Interactive Password Schemes - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Interactive Password Schemes

Description:

A paradigm instead of a string. Paradigm Definition 2 components: Generate Prompt ... New password paradigm. Greater security for roaming users ... – PowerPoint PPT presentation

Number of Views:220
Avg rating:3.0/5.0
Slides: 11
Provided by: Arwa
Category:

less

Transcript and Presenter's Notes

Title: Interactive Password Schemes


1
Interactive Password Schemes
  • Work in Progress
  • by Arwa Maiss
  • Joint work with Gene Itkis
  • ACeS Lab
  • www.cs.bu.edu/groups/aces

2
Introduction
  • Usual password weakness
  • Eavesdropping impersonation
  • monitoring keystrokes
  • high-jacking a session
  • server impersonation
  • man-in-the-middle
  • shoulder-surfing
  • etc.

3
No one thought about that?
  • Available protection techniques
  • Use long secret (and/or public) keys
  • Storage (too long to remember)
  • Portability
  • Computation (untrusted) host computer must
    handle the keys to encrypt/decrypt/sign
  • No protection against lunch-time attacks
  • if an attacker is using the same hardware and
    software of the user, she can impersonate the user

4
Our Project Idea
  • Goal
  • Prevent impersonation even after a full session
    (or a few) are completely monitored by an
    attacker
  • How
  • Different input from the same user in each
    session
  • Responses are easy enough to be computed by the
    user in her head (using some system prompts)
  • All this done through a browser

5
New Password A paradigm instead of a string
  • Paradigm Definition 2 components
  • Generate Prompt
  • Side benefit (weak) server authentication
  • Evaluate Users Response
  • Goal - user authentication

6
Setup Screen
  • User designs his/her own login screen by
  • Specifying a combination of password methods
  • Specifying random (obfuscation) data positions in
    the prompt/challenge and in the response
  • Generating prompt/challenge information
  • Textual
  • Visual
  • Temporal
  • Hybrid
  • Choosing a margin of error (for user response)

7
New type of login session
  • Simple version
  • A random question is posted
  • The user types in an answer
  • The system computes the expected answer
  • The two are compared

8
Sample Login
Question
All roads leads to Rome
Answer
8leads
9
Sample Login
Challenge count number of vowels (12) and
return it in addition to the word at the 12th
position
Question
Efficiency is intelligent laziness
Answer
12laziness
10
Conclusion
  • New password paradigm
  • Greater security for roaming users
  • Protection against all kinds of monitoring
  • Many possible directions to explore
  • New research lab
  • Applied Crypto and e-Security (ACeS)
  • www.cs.bu.edu/groups/aces/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Interactive Password Schemes" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!