PHOTOGRAPHIC AUTHENTICATION THROUGH UNTRUSTED TERMINALS
Authors: Trevor Pering, Murali Sundar John Light, Roy Want
CS585Feb 26,2009
THE AUTHORS
OUTLINE
Introduction
Motivation and premise
Security overview
Experimental evaluation
Discussion
Future work
INTRODUCTION
Public internet access points provide a convenient means to access the Internet, but they pose considerable security risks.
Solving method to the risks: Photographic authentication (PA): is a technique
that relies on personal photographs for authenticating user access.
OVERVIEW (CONT.) How it works
Work in conjunction with a trusted “home server” that stores the user’s photographs and account information.
The users identify themselves to the system, initiating
the authentication process with their home server
The home server passes the necessary credentials to
the desired Web-service host
OVERVIEW (CONT.)—EXAMPLE
OVERVIEW (CONT.) —EXAMPLE: EXPLANATION The users selected the images that belonged
to them. The system presented photographs such as above figure. Because the home server manages the authentication process, the access terminal does not gain access to any unnecessary information, such as the user’s photographic databases. The system can not be compromised from public terminal. Thus, the attacker cannot break the authentication scheme.
MOTIVATION AND PREMISE
The need for more secure login mechanisms that grant or deny access through untrusted terminals. While login, there are additional risk with using
public infrastructure. E.g. users check the status of their bank accounts,
they are potentially compromising both their account balance and account number. However, it is generally only necessary to display the account balance, not both.
MOTIVATION AND PREMISE (CONT.) The need for alternative authentication
techniques because of the emerging mobile Internet.
A highly secure authentication technique would be overkill for a terminal which cannot guarantee the security of the data accessed. PA aims to be “secure enough” for casual data by providing the necessary level of security with compromising ease of use.
MOTIVATION AND PREMISE (CONT.) The increased prevalence of digital photos
and the ease with which people can recognize photographic images.The popularity of digital photos have
recently exploded because of the widespread availability of affordable consumer grade cameras and computers capable of manipulating photos;
More people possess large personal image collections ;
Digital storage capacities are rapidly increasing
SECURITY OVERVIEW
The PA implementation presented is about as secure as a six-digital password.
This means that there is a 1 in 106 chance that random guessing will be successful, a smaller chance than that of the personal identification numbers (PINs) which is 104;
SECURITY OVERVIEW (CONT.)
The real vulnerability of photograph-based authentication is not numeric, but cognitive.
The attacker uses knowledge about the user in a cognitive attack
SECURITY OVERVIEW (CONT.) PA is convenient, don’t carry a portable
electronic device, so there is no chance to damage the device
users simply walk up to a terminal and select from a few sequences of images presented to them on the screen;
Another technique requires users to carry a portable electronic device, such as a SecurID card, as a trusted authentication mechanism that would let them safely log in to an untrusted terminal using a one-time key generated by the device
SECURITY OVERVIEW (CONT.)
PA is suited to providing access through semi-trusted or untrusted terminals, and also suited to trusted environments.
It only provides an easier means to access information than text-based authentication.
EXPERIMENTAL EVALUATION
Experiment conditions and process:1. Two sets of experiment help to evaluate PA2. Converted all images to 400 X 300 resolution; 3. Simulated a standard login process to see
whether PA is feasible;4. Simulated an attack against the system to see if
it would hold up under a reasonable replay attack;
5. Conducted both the two experiments though a Web interface, and logged all transactions ;
EXPERIMENTAL EVALUATION (CONT.)
EXPERIMENTAL EVALUATION (CONT.) Authentication experiment
Goal: design the primary authentication test to see whether users could correctly distinguish their own images from those of others;
Result: Users can quickly and accurately identify their own
pictures Not require any learning
EXPERIMENTAL EVALUATION (CONT.) Attack experiment
Goal: designed the login attack to simulate an attack on a user account by someone who had snooped on a previous authentication session by that user;
Result: (see blow figure) Have great variability of success rate and speed Indicate that most users’ image sets are relatively
immune to attack.
EXPERIMENTAL EVALUATION (CONT.)
EXPERIMENTAL EVALUATION (CONT.)
EXPERIMENTAL EVALUATION (CONT.)
Conclusion:
Attackers fared significantly worse than the primary users at recognizing images
DISCUSSION
Overview;
Replay attacks;
Cognitive attacks;
Coincident attacks;
Compromised attacks;
Polling attacks.
DISCUSSION --OVERVIEW
Security is the prime concern of any authentication mechanism;
PA is secure because it bases on recognition, rather than memorization, there are no security leaks generated by people writing down password;
Exist ways such that the system can be compromised;
Exist drawback to the experiment, e.g., maybe the attackers is unskilled
DISCUSSION (CONT.) -- REPLAY ATTACKS
Definition: Replay attack, also known as observer attack, consists of capturing part of a communication between two entities and playing back that information at a later time to compromise the system;
Property: PA is well suited to resist replay attacks through
untrusted terminals by varying the challenge image set each time;
PA is not completely immune to replay attacks because the images from one attempt might provide enough information to deduce the correct images in following attempts.
DISCUSSION (CONT.) --COGNITIVE ATTACKS
Including two kinds: Similarity attack involves determining whether
two images are pictures of the same thing; Knowledge attack uses specific pieces of
knowledge, such as knowing about a trip to Paris, to identify related pictures.
Property: cognitive attack is somewhat sensitive to
knowledge attacks because of the strong correlation between users’ lives and the pictures they keep;
A cognitive attack requires the perpetrators to think about the selections they are making instead of just picking images they recognize.
DISCUSSION (CONT.) --COINCIDENT ATTACKS
Definition: Coincident attack is one in which an unscrupulous agent or proxy running on the untrusted terminal has access to a user’s data in parallel to the user actively operating the system.
Property: the window for a coincident attack begins after a successful authentication and ends when the user either explicitly logs out of the system or times out.
DISCUSSION (CONT.) --COMPROMISED ATTACKS
Definition: A compromised attack is one in which the system’s integrity has already been compromised. E.g., the attacker has cracked the password or
identified the picture set; How to fix the system:
Select a new password in the case of text passwords; It is more difficult to a compromised PA system
because a user cannot forget pictures they have seen and suddenly recognize new ones; one way is to use a series of image subsets for the authentication process. When one subset becomes compromised, the user simply rotates to the next set.
DISCUSSION (CONT.) --POLLING ATTACKS
Definition: A polling attack is one in which the authentication server is repeatedly accessed to gather information about the authentication account.
Property: In the case of text password, a polling attack is
similar to random or dictionary attacks, where trial passwords are thrown at the authentication mechanism to guess the correct password;
While for PA, this kind of attack could be used to glean the entire set of images used for authentication.
FUTURE WORK
PA is a novel technique for dealing with public infrastructure, an emerging concern as mobile and fixed-infrastructure systems continue to evolve and merge:
Explore alternate image presentation and techniques for generating challenge image sets;
Improve the effectiveness of the challenge set by preprocessing images to remove obvious similarities between pictures;
Explore using trial time to filter attacks.
THANK YOU!!!