fast lean and accurate modeling password guessability
play

Fast, Lean, and Accurate: Modeling Password Guessability Using - PowerPoint PPT Presentation

Jan 23, 2023 •20 likes •800 views

Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher , Blase Ur, Sean Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor Guessing Methods 2 Guessing Methods John the

  1. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher , Blase Ur, Sean Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor

  2. Guessing Methods 2

  3. Guessing Methods ● John the Ripper ● Hashcat 3

  4. Guessing Methods ● John the Ripper Dictionary word + Rules ● Hashcat 4

  5. Guessing Methods ● John the Ripper Dictionary word + Rules + append 2 digits password ● Hashcat 5

  6. Guessing Methods ● John the Ripper Dictionary word + Rules + append 2 digits password ● Hashcat password11 password12 ... 6

  7. Guessing Methods ● John the Ripper ● Hashcat ● Markov Models 7

  8. Guessing Methods ● John the Ripper p a s s ● Hashcat e t ● Markov Models ... 8

  9. Guessing Methods ● John the Ripper ● Hashcat ● Markov Models ● PCFGs 9

  10. Guessing Methods ● John the Ripper ● Hashcat L8D2 L6S2 ... ● Markov Models monkey!! password12 qwerty.. password11 ● PCFGs ... ... 10

  11. Guessing Methods ● John the Ripper ● Hashcat ● Markov Models ● PCFGs 11

  13. Can we guess more accurately? Quicker? With fewer resources? 13

  14. Our Approach: Neural Networks Hello = Здравствуйте Handwriting Recognition → Handwriting recognition 14

  15. Outline: Guessing with Neural Networks ● How to guess passwords with neural networks ● Password guesser design ● Comparison to other guessing methods ● Real-time, in-browser feedback with neural networks 15

  16. Generating Passwords 16

  17. Generating Passwords o or maybe 0 or O or ... passw 17

  18. Generating Passwords Next char is: A: 3% B: 1% C: 0.6% passw … O: 55% … Z: 0.01% 0: 20% 1: ... 18

  19. Generating Passwords “” Prob: 100% 19

  20. Generating Passwords Next char is: A: 3% B: 2% C: 5% “” … Prob: 100% O: 2% … Z: 0.2% 0: 1% 1: … END: 2% 20

  21. Generating Passwords Next char is: A: 3% B: 2% C: 5% “” … Prob: 100% O: 2% … Z: 0.2% 0: 1% 1: … END: 2% 21

  22. Generating Passwords Next char is: A: 3% B: 2% C: 5% “” … Prob: 100% O: 2% … Z: 0.2% 0: 1% 1: … END: 2% 22

  23. Generating Passwords “C” Prob: 5% 23

  24. Generating Passwords Next char is: A: 10% B: 1% C: 4% “C” … O: 8% Prob: 5% … Z: 0.02% 0: 3% 1: … END: 6% 24

  25. Generating Passwords Next char is: A: 10% B: 1% C: 4% “C” … O: 8% Prob: 5% … Z: 0.02% 0: 3% 1: … END: 6% 25

  26. Generating Passwords Next char is: A: 3% B: 10% C: 7% “CA” … O: 1% Prob: 0.5% … Z: 0.03% 0: 2% 1: … END: 12% 26

  27. Generating Passwords Next char is: A: 3% B: 10% C: 7% “CAB” … O: 1% Prob: 0.05% … Z: 0.03% 0: 2% 1: … END: 3% 27

  28. Generating Passwords Next char is: A: 4% B: 3% C: 1% “CAB” … O: 2% Prob: 0.05% … Z: 0.01% 0: 4% 1: … END: 12% 28

  29. Generating Passwords Next char is: A: 4% B: 3% C: 1% “CAB” … O: 2% Prob: 0.05% … Z: 0.01% 0: 4% 1: … END: 12% 29

  30. Generating Passwords “CAB” Prob: 0.006% 30

  31. Generating Passwords CAB - 0.006% CAC - 0.0042% ADD1 - 0.002% CODE - 0.0013% ... 31

  32. Generating Passwords Must be longer than CAB - 0.006% 3 characters CAC - 0.0042% ADD1 - 0.002% CODE - 0.0013% ... 32

  33. Password Policies: 1class8 1 character class and 8 characters minimum password123 12345678 monkey99 33

  34. Password Policies: 4class8 4 character classes and 8 characters minimum Pa$$w0rd !Qaz2wsx Jvj24601! 34

  35. Password Policies: 1class16 1 character class and 16 characters minimum 123456789123456789 qwertyuiop123456 Monika1234567890 35

  36. Password Policies: 3class12 3 character class and 12 characters minimum llamalove123 Mypassword#3 N@rut0_r0ck5 36

  37. Outline: Guessing with Neural Networks ● How to guess passwords with neural networks ● Password guesser design ● Comparison to other guessing methods ● Real-time, in-browser feedback with neural networks 37

  38. Design Space 38

  39. Design Space ● Model size 3MB - Browser 60MB - Limited by GPU 39

  40. Design Space ● Model size 1class8 network ● Transference learning Transfer knowledge 3class12 network 40

  41. Design Space ● Model size Natural language? ● Transference learning ● Training data Varying training sets? 41

  42. Design Space ● Model size ● Transference learning ● Training data ● Model architecture ● Alphabet size ● Password context 42

  43. Testing Methodology ● Approach: measure # guessed passwords ● Training data: leaked password sets ● Testing data ○ MTurk study passwords: 1class8, 4class8, 1class16, 3class12 ○ Real passwords: 000webhost password leak ● Use Monte-Carlo to estimate guess numbers (Dell’Amico and Filippone CCS ‘15) 43

  44. Tuning Training 44

  45. 45

  46. 46

  47. 47

  48. More accurate guessing 48

  49. More accurate guessing 49

  50. Transference Learning → More Accurate 15% → 22% 50

  51. Natural Language Doesn’t Help 51

  52. Model Size: Larger Is More Accurate 52

  53. Model Size: Larger Is More Accurate 53

  54. Model Size: Larger Is More Accurate 54

  55. Sometimes Model Size: Larger Is More Accurate 55

  56. Comparison to Other Approaches 56

  57. 1class8: Comparison 57

  58. 1class8: Neural Networks Guess Better 58

  59. 1class8: Neural Networks Guess Better 59

  60. 4class8: Neural Networks Guess Better 60

  61. 3class12: Neural Networks Guess Better 61

  62. 3class12: Neural Networks Guess Better 30% → 45% 62

  63. Password feedback: 63

  64. Current password feedback: Quick or accurate 64

  65. Accurate Guessing Methods 100s MB to GBs! 65

  66. Accurate Guessing Methods 100s MB to GBs! 66

  67. Accurate Guessing Methods 100s MB to GBs! Neural networks: 60MB, 3MB 67

  68. Accurate Guessing Methods ? Neural networks: 60MB, 3MB 68

  69. Accurate Guessing Methods Hours to days! 69

  70. Can neural networks give real-time feedback? 70

  71. Ideal Meter Targets ● Small: < 1MB ● Fast: < 0.1 sec ● JavaScript ● Accurate 71

  72. Making Meters Small ● Start with small version of neural network ● Quantize parameters of model ● Compress with existing lossless compression methods 850KB < 1MB 72

  73. Making Meters Fast ● Pre-compute inexact mapping from prob → guess number ● Cache intermediate results ● Run on separate thread 17 ms < 0.1 sec 73

  74. Meter Accuracy 74

  75. Meter Accuracy 75

  76. Meter Accuracy 76

  77. Meter Accuracy 77

  78. Modeling Passwords Using Neural Networks ● Neural networks guess passwords accurately ● Can be made small and fast for client-side feedback github.com/cupslab William Melicher , Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor 78

Recommend

Accuracies and Biases in Modeling Password Guessability Blase Ur, Sean M. Segreti, Lujo Bauer,

Accuracies and Biases in Modeling Password Guessability Blase Ur, Sean M. Segreti, Lujo Bauer,

Measuring Real-World Accuracies and Biases in Modeling Password Guessability Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay

1.35k views • 114 slides
6/4/2020 State of Michigan Lean Process Improvement (LPI) Fast, Accurate, and Secure Using Lean

6/4/2020 State of Michigan Lean Process Improvement (LPI) Fast, Accurate, and Secure Using Lean

6/4/2020 State of Michigan Lean Process Improvement (LPI) Fast, Accurate, and Secure Using Lean Principles to Improve your Election Process Anne Cram and Matt Casby , Office of Continuous Improvement MAMC Annual Convention 6/11/20 1 WELCOME!

352 views • 11 slides
FAST: A Functionally Accurate Simulation Toolset for the Cyclops-64 Cellular Architecture Juan

FAST: A Functionally Accurate Simulation Toolset for the Cyclops-64 Cellular Architecture Juan

First Workshop on Modeling, Benchmarking and Simulation (MoBS) at the 32 nd International Symposium on Computer Architecture FAST: A Functionally Accurate Simulation Toolset for the Cyclops-64 Cellular Architecture Juan del Cuvillo, Weirong Zhu,

436 views • 33 slides
JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile Simulation Berkin Ilbeyi and Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University

541 views • 24 slides
Drive-Thru: Drive-Thru: Fast, Accurate Evaluation of Fast, Accurate Evaluation of Storage Power

Drive-Thru: Drive-Thru: Fast, Accurate Evaluation of Fast, Accurate Evaluation of Storage Power

Drive-Thru: Drive-Thru: Fast, Accurate Evaluation of Fast, Accurate Evaluation of Storage Power Management Storage Power Management Daniel Peek Jason Flinn University of Michigan 1 Power Management Needed Power Management Needed

587 views • 34 slides
Bio Detectors Accurate and precise Stable system Fast and visible response Versatile

Bio Detectors Accurate and precise Stable system Fast and visible response Versatile

Introduction Bio Detectors Accurate and precise Stable system Fast and visible response Versatile Our Idea Our Idea Fast Visible Output Accurate Detection

692 views • 39 slides
UK Lean Summit 2016 UK Lean Summit 2016 Learning Lean, Lean Learning Learning Lean, Lean

UK Lean Summit 2016 UK Lean Summit 2016 Learning Lean, Lean Learning Learning Lean, Lean

UK Lean Summit 2016 UK Lean Summit 2016 Learning Lean, Lean Learning Learning Lean, Lean Learning Wel elcom e e t o t t he e Pre re-Sum m it t Mas ast erclas ass Sessi ssions www.leanuk.org Monday 14 th November UK Lean Summit 2016

1.13k views • 65 slides
Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Hierarchical ERG models Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances David Hunter Michael Schweinberger Duy Vu Ruth Hummel Department of Statistics, Penn State University MURI meeting, Nov

521 views • 34 slides
Delegation Sketch : a Parallel Design with Support for Fast and Accurate Concurrent Operations

Delegation Sketch : a Parallel Design with Support for Fast and Accurate Concurrent Operations

EuroSys 2020 Delegation Sketch : a Parallel Design with Support for Fast and Accurate Concurrent Operations Charalampos Stylianopoulos, Ivan Walulya, Magnus Almgren, Olaf Landsiedel and Marina Papatriantafilou Chalmers University of Technology,

315 views • 14 slides
DeepLumen Fast and Accurate Segmentation of Coronary Arteries for Improved Cardiovascular Care

DeepLumen Fast and Accurate Segmentation of Coronary Arteries for Improved Cardiovascular Care

DeepLumen Fast and Accurate Segmentation of Coronary Arteries for Improved Cardiovascular Care Kersten Petersen, Michiel Schaap, David Lesage, Matthew Lee, and Leo Grady GTC 2017 How do we find the right treatment for patients with symptoms of

710 views • 55 slides
User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart

User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart

Build Smart Applications Fast User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart Applications Fast Two ways to reset a (forgotten or expired) password: Forgot Details Receive an email from

593 views • 10 slides
ACCURATE MODELING &amp; GENERATION OF STORAGE I/O FOR DC WORKLOADS Christina Delimitrou 1 , Sriram

ACCURATE MODELING &amp; GENERATION OF STORAGE I/O FOR DC WORKLOADS Christina Delimitrou 1 , Sriram

ACCURATE MODELING &amp; GENERATION OF STORAGE I/O FOR DC WORKLOADS Christina Delimitrou 1 , Sriram Sankar 2 , Kushagra Vaid 2 , Christos Kozyrakis 1 1 Stanford University, 2 Microsoft EXERT March 06 th 2011 Datacenter Workload Studies

263 views • 25 slides
Non-penetration modeling error in physical simulation time-steppers A more accurate and robust

Non-penetration modeling error in physical simulation time-steppers A more accurate and robust

Outline Introduction Error in non-penetration modeling New method to determine active set Conclusion Non-penetration modeling error in physical simulation time-steppers A more accurate and robust method Binh Nguyen, Jeff Trinkle Computer

274 views • 24 slides
Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed

Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed

Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed Reda 1,2 Gerald Q. Maguire Jr. 1 Dejan Kostic 1 Marco Canini 3 1 KTH Royal Institute of Technology 2 Universit Catholique de Louvain 3 KAUST

959 views • 33 slides
Lean Processing For Practice Transformation Ellen Batchelor Objectives How &amp; Why Lean,

Lean Processing For Practice Transformation Ellen Batchelor Objectives How &amp; Why Lean,

5/13/13 Lean Processing For Practice Transformation Ellen Batchelor Objectives How &amp; Why Lean, a.k.a., the Toyota Production System Introduce concepts Whet your appetite Next steps 1 5/13/13 What is Lean? Lean

866 views • 24 slides
Fast and Accurate Inference for the Smoothing Parameter in Semiparametric Models Alex Trindade

Fast and Accurate Inference for the Smoothing Parameter in Semiparametric Models Alex Trindade

Fast and Accurate Inference for the Smoothing Parameter in Semiparametric Models Alex Trindade Dept. of Mathematics &amp; Statistics, Texas Tech University Joint work with Rob Paige , Missouri University of Science and Technology Funded in part by

409 views • 19 slides
Accurate and Fast Evaluation of Elementary Symmetric Functions Stef Graillat LIP6/PEQUAN -

Accurate and Fast Evaluation of Elementary Symmetric Functions Stef Graillat LIP6/PEQUAN -

Accurate and Fast Evaluation of Elementary Symmetric Functions Stef Graillat LIP6/PEQUAN - Universit Pierre et Marie Curie (Paris 6) - CNRS Joint work with Hao Jiang and Roberto Barrio 21st IEEE International Symposium on Computer Arithmetic

294 views • 28 slides
Fast and Accurate Memristor- Based Algorithms for Social Network Analysis Sucheta Soundarajan

Fast and Accurate Memristor- Based Algorithms for Social Network Analysis Sucheta Soundarajan

Fast and Accurate Memristor- Based Algorithms for Social Network Analysis Sucheta Soundarajan Yanzhi Wang Overview of Memristors Invented by HP Labs in 2008 Resistance changes if voltage greater than V thresh is applied

452 views • 11 slides
Burning on the GPU: Fast and Accurate Chemical Kinetics GPU Technology Conference April 7, 2016

Burning on the GPU: Fast and Accurate Chemical Kinetics GPU Technology Conference April 7, 2016

Funded by: U.S. Department of Energy Vehicle Technologies Program Program Manager: Gurpreet Singh &amp; Leo Breton Burning on the GPU: Fast and Accurate Chemical Kinetics GPU Technology Conference April 7, 2016 Russell Whitesides Session

813 views • 29 slides
TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan

TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan

TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan Beckmann, Anurag Mukkara, Po-An Tsai MIT CSAIL MICRO-48 Tutorial December 5, 2015 Welcome! Agenda 4 8:30 9:10 Intro and Overview 9:10

1.53k views • 124 slides
Coast Lean Log Handling Project 11/10/2017 TOPFN Division 1 WHAT IS LEAN? LEAN is a

Coast Lean Log Handling Project 11/10/2017 TOPFN Division 1 WHAT IS LEAN? LEAN is a

Coast Lean Log Handling Project 11/10/2017 TOPFN Division 1 WHAT IS LEAN? LEAN is a philosophy that focuses on fostering and enabling a continual improvement culture by encouraging efficiency 11/10/2017 through the elimination of

853 views • 37 slides
How to Run a Lean Coffee Session Lean Coffee(tm) is a trademark of Modus Cooperandi WHAT IS LEAN

How to Run a Lean Coffee Session Lean Coffee(tm) is a trademark of Modus Cooperandi WHAT IS LEAN

How to Run a Lean Coffee Session Lean Coffee(tm) is a trademark of Modus Cooperandi WHAT IS LEAN COFFEE(tm)? Lean Coffee is a structured, but agenda-less meeting. Participants gather, build an agenda, and begin talking. Conversations are

472 views • 5 slides
YELLOW BELT TRAINING (LEAN DAILY) SIMPLER. FASTER. BETTER. LESS COSTLY. lean.ohio.gov

YELLOW BELT TRAINING (LEAN DAILY) SIMPLER. FASTER. BETTER. LESS COSTLY. lean.ohio.gov

YELLOW BELT TRAINING (LEAN DAILY) SIMPLER. FASTER. BETTER. LESS COSTLY. lean.ohio.gov Objectives Start thinking Lean Introduce Lean concepts that can be used for daily improvements Basic knowledge on Lean tools for

1.01k views • 48 slides
Fast and Accurate Metadata Authoring Using Ontology-Based Recommendations S100 Martnez-Romero,

Fast and Accurate Metadata Authoring Using Ontology-Based Recommendations S100 Martnez-Romero,

Fast and Accurate Metadata Authoring Using Ontology-Based Recommendations S100 Martnez-Romero, M. , OConnor, M. J., Shankar, R., Panahiazar, M., Willrett, D., Egyedi, A. L., Gevaert, O., Graybeal, J., Musen, M. A. Stanford University What

374 views • 25 slides

More recommend