1 / 21

IMAGE-BASED AUTHENTICATION

IMAGE-BASED AUTHENTICATION . Richard E. Newman, Piyush Harsh, and Prashant Jayaraman . University of Florida. Human Authentication. What you are (biometric) What you have (token) What you know (password). Problems with Passwords. Meaningful Word of mouth transfer

lirit
Télécharger la présentation

IMAGE-BASED AUTHENTICATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IMAGE-BASED AUTHENTICATION Richard E. Newman, Piyush Harsh, and Prashant Jayaraman University of Florida

  2. Human Authentication • What you are (biometric) • What you have (token) • What you know (password)

  3. Problems with Passwords • Meaningful • Word of mouth transfer • Sticking it near workstation • Image-based authentication (IBA) can solve these

  4. Definitions • Image Space (IS) –the set of all images used by the IBA system. • Individual Image Set (IISa) – the set of images that a user Alice (a) chooses to authenticate herself. • Key Image – any image in a user's IIS. • Presentation Set (PS) – the set of images presented to Alice (from which the key images must be selected) for a given authentication attempt. • PS_i – the ith subset of PS presented to Alice during a run – PS = U PS_i

  5. Architecture • Authentication User Agent (AUA) • Authentication Server (AS) The communication between them is encrypted using authenticated Diffie-Hellman The AS is assumed to be a part of the Trusted Computing Base

  6. Basic Protocol - Initialize Image Set Selection • Alice selects ‘n’ images (n is set by the administrator, Bob) • Bob stores the image set at the AS Presentation Subsets • Bob picks one image from IISa and some other images from IS-IISa for each PS_i • Alice picks the IISa image from each PS_i

  7. Basic Protocol - Authenticate Authentication • A→B: Username=Alice • B→A: Presentation set for Round 1, PS1. • A→B: Identified image. • B→A: Presentation set for Round 2, PS2. • A→B: Identified image. • …... • B→A: Presentation set for Round R, PSR. • A→B: Identified image. If all R steps are successful, Bob authenticates Alice

  8. Attacks • Image-based authentication is not foolproof • The are four points of vulnerability • information stored on the AS • information sent between the AS and the AUA • the output at the AUA • the input at the AUA.

  9. Keystroke Logging: AUA Input • Eve can observe or log Alice’s keystrokes and later authenticate herself as Alice. Counter • Display the images in random order - keystrokes are are only meaningful for this PS in this display order

  10. Shoulder Surfing: AUA Output Logging • Eve can observe Alice’s screen (during the authentication process)and later authenticate herself as Alice. Counter • Display the image when the mouse is over it. Otherwise, gray out the image • If input is hidden, then which image is selected is not known – only get PS_i’s • More on PS-based attacks later

  11. TEMPEST Attack: AUA Output • Electromagnetic emanations from the output are used to recreate the screen a distance away. Counter • Use contrasting colors that a person can easily distinguish, but which look the same to the eavesdropper. • Blur the images. • Add random noise to the images.

  12. Brute Force Attack • Select every possible combination. • Note that dictionary attack is impossible. Counters • Keep IIS and IS large • Attack cannot be done offline

  13. Frequency Correlation Attack: Presentation Sets Intersection Attack • The IS is large, and PS_i’s are chosen randomly (with one image from IIS). Any image that repeats across attempts, is very likely to be a part of IIS Logic Attack • If the PS is the same (but not PS_i’s) in every attempt, using logic, within a small number of authentication attempts the attacker can narrow down the IIS to one or a few subsets from the PS.

  14. Countering Frequency Correlation Attacks Decoy Screens • A decoy screen is image grid consisting of images none of which are part of the user’s IIS. The user has to select “none of the above” to succeed in those rounds. • Make use of x rounds of decoy screens and y (y<=n) rounds or screens with images from user image set.

  15. Countering Frequency Correlation Logic Attacks Image Buckets • The IS can be partitioned into groups of images called image buckets. When an image from the IIS is displayed, all of the other images in the image bucket to which this image belongs will also be shown. • The intersection of the images displayed will never decrease.

  16. Leaking Image Set Size • The size of the image set is equal to the number of rounds. • Correlation between the Image set size and the number of rounds may be blurred Randomized number of rounds • The number of rounds is randomized according to a bounded normal distribution. • The mean number of rounds and the variance can be changed as necessary.

  17. Implementation Issues Image Set Storage • If the images are randomized, only the seed for each image need be stored • Otherwise, entire IS needs to be stored Security Implications • AS must store each user’s IIS. • If the AS is compromised, the IIS of every user can be obtained. • The scheme depends on the impenetrability of the AS

  18. Key Strength • If K images per display may be selected, then with R rounds and |PS_i|=N we obtain an equivalent key size of KS= R log (C(N,K)) . • If K=1 thenKS= R log (N)

  19. Equivalent key bits for N=16 images/round

  20. Equivalent key bits per key image

  21. Conclusions • IBA is in its infancy • IBA is more user-friendly • It is difficult to share IBA image sets without showing the person the images • IBA offers an alternative to passwords that my be attractive for some situation • Asymmetric bandwidth • Poor user input capability • Protection at AS still an issue

More Related