Trustworthy Computing in My Mind: A Case Study on Visual Password - PowerPoint PPT Presentation

About This Presentation
Title:

Trustworthy Computing in My Mind: A Case Study on Visual Password

Description:

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 15
Provided by: hook1
Category:

less

Transcript and Presenter's Notes

Title: Trustworthy Computing in My Mind: A Case Study on Visual Password


1
Trustworthy Computing in My Mind A Case Study on
Visual Password
Shujun LiVisiting Student at VC Group, Microsoft
Research Asia Institute of Image
ProcessingXian Jiaotong UniversityApril, 2002
2
Table of Contents
  • What is Trustworthy Computing?
  • Does Perfect Trustworthiness Exist?
  • How to Increase Trustworthiness?
  • A Case Study Visual Password
  • What/Why/How about Visual Password
  • Some Proposed Schemes
  • A Comparison Between Visual Password and Textual
    Password from Trustworthy Viewpoint
  • Problems, Principles and Solutions

3
1. What is Trustworthy Computing?
  • Trustworthy computing is a label for a whole
    range of advances that have to be made for people
    to be as comfortable using devices powered by
    computers and softwares as they are today using a
    device that is powered by electricity.
    Microsoft White Paper Trustworthy Computing
  • Trustworthy computing is a multi-dimensional set
    of issues good availability for almost needs
    requested by the users, acceptable reliability of
    provided services, high security of users data
    and system configurations, recoverability of
    damaged systems and lost data, full control of
    users data only by themselves with suitable
    manners, great reputation of the services
    providers, etc.

4
2. Does Perfect Trustworthiness Exist?
  • Nothing is perfect. We can only provide ENOUGH
    trustworthiness in practice.
  • It is very hard to give a right definition of
    trustworthiness. Trustworthiness is a complicated
    concept in both technical and social world.
  • An architecture built on diversity is robust,
    but it also operates on the edge of chaos. As a
    natural result, it is very difficult to exactly
    analyze the trustworthiness of
  • Trade-offs exist between the different
    requirements of perfect trustworthiness. For
    example, higher security always corresponds to
    less usability, higher trustworthiness needs more
    costs in many cases.

5
3. How to Increase Trustworthiness?
  • Avoid using insecure codes
  • Trustworthiness first, not new features
  • Adopt suitable algorithms to protect the security
    and integrity of users data and systems
  • Keep in mind that a computing system is only as
    trustworthy as its weakest link
  • Users-centered design, coding and support
  • Keep things simple to enhance usability and
    long-term and large-scale reliability
  • More redundancy trend to less risks

6
4a. A Case Study Visual Password
  • What is Visual Password?
  • The user interface by which one can generate
    password with graphical/visual operations, such
    as movement and clicking of mouse on a picture.
  • Why Use Visual Password?
  • It may provide higher trustworthiness than
    traditional textual password.
  • How to Make Visual Password?
  • Some schemes have been proposed, we will briefly
    introduce and analyze those ideas. Some
    principles and more potential solutions will also
    be discussed.

7
4b. Some Proposed Schemes
  • Drawing-Based Visual Password I. Jermyns
    Graphical Password for PDA
  • Visual Password Based on Selected Secret Pictures
    from a Picture Database PassFaceTM and Déjà Vu
    System
  • Click-by-Click Visual Password Blonders Patent,
    PassPicTM, Passlogix v-GOTM Graphical Password
    Window, Darko Kirovskis System (Microsoft)
  • More details about proposed schemes are
    needed for further investigations.

8
4c. A Comparison Between Visual Password and
Textual Password
Textual Password Visual Password
Usability Inconvenient for young children and the blind Inconvenient for the blind
Memorizablity Security to Dictionary Attack Easily-memorizable passwords are weak to dictionary attack, while good ones are generally hard to be memorized. Many strong passwords may be easily memorized. Dictionary attack becomes more hard.
Security to Shoulder-Surfing Attack The slower the typewriting speed, the weaker the security. All proposed schemes cannot resist shoulder-surfing attack.
9
4d. Problems How to Resist Shoulder-Surfing
Attack?
  • How does shoulder-surfing attack work?
  • Once one impostor peeps legal users login
    actions, he can repeat those actions to cheat the
    login system, without guessing the right password
    behind such login actions.
  • How to resist shoulder-surfing attack?
  • The login operations of different logins must not
    be same. We call such a feature time-variant
    login-actions.
  • How to obtain time-variant property?
  • Pseudo-randomization mechanism may be helpful.

10
4d. Principles Visual Password
  1. Larger strong key space than textual password
  2. Similar or better usability than textual
    password a) easy user interface b) good
    memorizability.
  3. Resistance to shoulder-surfing attack Is such a
    capability possible? (Clue a shoulder-surfing
    attacker can see what you can see and understand
    what you can understand people hate hard
    deduction required by time-variant
    login-actions.)
  4. Acceptable solution of the trade-off between
    usability and security.

11
4d. Solutions A Theoretical Model of Visual
Password Login System Resisting Shoulder-Surfing
Attack
Here, PCNL should satisfy the following
requirements deducing the actions in the next
login is easy enough for legal users who know the
password, but is hard enough for illegal users
who have monitored your previous logins.
12
4d. Problems Is a Practical PCNL Possible?
  • In fact, a PCNL is a trapdoor function from
    cryptographic viewpoint.
  • Human beings are not machines and hate
    complicated deduction, a PCNL MUST be easy enough
    for any users, including young children.
  • Legal users may forget what they input in the
    last login, clues should be given to remind them.
    Consider such clues may be also peeped by an
    impostor, they should not provide useful
    information to him under the assumption that he
    does not know password.
  • Now I have not found a really practical
    PCNL. Does a practical PCNL exist? We try to find
    the answer.

13
4d. Solutions More Fresh Ways?
  1. More Click-by-Click Visual Passwords Visual
    Password Based on Clicking Picture Properties,
    such as differences of a pair of pictures, the
    relations between two countries in a world map,
    the geometry properties of elements in a computer
    painting.
  2. Visual Passwords Based on Specially-Designed
    Input Devices a) Device tracking users eyes b)
    Strange mouse that can generate password by
    ones touching different parts c) Strange
    glasses that can generate different scenes from
    different view directions with enough sensitivity.

14
Thanks For your watching and advice!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Trustworthy Computing in My Mind: A Case Study on Visual Password" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!