human distinguishable visual key fingerprints
TRANSCRIPT
HUMAN DISTINGUISHABLE VISUAL KEY FINGERPRINTS
USENIX Security '20
Mozhgan Azimpourkivi1, Umut Topkara1, and Bogdan Carbunar2
1 Bloomberg LP2 Florida International University
August 2020
Key Fingerprints (KF)2
q Compact version of a crypto keyq Used for authentication
q Easier to compare by humans against reference value
Key Fingerprint Authentication3
TrustedReference
CryptoKey
IPAddress
BitcoinAddress
Human Verifier
DeviceID
File
Key Fingerprint
Key Fingerprint Generator (KFG)
4
MitMAdversary
Generate and inject string whose key representation is human-indistinguishable from expected value
CryptoKey
IPAddress
BitcoinAddress
Human Verifier
DeviceID
File
Key Fingerprint Generator (KFG)
bc1qar0srrr7xfkvy5l643lybsw9re59gtmzzw5mdq
Corrupted Fingerprint
bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq
Trusted Reference
bc1qar0srrr7xfkvy5l643lybsw9re59gtmzzw5mdq
bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq
Adversary Model
Applications5
1. Remote authentication (SSH, OpenPGP/GnuPG)q Encode pub key hash into human readable format
2. End-to-End Encrypted (E2EE) messaging applicationsq WhatsApp, Viber, Facebook messenger
3. Device pairingq Bluetooth Secure Simple Pairing using ECDH
4. Prevent phishing & Bitcoin clipboard hijacking attacks
5. File checksums
Example Key Fingerprints (KF)6
OpenSSHVisual Host Key
Vash Unicorn
Textual representation Visual representation
Alphanumeric Pronounceable words
Sentences
learning equal education bent collar religion new shelf angle table train sad keep meal
The basket ends your right cat on his linen. Her range repeats her nerve.
3A70 F9A0 4ECD B5D7 8A89 D32C EDA0 A352 66E2 C53D
Tan, Joshua, et al. "Can unicorns help users compare crypto key fingerprints?." Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017.
Vash: Visual KFG (VKFG)7
q Tan et al., CHI’17:
q Visual representations verified faster and easier than text-based
q Generate images using
q Set of rules
q Hand curated functions
q Human visual system limitations
q Human error rate > 10%
8
CEAL: DNN for KFG
Generate realistic images to improve usability
Input Vector
FingerprintImage
GAN-basedImage
GeneratorInputString
Key
Fing
erpr
int
Gene
ratio
n
…
Input Mapper
9
Visual Key Fingerprint Generator
Internal Representations
Key Fingerprint Visual Key FingerprintGenerator
-1
…
+1
…Another Key Fingerprint
Hum
anDi
stin
guish
able
Sing
le-v
alue
ch
ange
CEAL (CrEdential Assurance Label)10
q Fingerprints should be realistic and human-distinguishableq Remove humans from evaluation process
FingerprintImage
GeneratorInputString
Input Mapper
Training Process
…
Input Vector
CL-GAN11
Same vs. Different
RealismDiscriminator
Real vs. Fake
GeneratorNetwork
(Gceal)
Pre-trained Human
PerceptionDiscriminator
(HPD)
+FeedbackReal Images
Vector Representations(Slightly Different)
-1 …
+1 …
Human Perception Discriminator (HPD)12
50,176
Contrastive loss
Same (0)Different (1)
2
Cross entropy loss ("#$)
1024 102450
50
Eucli
dean
Dist
ance
O1
O2
&1
&2
Inception.v1up to Mixed_5c
Inception.v1up to Mixed_5c
HPD Evaluation13
q Training: > 26,000 image pairsq 558 labeled by Mechanical Turk (MTurk) workers
q Each image labeled by up to 100 workersq 26,244 synthetically generated images
q 84% Precision, 82% F1-scoreq Holdout subset of 112 image pairs
Major vs. Minor Components14
…Input
Vector
…
… Majorcomponents
Minorcomponents
q Some components are equivalent of othersq We can train some components to be major
CL-GAN generator15
CEAL Generator Network
λ=512
256
256 …
…
Majorcomponents
Minorcomponents
44
8
8
16
16
1024
32
32
512
256
128
64
64
16
Train Majors for Distinguishability
GeneratorNetwork(Gceal)
HumanDistinguishable
……Major Minor
-1
+1 ……Major Minor
Input Vectors Key Fingerprints
Train Minors17
GeneratorNetwork(Gceal)
HumanIndistinguishable
……Major Minor
-1
…… +1
Major Minor
Input Vectors Key Fingerprints
18
Train Majors for Diversity
GeneratorNetwork(Gceal)
HumanDistinguishable
……Major Minor
+1
+1 ……Minor
Input Vectors Key Fingerprints
(G, d)-adversary [Dechand et al. Usenix ‘16]
19
q Generate target keys (G bits)
q Generate attack keys different in d bits from target
q Generate corresponding visual key fingerprints
q Use a HPD to filter similar fingerprints to target
1 0 0 0 1 1…
Target Key
Attack Key
Different in d positions
1 1 0 0 0 1…
G bit keys
19
CEAL Under (G, d)-attack20
Attack Dataset
DatasetSize
# Attacks Identified by HPD-Attacker
Human Verified Attacks
(123,1)-adversary
123M 121 2 (1.7%)
(123,d)-adversary
123M 1,473 23 (1.6%)
Evaluate potential attack images using 374 MTurk workers
(G, d) Attack Examples21
Targets
Attacks
Humans labeled as different Humans labeled as same
CEAL vs. Vash22
q Generate 10,000 random Vash and CEAL imagesq Compare all key fingerprint pairs using HPD
q Approx. 50 million image pair comparisons
VKFG Attack Dataset Size
# Attacks Identified by HPD
Human Verified Attacks
CEAL ~50M 1 0 (0%)
Vash ~50M 150 24 (16%)
Attack datasets of 10,000 random images
Conclusions23
q CEAL: Visual key fingerprint generation solutionq Human-distinguishable fingerprintsq Resilient to powerful adversaries
q CEAL improves on state-of-the-art Vashq Resilient to attackq Fast to compare: 2.73s for CEAL vs. 3.03s for Vash
q Incentive to adversaries to improve HPDq Applications to CAPTCHA
Backup Slides
Input Mapper25
BCH(!=255, "=123, dmin =19) for CL-GAN
dmin = min Hamming distance between codewords
PRNG
ECC
Input Mapper
Input Binary String
Major Components
Minor Components
# = 123 bits
M = 255 codeword bits +
1 padding bit
Attack Success Relation to d26
The break ratio of 1 million target CEAL images for each value ofd, the Hamming distance between the attack and the targetbinary fingerprints, according to (left) HPD_model_1 and (right)HPD_attacker.
Datasets for Training HPD27
Dataset Name # Image Pairs LabelsLabeled Synthetic Image Pairs 558 Mixed
Unrealistic DCGAN Image Pairs 11,072 Same
Minor Change Image Pairs Dataset 7,040 Same
Blob Image Pairs Dataset 2,108 Different
10%-different Image Pairs Dataset 1,024 Different
Enhanced Synthetic Image Pairs Dataset 5000 Different
Total 26,802 Mixed
Ground Truth Human Perception and Synthetic Image Pair Datasets we used to train HPD
HPD Performance on Vash Images28
Model F1 FPR FNR Recall Precision
HPD_model_1 0.76 0.21 0.14 0.86 0.69
Performance of HPD over 120 labeled Vash images
CEAL vs. Vash: Time to Verify29
Vash: 3.03s (SD=5.42s) avg over 150 attacksCEAL: 2.73s (SD=2.33s) avg over 48 attacks