IMAGE-BASED AUTHENTICATION

1
IMAGE-BASED AUTHENTICATION
Richard E. Newman, Piyush Harsh, and Prashant
Jayaraman

• University of Florida

2
Human Authentication

• What you are (biometric)
• What you have (token)
• What you know (password)

3
Problems with Passwords

• Meaningful
• Word of mouth transfer
• Sticking it near workstation
• Image-based authentication (IBA) can solve these

4
Definitions

• Image Space (IS) the set of all images used by
  the IBA system.
• Individual Image Set (IISa) the set of images
  that a user Alice (a) chooses to authenticate
  herself.
• Key Image any image in a user's IIS.
• Presentation Set (PS) the set of images
  presented to Alice (from which the key images
  must be selected) for a given authentication
  attempt.
• PS_i the ith subset of PS presented to Alice
  during a run PS U PS_i

5
Architecture

• Authentication User Agent (AUA)
• Authentication Server (AS)
• The communication between them is encrypted
  using authenticated Diffie-Hellman
• The AS is assumed to be a part of the Trusted
  Computing Base

6
Basic Protocol - Initialize
Image Set Selection

• Alice selects n images (n is set by the
  administrator, Bob)
• Bob stores the image set at the AS

Presentation Subsets

• Bob picks one image from IISa and some other
  images from IS-IISa for each PS_i
• Alice picks the IISa image from each PS_i

7
Basic Protocol - Authenticate
Authentication

• A?B UsernameAlice
• B?A Presentation set for Round 1, PS1.
• A?B Identified image.
• B?A Presentation set for Round 2, PS2.
• A?B Identified image.
• ...
• B?A Presentation set for Round R, PSR.
• A?B Identified image.
• If all R steps are successful, Bob authenticates
  Alice

8
Attacks

• Image-based authentication is not foolproof
• The are four points of vulnerability
• information stored on the AS
• information sent between the AS and the AUA
• the output at the AUA
• the input at the AUA.

9
Keystroke Logging AUA Input

• Eve can observe or log Alices keystrokes and
  later authenticate herself as Alice.

Counter

• Display the images in random order
• - keystrokes are are only meaningful for this
  PS in this display order

10
Shoulder Surfing AUA Output Logging

• Eve can observe Alices screen (during the
  authentication process)and later authenticate
  herself as Alice.

Counter

• Display the image when the mouse is over it.
  Otherwise, gray out the image
• If input is hidden, then which image is selected
  is not known only get PS_is
• More on PS-based attacks later

11
TEMPEST Attack AUA Output

• Electromagnetic emanations from the output are
  used to recreate the screen a distance away.

Counter

• Use contrasting colors that a person can easily
  distinguish, but which look the same to the
  eavesdropper.
• Blur the images.
• Add random noise to the images.

12
Brute Force Attack

• Select every possible combination.
• Note that dictionary attack is impossible.

Counters

• Keep IIS and IS large
• Attack cannot be done offline

13
Frequency Correlation Attack Presentation Sets
Intersection Attack

• The IS is large, and PS_is are chosen randomly
  (with one image from IIS). Any image that repeats
  across attempts, is very likely to be a part of
  IIS

Logic Attack

• If the PS is the same (but not PS_is) in every
  attempt, using logic, within a small number of
  authentication attempts the attacker can narrow
  down the IIS to one or a few subsets from the PS.
  

14
Countering Frequency Correlation Attacks
Decoy Screens

• A decoy screen is image grid consisting of images
  none of which are part of the users IIS. The
  user has to select none of the above to succeed
  in those rounds.
• Make use of x rounds of decoy screens and y
  (yltn) rounds or screens with images from user
  image set.

15
Countering Frequency Correlation Logic Attacks
Image Buckets

• The IS can be partitioned into groups of images
  called image buckets. When an image from the IIS
  is displayed, all of the other images in the
  image bucket to which this image belongs will
  also be shown.
• The intersection of the images displayed will
  never decrease.

16
Leaking Image Set Size

• The size of the image set is equal to the number
  of rounds.
• Correlation between the Image set size and the
  number of rounds may be blurred

Randomized number of rounds

• The number of rounds is randomized according to a
  bounded normal distribution.
• The mean number of rounds and the variance can be
  changed as necessary.

17
Implementation Issues
Image Set Storage

• If the images are randomized, only the seed for
  each image need be stored
• Otherwise, entire IS needs to be stored

Security Implications

• AS must store each users IIS.
• If the AS is compromised, the IIS of every user
  can be obtained.
• The scheme depends on the impenetrability of the
  AS

18
Key Strength

• If K images per display may be selected, then
  with R rounds and PS_iN we obtain an
  equivalent key size of KS R log (C(N,K)) .
• If K1 thenKS R log (N)

19
Equivalent key bits for N16 images/round
20
Equivalent key bits per key image
21
Conclusions

• IBA is in its infancy
• IBA is more user-friendly
• It is difficult to share IBA image sets without
  showing the person the images
• IBA offers an alternative to passwords that my be
  attractive for some situation
• Asymmetric bandwidth
• Poor user input capability
• Protection at AS still an issue