSA# times w sampled
![Page 50: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/50.jpg)
54
Sampling Lemma
Partition P into buckets.
2
Pr
iSAw
4Pr
2
iS
Aw
… …
12Pr
2 iSi iAw
B0 B1 Biw
Contains at mot 2i+1/ such passwords.
![Page 51: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/51.jpg)
55
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
2122PrPr
iw
Sms
sAwi
Chernoff Bounds:
Contains at most 2i+1/ such passwords.
w
![Page 52: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/52.jpg)
56
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
Contains at most 2i+1/ passwords.
Union Bound: 1
1
21 22
22Pr.Pr
i
i
iw
Si mmssAwBw
i
![Page 53: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/53.jpg)
57
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
mm
BADi
ii
012
PrUnion Bound (buckets):
![Page 54: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/54.jpg)
58
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
mmBADi i.PrUnion Bound (rounds):
![Page 55: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/55.jpg)
64
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments– RockYou Dataset– Rules– Results
![Page 56: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/56.jpg)
65
RockYou Dataset
• RockYou password leak: 32 million plaintext passwords.
• No Preference Lists: Insufficient for our sampling algorithm.
• We test our algorithm under an additional assumption…
![Page 57: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/57.jpg)
66
0.51
Normalized Probabilities
RockYou: initial distribution over P.
0.5
letmein (0.1)
PA
1letmein (0.2)
A
![Page 58: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/58.jpg)
67
Normalized ProbabilitiesRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
Normalized Probabilities Model
Constant k Large k
Singleton Rules P P
Positive Rules P NP-Hard
Negative Rules NP-Hard NP-Hard
![Page 59: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/59.jpg)
71
![Page 60: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/60.jpg)
72
Base Line Results
![Page 61: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/61.jpg)
73
Results
![Page 62: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/62.jpg)
74
Discussion
• Optimal solution was better under negative rules.
• However, sampled solutions were much better with positive rules.
• Interesting Directions:– Additional Rules?– Is the Normalized Probabilities Model reasonable?– General experiment in preference list model?
![Page 63: Optimizing Password Composition Policies](https://reader036.fdocuments.net/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/63.jpg)
75
Open Questions
• Efficient approximation algorithm in negative rules setting with normalized probabilities assumption?
• Adversary with limited background knowledge about the user (e.g., age, gender, birthday).