iasonas polakis, panagiotis ilia, federico maggi, marco lancini, georgios kontaxis, stefano zanero,...
TRANSCRIPT
Telepathwords: Preventing Weak Passwords by Reading Users Minds
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 501-512. ACM, 2014. Faces in the Distorting Mirror:Revisiting Photo-based Social AuthenticationPresented by: Roshan Pawar.1Summary2The paper revisits the concept of Social Authentication (SA) and proposes a system which generates challenges that are robust against the attacks on SA.
The paper also demonstrates a novel attack technique against the social authentication, that is more effective and efficient than previously presented techniques.
The authors experimentally confirm the robustness of the proposed solution against the three template matching algorithm: The correlation coefficient (CCOEFF), Cross correlation (CCORR) and Squared dierence (SQDIFF).
Furthermore, the authors claim that after using the proposed solution the face detection software fails to detect even a single face, whereas users identify their friends in over 94.38% of photos with faces unrecognizable by software.2Motivation3The main motivation to propose a new design in Social Authentication(SA) was due to the authors confidence in SA as an promising approach in preventing unauthorized access in a user friendly manner.
Hence, my focus of presentation would be on authors perspective of preventing unauthorized access.Social Authentication4
Fig. Shows a typical SA example on Facebook and this is taken from the cited paper Social authentication: harder than it looks published in Proceedings Of the 2012 Financial Cryptography and Data Security conference. Springer.A variant of traditional two factor authentication scheme4Attacks on social authentication5
Face recognition technique.
The image comparison attacks by creating the collection of images of the victim and his friends. (Novel type of attack demonstrated by authors)Proposed design6Steps in the proposed designFace extractionPhoto categorization.Tag transformation.Photo transformation.
Then novel transformation process for creating SA challenge to template matching algorithms such as:The correlation coefficient (CCOEFF).Cross correlation (CCORR).Squared dierence (SQDIFF).
Evaluation of user study7In medium portraits the success rate was 97%And in difficult portraits the success rate was 92.1%Users also identified their friends in 77.7% of the pages that contained the photos of animals.
The authors final thoughts8The proposed approach could be applied for security services offered by online social networking websites.
In web service to provide the feature of user-specific CAPTCHA.
In banking websites as an addition to two-factor authentication.
Personal thoughts9The social authentication can be vulnerable if the attacker is a close friend of a victim.
To log in through the social authentication setup for a user having a large number of friends, it is fairly difficult to identify the medium and difficult level of photos.
How effective is the social authentication in a case of an elderly person or in a case of persons who have low cognitive skills?The Authors consider the SA as a promising approach in preventing unauthorized access, However, I think that:Thank you
Questions?
10