Upload File

maintaining a cache of previously queried prefixes “telepathwords: preventing weak passwords by...

  • Home
  • Documents
  • Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,
9
Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. In 23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, pp. 591-606. 2014. Presented by: Nazish Khan

Upload: myra-hudson

Post on 17-Jan-2016

220 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

Maintaining a Cache of Previously Queried

Prefixes “Telepathwords: Preventing weak passwords by reading

users’ minds.”

Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter.

In 23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, pp. 591-606. 2014.

Presented by: Nazish Khan

Page 2: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

2

Summary

Requires efficient algorithms to model users’ behaviour and employ already-typed characters to predict subsequent ones

Real time predictions based on numerous predictors

Common character sequences

Keyboard movements

Repeated strings

Interleaved strings

Compared Telepathwords with composition rules

Feedback bar

Prediction display

Page 3: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

3

Storing Previous Queries

In an ideal situation, we would want no evidence of past requests

Authors take a security risk by maintaining a cache of previously queried prefixes on the server

Cache of past requests ---

Removal of past requests

Page 4: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

4

Issues

Why is it a security risk?

Cache becomes central point of storage (of previous queries- prone to attacks)

Is confidentiality guaranteed? No

Is integrity guaranteed? No

Protect the log but what about the cache?

Page 5: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

5

Securing the Log

Requests one-time session key

Generates session key, encrypt it with a public key andwrites encrypted session key to the log

Log

Sends the session key

XORs traffic with stream cipher and using symmetric encryption (AES)

Page 6: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

6

Justification

Authors hardly justify their decision to go ahead with this risk.

Why did they take this risk?

Reuse queries

Faster processing

Route all client-server communications over HTTPS

Server is unable to read the contents of the online log

Page 7: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

7

Conclusion

Cache is not protected

An attacker could gain access to the data

No confidentiality or integrity

When a user is typing text, no protection mechanism in memory.

Log has only been encrypted to cater for confidentiality

An attacker could modify its contents- threat to integrity

Page 8: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

Thank you

Questions?

Page 9: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

9

My opinion

I have my doubts regarding the realistic use of this system

Need to give some crucial thought to the following questions:

Is security really important in such a system?

How to cater for the trade-off between security and usability? What’s more important? To whom?


400 088 March 5, 2020 - Tata Institute of Social …...Page 2 12 M000758 Chayanika Goswami G703 M.Phil. Guwahati Social Sciences 07.04.2020 13 M001943 Saranga Sekhar Dutta G722 M.Phil

Committee: - ethics.health.govt.nz  · Web viewThe Committee queried the rationale of targeting patients who take either antipsychotic or diabetes medications. The Researchers explained

AdChoices? Compliance with Online Behavioral Advertising ... · AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements Saranga Komanduri, Richard

LOCALISATION & COST COMPETITIVENESS IN THE … AND COST... · LOCALISATION & COST COMPETITIVENESS IN THE INDIAN AUTOMOTIVE INDUSTRY Faculty Contributor :Prof. Haritha Saranga Student

ANNUAL REPORT 2017-2018 - GlobalGiving · Kirti Shetty Cherian Mathews Darly Mathew Raju Varghese Sunil Zachariah Sudhanshu Arya A Roy Mekhala Stephen John Christo Sri Komanduri Sangeetha

Optimizing Password Composition Policies Jeremiah Blocki Saranga Komanduri Ariel Procaccia Or Sheffet To appear at EC 2013

Qatar hails US Emir attends Military College graduation ...€¦ · 26.01.2017  · 02 HOME FRIDAY 27 JANUARY 2017 Popular Sri Lankan artistes Saranga Disasekara, Visharad Manoj Peiris,

Molecular dynamics (MD) simulation of uniaxial tension of ...web.mit.edu/mbuehler/www/Teaching/IAP2006/codes/Komanduri - tens… · Molecular dynamics (MD) simulation of uniaxial

Telepathwords: preventing weak passwords by reading users ......by reading users’ minds . Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, Stuart ... • “Dictionary”

BLAST Sequences queried against the nr or grass databases. GO ANALYSIS

PowerPoint Presentation - Slide 1 · 2018-04-13 · Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy

Media Framing and Partisan Identity: The Effect of ......the effects of framing tend to erode quickly over time. When the subjects are queried a day, a When the subjects are queried

Multi-twist retarders: broadband retardation control using ... · Ravi K. Komanduri, Kristopher F. Lawler, and Michael J. Escuti∗ Department of Electrical and Computer Engineering,

Vlookup and Sumifs Formulas to assist summarizing queried data€¦ · Vlookup and Sumifs Formulas to assist summarizing queried data When accessing data from Foundation through the

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle

NE India musical instruments - Roger Blench India musical...A guide to the musical instruments of NE India: classification, ... ringing bronze bell ... Three-string fiddle, saranga,

Satish Bukkapatnam Ranga Komanduri

C9600 Printing Guide v1my.okidata.com/mandown.nsf/86048f677cac41e6852570280066837… · The printer is queried and additional hardware options are automatically detected. Printers

GrowingCities Presentation - Saranga Nakhooda & Devin Lafo

From Awareness to Action: Child Marriage Predictors, Hotspots, and Program Approaches Kathleen Kurz and Saranga Jain IGWG Technical Update on Child Marriage

Polarization-Independent Modulation & Simplified Spectropolarimetry Using LC Polarization Gratings Michael J. Escuti 1, W.M. Jones 1, C. Oh 1, R. Komanduri

Mr. Saranga Wijeyarathne President – MBA Alumni Association

2008/07/06 Harris COL - RE: Harris -- Revised DRAFT Site ... · Aditya Tyagi Klaus Albertin Gopal Komanduri (S&L) (by phone) Matt Gavin (by phone) Discuss needs Alternatives C-305

Chulwoo Oh, Ravi Komanduri, and Michael J. Escuti 1 · P-167 / C. Oh P-167: FDTD and Elastic Continuum Analysis of the Liquid Crystal Polarization Grating Chulwoo Oh, Ravi Komanduri,

09 - Mathieu.pptkmi.open.ac.uk/events/iswc08-semantic-web-intro... · Structured QueryStructured Query • Sindice can also be queried with structured query e gstructured query, e.g

Qunits: Queried Units in Database Search · Qunits: Queried Units in Database Search Arnab Nandi1 and H. V. Jagadish2 1Computer Science and Engineering, 2Department of Electrical

Crime and Criminal Justice in Disaster · The 1992 Los Angeles Riot and the Lessons Ignored in the 2014 Ferguson Riot Komanduri S. Murty and Julian B. Roebuck 277 Legal Definitions

0 Designing Password Policies for Strength and Usability€¦ · password [Kelley et al. 2012; Komanduri et al. 2011]. As a result, this simple policy based on longer passwords, despite

Washington DC · June 2-5, 2018€¦ · Sachin Wani, J. Lucas Williams, Sri Komanduri, V. Raman Muthusamy, Nicholas Shaheen 10:00 AM Ballroom A, WCC Assessing the Cost-Effectiveness

Evidence from Andhra Pradesh, India - Resource Centre · Evidence from Andhra Pradesh, India S. Galab, Uma Vennam, Anuradha Komanduri, ... especially with regard to the qualitative

Juvenilia (October-Decemberwebcomipl.net/dpswp/wp-content/uploads/2019/12/e... · escort teachers namely Mr. Probin Likharu, Mr. V.K. Rajeev and Mr. Saranga Pani Hazarika visited

 · Web viewThe group of Katak dance performers, music on a tabla, sitar, saranga and a vocalist with a harmonica are known all over the world. The famous Kichipudi dance performer

Komanduri - Thesis - Modeling the adversary to evaluate ...reports-archive.adm.cs.cmu.edu/anon/isr2016/CMU-ISR-16-101.pdf · and Stuart Schechter from Microsoft Research for wonderful

School/Unit User Guide - University College Dublin€¦ · School/Unit User Guide ... Management functions within the Interim Curriculum ManagementSystem: ... request) or Queried

PROMOTION LIST SESSION : 2019-20 FROM CLASS NURSERY TO ... LIST CLAS… · 13 Jeeshan Aftab 14 Krishangi Das 15 Kshitij Baruah 16 Lopa Mudra ... 24 Samim Akhtar 25 Saranga Raj Boro