Upload File

maintaining a cache of previously queried prefixes “telepathwords: preventing weak passwords by...

  • Home
  • Documents
  • Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,
9
Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. In 23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, pp. 591-606. 2014. Presented by: Nazish Khan

Upload: myra-hudson

Post on 17-Jan-2016

220 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

Maintaining a Cache of Previously Queried

Prefixes “Telepathwords: Preventing weak passwords by reading

users’ minds.”

Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter.

In 23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, pp. 591-606. 2014.

Presented by: Nazish Khan

Page 2: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

2

Summary

Requires efficient algorithms to model users’ behaviour and employ already-typed characters to predict subsequent ones

Real time predictions based on numerous predictors

Common character sequences

Keyboard movements

Repeated strings

Interleaved strings

Compared Telepathwords with composition rules

Feedback bar

Prediction display

Page 3: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

3

Storing Previous Queries

In an ideal situation, we would want no evidence of past requests

Authors take a security risk by maintaining a cache of previously queried prefixes on the server

Cache of past requests ---

Removal of past requests

Page 4: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

4

Issues

Why is it a security risk?

Cache becomes central point of storage (of previous queries- prone to attacks)

Is confidentiality guaranteed? No

Is integrity guaranteed? No

Protect the log but what about the cache?

Page 5: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

5

Securing the Log

Requests one-time session key

Generates session key, encrypt it with a public key andwrites encrypted session key to the log

Log

Sends the session key

XORs traffic with stream cipher and using symmetric encryption (AES)

Page 6: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

6

Justification

Authors hardly justify their decision to go ahead with this risk.

Why did they take this risk?

Reuse queries

Faster processing

Route all client-server communications over HTTPS

Server is unable to read the contents of the online log

Page 7: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

7

Conclusion

Cache is not protected

An attacker could gain access to the data

No confidentiality or integrity

When a user is typing text, no protection mechanism in memory.

Log has only been encrypted to cater for confidentiality

An attacker could modify its contents- threat to integrity

Page 8: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

Thank you

Questions?

Page 9: Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

9

My opinion

I have my doubts regarding the realistic use of this system

Need to give some crucial thought to the following questions:

Is security really important in such a system?

How to cater for the trade-off between security and usability? What’s more important? To whom?


09 - Mathieu.pptkmi.open.ac.uk/events/iswc08-semantic-web-intro... · Structured QueryStructured Query • Sindice can also be queried with structured query e gstructured query, e.g

Qunits: Queried Units in Database Search · Qunits: Queried Units in Database Search Arnab Nandi1 and H. V. Jagadish2 1Computer Science and Engineering, 2Department of Electrical

SI03 Saranga Ram - Lex Jansen · • Form, Domain and Variable Metrics Ratilan Technologies Inc -SMART aCRF - 13 WHAT ARE THE KEY ASPECTS OF SMART aCRF • Annotation Repository –A

Chulwoo Oh, Ravi Komanduri, and Michael J. Escuti 1 · P-167 / C. Oh P-167: FDTD and Elastic Continuum Analysis of the Liquid Crystal Polarization Grating Chulwoo Oh, Ravi Komanduri,

400 088 March 5, 2020 - Tata Institute of Social …...Page 2 12 M000758 Chayanika Goswami G703 M.Phil. Guwahati Social Sciences 07.04.2020 13 M001943 Saranga Sekhar Dutta G722 M.Phil

guyrowe.comguyrowe.com/Guy_Rowe_American_Artist/Bibliography... · color quality which is peculiar to the technique . striking features of the Rowe paintings. When queried Rowe confessed

LOCALISATION & COST COMPETITIVENESS IN THE … AND COST... · LOCALISATION & COST COMPETITIVENESS IN THE INDIAN AUTOMOTIVE INDUSTRY Faculty Contributor :Prof. Haritha Saranga Student

1 Coordinators Chapter Coordinator- Vinod Viswanath Project Coordinator- Sanjeev Ranganathan Treasurer- Anita Komanduri

0 Designing Password Policies for Strength and Usability€¦ · password [Kelley et al. 2012; Komanduri et al. 2011]. As a result, this simple policy based on longer passwords, despite

Evidence from Andhra Pradesh, India - Resource Centre · Evidence from Andhra Pradesh, India S. Galab, Uma Vennam, Anuradha Komanduri, ... especially with regard to the qualitative

GrowingCities Presentation - Saranga Nakhooda & Devin Lafo

Optimizing Password Composition Policies Jeremiah Blocki Saranga Komanduri Ariel Procaccia Or Sheffet To appear at EC 2013

Optimal Deployment of Parallel Teams in New Product ... · Optimal Deployment of Parallel Teams in New Product Development By Haritha Saranga May 2008 Please address all your correspondence

Molecular dynamics (MD) simulation of uniaxial tension of ...web.mit.edu/mbuehler/www/Teaching/IAP2006/codes/Komanduri - tens… · Molecular dynamics (MD) simulation of uniaxial

FLASCO · impressive leader, Dr. McAneny has ... Krishna V. Komanduri, ... MD Speaking on the topic of Immunotherapy in Oncology

Komanduri - Thesis - Modeling the adversary to evaluate ...reports-archive.adm.cs.cmu.edu/anon/isr2016/CMU-ISR-16-101.pdf · and Stuart Schechter from Microsoft Research for wonderful

NE India musical instruments - Roger Blench India musical...A guide to the musical instruments of NE India: classification, ... ringing bronze bell ... Three-string fiddle, saranga,

DICKINSON, NORTH DAKOTA Audit Report€¦ · • Reviewed segregation of duties in all program areas. • Interviewed appropriate agency personnel. • Queried the ConnectND (PeopleSoft)

Crime and Criminal Justice in Disaster · The 1992 Los Angeles Riot and the Lessons Ignored in the 2014 Ferguson Riot Komanduri S. Murty and Julian B. Roebuck 277 Legal Definitions

Vlookup and Sumif Formulas to assist summarizing queried …Vlookup and Sumif Formulas to assist summarizing queried data . When accessing data from Foundation through the MS Query

Telepathwords: preventing weak passwords by reading users ......by reading users’ minds . Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, Stuart ... • “Dictionary”

Media Framing and Partisan Identity: The Effect of ......the effects of framing tend to erode quickly over time. When the subjects are queried a day, a When the subjects are queried

PROMOTION LIST SESSION : 2019-20 FROM CLASS NURSERY TO ... LIST CLAS… · 13 Jeeshan Aftab 14 Krishangi Das 15 Kshitij Baruah 16 Lopa Mudra ... 24 Samim Akhtar 25 Saranga Raj Boro

BLAST Sequences queried against the nr or grass databases. GO ANALYSIS

Satish Bukkapatnam Ranga Komanduri

Washington DC · June 2-5, 2018€¦ · Sachin Wani, J. Lucas Williams, Sri Komanduri, V. Raman Muthusamy, Nicholas Shaheen 10:00 AM Ballroom A, WCC Assessing the Cost-Effectiveness

Marathon Fundraising - Anita Komanduri, Asha Training schedule - Santhosh Padmanabhan, Coach

Mr. Saranga Wijeyarathne President – MBA Alumni Association

Qatar hails US Emir attends Military College graduation ...€¦ · 26.01.2017  · 02 HOME FRIDAY 27 JANUARY 2017 Popular Sri Lankan artistes Saranga Disasekara, Visharad Manoj Peiris,

Juvenilia (October-Decemberwebcomipl.net/dpswp/wp-content/uploads/2019/12/e... · escort teachers namely Mr. Probin Likharu, Mr. V.K. Rajeev and Mr. Saranga Pani Hazarika visited

Curriculum Vitiate Oshan Saranga

Polarization-Independent Modulation & Simplified Spectropolarimetry Using LC Polarization Gratings Michael J. Escuti 1, W.M. Jones 1, C. Oh 1, R. Komanduri

Committee: - ethics.health.govt.nz  · Web viewThe Committee queried the rationale of targeting patients who take either antipsychotic or diabetes medications. The Researchers explained

 · Web viewThe group of Katak dance performers, music on a tabla, sitar, saranga and a vocalist with a harmonica are known all over the world. The famous Kichipudi dance performer

School/Unit User Guide - University College Dublin€¦ · School/Unit User Guide ... Management functions within the Interim Curriculum ManagementSystem: ... request) or Queried