F ig hting Co e rc io n Atta c ks using Skin Co nduc ta nc e Mo - PowerPoint PPT Presentation

 F ig hting Co e rc io n Atta c ks using Skin Co nduc ta nc e  Mo b ile Co nte xtua l Se c urity

 F ighting Co e r c io n Attac ks in Ke y Ge ne r atio n using Skin Co nduc tanc e › Pa ya s Gupta a nd De b in Ga o , Sing a po re Ma na g e me nt Unive rsity, › 19 th USE NI X Se c urity Sympo sium, 2010

Unforgettability Password Unforgeability Coercion High entropy Attack 1 0 1 1 0 0 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 1 Biometrics USB 4

 Ba nk Va ult  T o p Se c re t L a b  Airpla ne Co c kpit

6

Problem with the Existing Approach : Coercion Attack Co rre c t Crypto g ra phic ke y Authe ntic a te d Voic e 7

 Co e rc io n-re sista nt se c urity sc he me › Use r do e s no t ha ve a c ho ic e › Use r do e s no t ha ve the c a pa b ility  Assumptio n: Atta c ke r kno ws ho w the syste m wo rks  I mplic a tio ns: Atta c ke r will no t c o e rc e the use r  Pa nic Pa sswo rds [ Cla rk ‘08 ] › Ca n b e use d fo r a uthe ntic a ting unde r dure ss 8

Skin Co nduc ta nc e Skin Co nduc ta nc e De vic e T ime Cor r e c t Crypto g ra phic ke y Vo ic e & Authe ntic a te d Skin Co nduc ta nc e Along with Voice , use Skin Conductance as Emotional Response Parameter 9

Skin Co nduc ta nc e Skin Co nduc ta nc e De vic e T ime Inc or r e c t Crypto g ra phic ke y No t Voic e & Authe ntic a te d Skin Conduc tanc e Along with Voice , use Skin Conductance as Emotional Response Parameter 10

 Ho w to sho w up re sults a nd to pe rfo rm use r study? 11

 Unde rg ra dua te a nd g ra dua te stude nts in the a g e fro m 18 to 28.  43 pa rtic ipa nts › 4 pa rtic ipa nts re mo ve d the me a suring de vic e fro m the ir fing e rs whe n the y we re ne rvo us during the e xpe rime nt.  T he re fo re , suc c e ssful pa rtic ipa nts – 39 › 22 ma le a nd 17 fe ma le 12

He a rt ra te ta g s 13

 Ob je c tive › Mo nito r Skin Co nduc ta nc e No rma l Stre sse d 14

F a lse fe e db a c k o f He a rt Ra te 15

16

17

Do not touch the ‘X’ key of the keyboard 18

Yeah it was my mistake, I pressed the X key of your keyboard. I am ready to help you!!! I am sorry, but I did It was your fault not press X key. Who will pay for the device? How will I recover my data? Your experiment sucks, your laptop sucks, moreover you suck 19

Examiner leaves the room, leaving the subject alone 20

Subject sits in-front of a PC and is asked to type a few sentences. 21

The core of the experiment begins when the PC shuts off as the subject is typing a letter 22

As a result, subject succumbs to stress. 23

Examiner enters the room 24

And, falsely accused the subject for inappropriate handling of PC and corresponding data loss 25