hotsec08 presentation july 29 2008
play

HotSec08 Presentation July 29, 2008 Digital Objects as Passwords - PowerPoint PPT Presentation

Feb 08, 2024 •119 likes •285 views

ObPwd: Digital Objects as Passwords HotSec08 Presentation July 29, 2008 Digital Objects as Passwords Mohammad Mannan and P.C. van Oorschot mmannan@scs.carleton.ca Carleton University, Canada Mohammad Mannan July 29, 2008 1/15 ObPwd:

  1. ObPwd: Digital Objects as Passwords HotSec08 Presentation – July 29, 2008 Digital Objects as Passwords Mohammad Mannan and P.C. van Oorschot mmannan@scs.carleton.ca Carleton University, Canada Mohammad Mannan July 29, 2008 1/15

  2. ObPwd: Digital Objects as Passwords The fun of password generation Mohammad Mannan July 29, 2008 2/15

  3. ObPwd: Digital Objects as Passwords Use random generators? Mohammad Mannan July 29, 2008 3/15

  4. ObPwd: Digital Objects as Passwords What we focus on 1. Usable strong password � password generation � password recall 2. Infrequently-used password � Personal Verification Questions (PVQs) � tax filing password “easy to remember = easy to guess” Mohammad Mannan July 29, 2008 4/15

  5. ObPwd: Digital Objects as Passwords Your object is your password: ObPwd User selected content (image, text, binary) Apply hash function SHA-1 (base64 output) Hashed value XLVe1DSkCHeEWA2qhK6QSnvOJXA PwdHash encoding Hash2Text Password e1DSkCHeRXLV (b) An example of ObPwd (a) Generic steps in ObPwd Mohammad Mannan July 29, 2008 5/15

  6. ObPwd: Digital Objects as Passwords Password objects 1. Object features � personal or personally meaningful � stable (long-lived) content 2. Object sources � private objects: inaccessibility � web objects: vast richness Mohammad Mannan July 29, 2008 6/15

  7. ObPwd: Digital Objects as Passwords Password objects (cont.) 1. Private objects � local disk, mobile media (USB stick) � images, documents, text passages, executables, emails 2. Web/public objects � Internet Archive, Project Gutenberg, Google Books, ACM/IEEE digital archive � images, text passages, files Mohammad Mannan July 29, 2008 7/15

  8. ObPwd: Digital Objects as Passwords ObPwd variants 1. Append a salt with the selected object � pwd = Hash2Text( Hash(object, salt) ) � harder to generate password from compromised objects 2. Append a URL � pwd = Hash2Text( Hash(object, URL) ) � may prevent password phishing (cf. PwdHash) Better protection but ... usability, portability? Mohammad Mannan July 29, 2008 8/15

  9. ObPwd: Digital Objects as Passwords Prototype implementations 1. Firefox add-on (cross platform, web objects) 2. Windows XP application (local objects) 3. Linux/Mac command-line program (local objects) Mohammad Mannan July 29, 2008 9/15

  10. ObPwd: Digital Objects as Passwords Prototype implementations Password generated from the selected image ObPwd extension menu in Firefox ObPwd Win32 application Mohammad Mannan July 29, 2008 10/15

  11. ObPwd: Digital Objects as Passwords Implementation choices 1. PwdHash encoding as Hash2Text � 12 characters, alphanumeric � omit special character option 2. Min. object size = 30 bytes, truncate at: 100 , 000 bytes Mohammad Mannan July 29, 2008 11/15

  12. ObPwd: Digital Objects as Passwords Limitations 1. Shoulder surfing 2. Obvious public objects � Facebook profile photo 3. Password objects visible to network attacker � mostly affects web login (use Tor?) 4. Interference: passwords from different objects 5. Rootkits � Mohammad Mannan July 29, 2008 12/15

  13. ObPwd: Digital Objects as Passwords Related ideas 1. TrueCrypt allows files as an encryption key � resulting key isn’t exposed to users 2. Photos as PVQs (Ariel Rabkin, SOUPS 2008) � upload a selected photo to an authenticating site � answer “who is the person in the photo?” Mohammad Mannan July 29, 2008 13/15

  14. ObPwd: Digital Objects as Passwords Some benefits 1. Reduced memory load: remember only a hint 2. Generating global password dictionary seems difficult � dictionaries for regular and passphrase/mnemonic pass- word exist 3. Written backup: not feasible for graphical passwords � middle ground between text and image based schemes � rich selection space: human seeded attacks are harder 4. Password sharing through hints � better than email password sharing? Mohammad Mannan July 29, 2008 14/15

  15. ObPwd: Digital Objects as Passwords Open issues 1. Is ObPwd a usable technique to generate strong password? � user testing required 2. Can we expose more options to users without confusing them? � password length, special chars, look-alike chars (1, l, 0, O) 3. How to deal with site-specific password requirements? Try from: http://www.ccsl.carleton.ca/ ∼ mmannan/obpwd Mohammad Mannan July 29, 2008 15/15

Recommend

Analyst Presentation CSR Sugar - July 2008 Insert pictures AGENDA Thursday 31 July 2008

Analyst Presentation CSR Sugar - July 2008 Insert pictures AGENDA Thursday 31 July 2008

Analyst Presentation CSR Sugar - July 2008 Insert pictures AGENDA Thursday 31 July 2008 Welcome & Introduction Jerry Maycock, Managing Director, CSR Sugar Overview Ian Glasson, CEO CSR Sugar Cogeneration Shayne Rutherford,

152 views • 14 slides
Windows 2008 R2 SQL 2008 R2 Jan 2016 Jan 2015 July 2014 SQL 2008 July 2019 July

Windows 2008 R2 SQL 2008 R2 Jan 2016 Jan 2015 July 2014 SQL 2008 July 2019 July

Windows 2008 R2 SQL 2008 R2 Jan 2016 Jan 2015 July 2014 SQL 2008 July 2019 July 2014 SQL 2005 7/12/2016 April 2016 2 months 3 months 4 months 5 months 6 months 0 1 month 7 months 8 months Feature BizTalk 2016

321 views • 17 slides
Conference Call H1 2008 Revenue July 17, 2008 Solid performance in H1 2008 - Revenue: 3,765m

Conference Call H1 2008 Revenue July 17, 2008 Solid performance in H1 2008 - Revenue: 3,765m

Conference Call H1 2008 Revenue July 17, 2008 Solid performance in H1 2008 - Revenue: 3,765m Strong performance in Services and Hotels: +210m +5.2% Like-for-like +5.2% Q1 2008: +4.8% L/L Q2 2008: +5.6%L/L Expansion

782 views • 35 slides
4th International Conference on Environmental Science and Technology 2008 July 27-31, 2008

4th International Conference on Environmental Science and Technology 2008 July 27-31, 2008

4th International Conference on Environmental Science and Technology 2008 July 27-31, 2008 Greenspoint Wyndham Hotel Houston, USA (It should be noted that it is not the final version. The schedule is subject to change without notification)

185 views • 15 slides
HERMANUSDOORNS SHAREBLOCK LIMITED AGM July 2008 AGM 2008 1 PDF created with pdfFactory Pro

HERMANUSDOORNS SHAREBLOCK LIMITED AGM July 2008 AGM 2008 1 PDF created with pdfFactory Pro

HERMANUSDOORNS SHAREBLOCK LIMITED AGM July 2008 AGM 2008 1 PDF created with pdfFactory Pro trial version www.pdffactory.com AGENDA l Welcome l Special welcome to all new shareholders l Attendance Register l Notice Convening the Meeting and

630 views • 60 slides
Discussion with 802.1 Regarding 802.3at/802.3az use of LLDP July 2008 Denver Plenary Wael

Discussion with 802.1 Regarding 802.3at/802.3az use of LLDP July 2008 Denver Plenary Wael

Discussion with 802.1 Regarding 802.3at/802.3az use of LLDP July 2008 Denver Plenary Wael William Diab Broadcom IEEE 802.3 Joint Discussion with 802.1 July 2008 Plenary Version 1.0 Page 1 Agenda Code-point Locations 1

180 views • 15 slides
Second Quarter Results to June 30, 2008 Shire Limited July 31, 2008 THE SAFE HARBOR

Second Quarter Results to June 30, 2008 Shire Limited July 31, 2008 THE SAFE HARBOR

Second Quarter Results to June 30, 2008 Shire Limited July 31, 2008 THE SAFE HARBOR STATEMENT UNDER THE PRIVATE SECURITIES LITIGATION REFORM ACT OF 1995 Statements included herein that are not historical facts are forward-looking

785 views • 51 slides
Signal Processing and Data Analysis 2005-2008 21 st July 2008 Members 2008 4 PhD, 3 PosDoc (2 -

Signal Processing and Data Analysis 2005-2008 21 st July 2008 Members 2008 4 PhD, 3 PosDoc (2 -

Signal Processing and Data Analysis 2005-2008 21 st July 2008 Members 2008 4 PhD, 3 PosDoc (2 - Cincia 2007) , 2 PhD Stud 2005 (PhD , FCUP ) , PI Ana Paula Rocha Argentina Leite (PhD stud , FCUP and UTAD ) (PhD stud FCT ,

397 views • 12 slides
IP EuroNF Wrzburg July 21-22 2008 1 Network (R)Evolution Future Internet Interconnecting

IP EuroNF Wrzburg July 21-22 2008 1 Network (R)Evolution Future Internet Interconnecting

The Way 4WARD to a Creation of a Future Internet Henrik Abramowicz Ericsson Research EuroNF Wrzburg July 21-22 2008 Challenging the IP fortress - will this be successful ? IP EuroNF Wrzburg July 21-22 2008 1 Network (R)Evolution

223 views • 9 slides
PRESENTATION EXPERIENCE NSCA 2008 N ATIONAL C ONFERENCE , Las Vegas NV, July, 2008. T OPIC : P

PRESENTATION EXPERIENCE NSCA 2008 N ATIONAL C ONFERENCE , Las Vegas NV, July, 2008. T OPIC : P

PRESENTATION EXPERIENCE NSCA 2008 N ATIONAL C ONFERENCE , Las Vegas NV, July, 2008. T OPIC : P ERSONAL A THLETIC T RAINING S YSTEMS TM M OVEMENT T ESTING AND M OVEMENT S OLUTIONS (2 sessions) C ONTACT : V IRGINIA M EIER P HONE : 800-815-6826

309 views • 5 slides
Joel Tay The Financial Crisis of 2008 A brief analysis 19 th July 2013 The Financial Crisis

Joel Tay The Financial Crisis of 2008 A brief analysis 19 th July 2013 The Financial Crisis

9/11/2013 Agenda for 19 th July 2013 1 Questions 2 A Brief Overview 3 2004-2008 Timeline 4 Key Factors 5 Financial Regulations Post 2008 6 Effective or not? 7 Conclusion Joel Tay The Financial Crisis of 2008 A brief analysis 19

335 views • 4 slides
Economic Regulation & Market Liberalization ACCC 2008 Regulatory Conference July 24-25,

Economic Regulation & Market Liberalization ACCC 2008 Regulatory Conference July 24-25,

Economic Regulation & Market Liberalization ACCC 2008 Regulatory Conference July 24-25, 2008 Gold Coast, Queensland Australia Paul R. Kleindorfer University of Pennsylvania & INSEAD Kleindorfer@wharton.upenn.edu ACCC: PRK-July 08

468 views • 26 slides
UN ECOSOC Coordination Segment 7-9 July 2008 New York Wednesday 9 th July Round table discussion

UN ECOSOC Coordination Segment 7-9 July 2008 New York Wednesday 9 th July Round table discussion

DRAFT H.E. Mr ZDZISLAW RAPACKI UN ECOSOC Coordination Segment 7-9 July 2008 New York Wednesday 9 th July Round table discussion on the theme: Coherence: Strengthening the normative and operational link in the work of the UN on rural

187 views • 4 slides
Second Quarter Results 2008 Zurich July 24, 2008 Cautionary statement Cautionary statement

Second Quarter Results 2008 Zurich July 24, 2008 Cautionary statement Cautionary statement

Second Quarter Results 2008 Zurich July 24, 2008 Cautionary statement Cautionary statement regarding forward-looking and non-GAAP information This presentation contains forward-looking statements within the meaning of the Private Securities

599 views • 36 slides
NTFP Centre of Excellence 13 July 2015 Objectives NCE was established in 2008 (started

NTFP Centre of Excellence 13 July 2015 Objectives NCE was established in 2008 (started

Presentation on NTFP Centre of Excellence 13 July 2015 Objectives NCE was established in 2008 (started functioning on 15 April 2008) under Tripura JICA Project to address the issue of NTFPs and value addition in a comprehensive manner,

547 views • 41 slides
2008 Half Year Results July 2008 Agenda Henry - Highlights David - UK car insurance

2008 Half Year Results July 2008 Agenda Henry - Highlights David - UK car insurance

2008 Half Year Results July 2008 Agenda Henry - Highlights David - UK car insurance results, the UK market & Confused Kevin - International, reinsurance, dividends Henry - Long-term strategy 2 Highlights Profits in the

678 views • 54 slides
Layered Assurance Workshop 13, 14 August 2008, BWI Hilton based on Open Group, 23 July 2008,

Layered Assurance Workshop 13, 14 August 2008, BWI Hilton based on Open Group, 23 July 2008,

Layered Assurance Workshop 13, 14 August 2008, BWI Hilton based on Open Group, 23 July 2008, Chicago MILS Policy Architecture And Layered Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I

418 views • 21 slides
FACTS BEHIND THE FIGURES HIGHLIGHTS OF QUARTER 1, 2008 (APRIL JUNE 2008 ) A PRESENTATION BY

FACTS BEHIND THE FIGURES HIGHLIGHTS OF QUARTER 1, 2008 (APRIL JUNE 2008 ) A PRESENTATION BY

FACTS BEHIND THE FIGURES (2007/2008 FINANCIAL YEAR) AND FACTS BEHIND THE FIGURES HIGHLIGHTS OF QUARTER 1, 2008 (APRIL JUNE 2008 ) A PRESENTATION BY ACCESS BANK PLC S O CC SS C July 2008 Slide 1 The Quest for Excellence Presentation

450 views • 31 slides
GREEN TEAM Summer School Alpbach 2008 July 30, 2008 Table of Contents Table of Contents 1.

GREEN TEAM Summer School Alpbach 2008 July 30, 2008 Table of Contents Table of Contents 1.

Final Presentation GREEN TEAM Summer School Alpbach 2008 July 30, 2008 Table of Contents Table of Contents 1. Science Case Scientific Background Mission Objectives Why Sample Return Scientific Competitivness Mission

988 views • 77 slides
PARLIAMENT AND OF THE COUNCIL of 9 July 2008 on a common framework for the marketing of products

PARLIAMENT AND OF THE COUNCIL of 9 July 2008 on a common framework for the marketing of products

DECISION No 768/2008/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 on a common framework for the marketing of products 1 DECISION No 768/2008/EC This Decision sets out the common framework of general principles and reference

606 views • 44 slides
A Strategic Theory of Network Status Brian Rogers MEDS, Northwestern University July 10, 2008

A Strategic Theory of Network Status Brian Rogers MEDS, Northwestern University July 10, 2008

A Strategic Theory of Network Status Brian Rogers MEDS, Northwestern University July 10, 2008 SIAM 2008 Mini-Symposium 1 Motivation Why study social networks? Many kinds of complex relationships Reputation systems Research

4.61k views • 32 slides
Last Month at the Federal Circuit July 2008 Table of Contents SUPREME COURT CASE: The Doctrine

Last Month at the Federal Circuit July 2008 Table of Contents SUPREME COURT CASE: The Doctrine

Last Month at the Federal Circuit July 2008 Table of Contents SUPREME COURT CASE: The Doctrine of Patent Exhaustion Applies with Equal Force to Method Claims 2 Quanta Computer, Inc. v. LG Electronics, Inc. , No. 06-937 (U.S. June 9, 2008)

602 views • 20 slides
Wi-Fi Program Status April 11, 2012 Contract Overview Commencement: July 9, 2008

Wi-Fi Program Status April 11, 2012 Contract Overview Commencement: July 9, 2008

Wi-Fi Program Status April 11, 2012 Contract Overview Commencement: July 9, 2008 Current End Date: July 9, 2015 MDAD Revenue: 65% of Connection Revenues (highest in the industry) 50% of Sponsorship/Advertising Revenues

622 views • 25 slides
Sean Innis Special Adviser Melbourne, 21 July 2017 The elephant chart Top 7% worldwide in 2008:

Sean Innis Special Adviser Melbourne, 21 July 2017 The elephant chart Top 7% worldwide in 2008:

Income and wealth dynamics in Australia and the world Presented by Sean Innis Special Adviser Melbourne, 21 July 2017 The elephant chart Top 7% worldwide in 2008: includes 50% of Australians Change in real disposable income, 1988 2008

533 views • 14 slides

More recommend