140 likes | 273 Views
Trustworthy Computing in My Mind: A Case Study on Visual Password. Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing Xi’an Jiaotong University April, 2002. Table of Contents. What is Trustworthy Computing? Does Perfect Trustworthiness Exist?
E N D
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun LiVisiting Student at VC Group, Microsoft Research Asia Institute of Image ProcessingXi’an Jiaotong UniversityApril, 2002
Table of Contents • What is Trustworthy Computing? • Does Perfect Trustworthiness Exist? • How to Increase Trustworthiness? • A Case Study: Visual Password • What/Why/How about Visual Password • Some Proposed Schemes • A Comparison Between Visual Password and Textual Password from Trustworthy Viewpoint • Problems, Principles and Solutions Shujun Li, VS at VC Group of Microsoft Research Asia
1. What is Trustworthy Computing? • “Trustworthy computing is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and softwares as they are today using a device that is powered by electricity.”——Microsoft White Paper: Trustworthy Computing • “Trustworthy computing is a multi-dimensional set of issues”: good availability for almost needs requested by the users, acceptable reliability of provided services, high security of users’ data and system configurations, recoverability of damaged systems and lost data, full control of users’ data only by themselves with suitable manners, great reputation of the services providers, etc. Shujun Li, VS at VC Group of Microsoft Research Asia
2. Does Perfect Trustworthiness Exist? • Nothing is perfect. We can only provide ENOUGH trustworthiness in practice. • It is very hard to give a “right” definition of trustworthiness. Trustworthinessis a complicated concept in both technical and social world. • “An architecture built on diversity is robust, but it also operates on the edge of chaos.” As a natural result, it is very difficult to exactly analyze the trustworthiness of • Trade-offs exist between the different requirements of “perfect trustworthiness”. For example, higher security always corresponds to less usability, higher trustworthiness needs more costs in many cases. Shujun Li, VS at VC Group of Microsoft Research Asia
3. How to Increase Trustworthiness? • Avoid using insecure codes • Trustworthiness first, not new features • Adopt suitable algorithms to protect the security and integrity of users’ data and systems • Keep in mind that “a computing system is only as trustworthy as its weakest link” • Users-centered design, coding and support • Keep things simple to enhance usability and long-term and large-scale reliability • More redundancy trend to less risks Shujun Li, VS at VC Group of Microsoft Research Asia
4a. A Case Study: Visual Password • What is Visual Password? • The user interface by which one can generate password with graphical/visual operations, such as movement and clicking of mouse on a picture. • Why Use Visual Password? • It may provide higher trustworthiness than traditional textual password. • How to Make Visual Password? • Some schemes have been proposed, we will briefly introduce and analyze those ideas. Some principles and more potential solutions will also be discussed. Shujun Li, VS at VC Group of Microsoft Research Asia
4b. Some Proposed Schemes • Drawing-Based Visual Password: I. Jermyn’s Graphical Password for PDA • Visual Password Based on Selected Secret Pictures from a Picture Database: PassFaceTM and Déjà Vu System • Click-by-Click Visual Password: Blonder’s Patent, PassPicTM, Passlogix v-GOTM Graphical Password Window, Darko Kirovski’s System (Microsoft) • More details about proposed schemes are needed for further investigations. Shujun Li, VS at VC Group of Microsoft Research Asia
4c. A Comparison Between Visual Password and Textual Password Shujun Li, VS at VC Group of Microsoft Research Asia
4d. Problems: How to Resist Shoulder-Surfing Attack? • How does shoulder-surfing attack work? • Once one impostor peeps legal users’ login actions, he can repeat those actions to cheat the login system, without guessing the right password behind such login actions. • How to resist shoulder-surfing attack? • The login operations of different logins must not be same. We call such a feature time-variant login-actions. • How to obtain time-variant property? • Pseudo-randomization mechanism may be helpful. Shujun Li, VS at VC Group of Microsoft Research Asia
4d. Principles: Visual Password • Larger strong key space than textual password • Similar or better usability than textual password: a) easy user interface; b) good memorizability. • Resistance to shoulder-surfing attack: Is such a capability possible? (Clue: a shoulder-surfing attacker can see what you can see and understand what you can understand; people hate hard deduction required by time-variant login-actions.) • Acceptable solution of the trade-off between usability and security. Shujun Li, VS at VC Group of Microsoft Research Asia
4d. Solutions: A Theoretical Model of Visual Password Login System Resisting Shoulder-Surfing Attack Here, PCNL should satisfy the following requirements: deducing the actions in the next login is easy enough for legal users who know the password, but is hard enough for illegal users who have monitored your previous logins. Shujun Li, VS at VC Group of Microsoft Research Asia
4d. Problems: Is a Practical PCNL Possible? • In fact, a PCNL is a trapdoor function from cryptographic viewpoint. • Human beings are not machines and hate complicated deduction, a PCNL MUST be easy enough for any users, including young children. • Legal users may forget what they input in the last login, clues should be given to remind them. Consider such clues may be also peeped by an impostor, they should not provide useful information to him under the assumption that he does not know password. • Now I have not found a really practical PCNL. Does a practical PCNL exist? We try to find the answer. Shujun Li, VS at VC Group of Microsoft Research Asia
4d. Solutions: More Fresh Ways? • More Click-by-Click Visual Passwords: Visual Password Based on Clicking Picture Properties, such as differences of a pair of pictures, the relations between two countries in a world map, the geometry properties of elements in a computer painting. • Visual Passwords Based on Specially-Designed Input Devices: a) Device tracking users’ eyes; b) “Strange” mouse that can generate password by ones touching different parts; c) “Strange” glasses that can generate different scenes from different view directions with enough sensitivity. Shujun Li, VS at VC Group of Microsoft Research Asia
Thanks For your watching and advice! Shujun Li, VS at VC Group of Microsoft Research Asia