NonText Passwords - PowerPoint PPT Presentation

About This Presentation
Title:

NonText Passwords

Description:

Other new ideas for non-text passwords based on behavioral biometric features. Key Generation ... Twist on traditional secret sharing ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 18
Provided by: jlg4
Category:

less

Transcript and Presenter's Notes

Title: NonText Passwords


1
Non-Text Passwords
  • CRyptography Applications Bistro
  • Jessica Greer
  • February 12, 2004

2
Outline
  • Speech-Generated Cryptographic Keys
  • Password Hardening Based on Keystroke Dynamics
  • Other new ideas for non-text passwords based on
    behavioral biometric features

3
Key Generation
  • Based on repeatable behavioral biometric
    characteristics
  • timing
  • force of keystrokes
  • voice frequencies
  • Aims to achieve two goals
  • Breaking passwords will be no easier
  • For some or most, breaking them will be harder

4
Speech-Generated Keys Monrose Reiter
  • System initialization
  • Generate key K
  • Generate 2m shares of K using generalized secret
    sharing scheme, with m a system param
  • Shares arranged within an m x 2 table such that K
    can be reconstructed from any set of m shares
    consisting of one share from each row

K
2
m
5
Twist on traditional secret sharing
  • Traditional defense attacker will not possess
    enough shares to reconstruct the secret
  • In this case, an attacker would have all shares
    if he had access to the physical device
  • Requirement change that the attacker will not be
    able to find a sufficient set of valid shares in
    the table (make an exhaustive search
    computationally difficult)

6
Speech-Generated Keys Monrose Reiter
  • Gathering behavioral measurements
  • User utters passphrase
  • System performs front-end signal processing and
    records measurements about voice features

My voice is my passport.
Verify me?
(photo from www.imdb.com)
7
Signal processing
  • User utterance sampled at predefined sampling
    rate
  • Minimum sampling rate on Compaq IPAQ 32 kHz
  • Reduce computational and storage cost by down
    sampling to 8 kHz (sufficient to accurately
    capture signal) throw 3 of 4 samples away

8
Signal processing
  • Signal then broken down and cleaned up
  • Sample must be clean so as to be an accurate
    representation of users voice
  • Arranged into frames 12-dimensional vectors of
    reals
  • Background noise removed by calculating avg.
    noise in white space in the sample and
    subtracting it from entire length of sample
  • Sample data converted to bit sequence called a
    feature descriptor used to regenerate key

9
Gathering behavioral statistics
  • System measures m behavioral features of a users
    utterance
  • Array of measurements concatenated into a bit
    string for each login attempt

10
Gathering behavioral statistics
  • For each successful login attempt, the system
    updates the history of feature descriptors
    (consistent behavioral features)

11
Distinguishing features
  • Security depends upon number of distinguishing
    features of voice
  • A feature bai (a the account, i the feature) is a
    distinguishing feature if
  • Ti gt avg(bai) - k stddev(bai) or
  • Ti lt avg(bai) - k stddev(bai)

12
Going back to the 2 x m table
  • Elements of table not consistently accessed are
    randomly perturbed
  • Correct user should not encounter perturbed
    (invalid) elements in table
  • The more often the user logs in, the stronger the
    system becomes

13
Empirical results
  • For an implementation in which the table was also
    encrypted with a password makes a dictionary
    attack against the password up to 215 times more
    difficult

14
Password hardening based on keystroke dynamics
  • Very similar concept system begins as secure as
    a traditional password system and begins
    perturbing values in secret-sharing table that
    are not repeated consistently

15
Potential problems
  • Painful to change password, if security greater
    than traditional systems is essential cost
    associated with retraining the system
  • In keystroke system, some degree of inference can
    be made about keystroke dynamics if password is
    known, and vice versa
  • Not ideal for users who use different keyboards
  • Security determined by degree of uniqueness of
    users voice or typing style

16
Is it accurate enough?
  • Bergadano, Gunetti, and Picardi think not
  • Inherent variability in most behavioral
    biometric identifiers is too great
  • Propose using much longer samples and generating
    key based on duration of digraphs and trigraphs
    (sets of two and three consecutive letters)
  • Not an appropriate substitute for traditional
    password systems
  • Greater inherent variability with longer
    samples?

17
For more information
  • www.biopassword.com
  • Free demo
  • www.mytec.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NonText Passwords" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!