Trustworthy computing in my mind a case study on visual password
Download
1 / 14

Trustworthy Computing in My Mind: A Case Study on Visual Password - PowerPoint PPT Presentation


  • 272 Views
  • Uploaded on

Trustworthy Computing in My Mind: A Case Study on Visual Password. Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing Xi’an Jiaotong University April, 2002. Table of Contents. What is Trustworthy Computing? Does Perfect Trustworthiness Exist?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Trustworthy Computing in My Mind: A Case Study on Visual Password' - Jeffrey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Trustworthy computing in my mind a case study on visual password l.jpg

Trustworthy Computing in My Mind: A Case Study on Visual Password

Shujun LiVisiting Student at VC Group, Microsoft Research Asia Institute of Image ProcessingXi’an Jiaotong UniversityApril, 2002


Table of contents l.jpg
Table of Contents

  • What is Trustworthy Computing?

  • Does Perfect Trustworthiness Exist?

  • How to Increase Trustworthiness?

  • A Case Study: Visual Password

    • What/Why/How about Visual Password

    • Some Proposed Schemes

    • A Comparison Between Visual Password and Textual Password from Trustworthy Viewpoint

    • Problems, Principles and Solutions

Shujun Li, VS at VC Group of Microsoft Research Asia


1 what is trustworthy computing l.jpg
1. What is Trustworthy Computing?

  • “Trustworthy computing is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and softwares as they are today using a device that is powered by electricity.”——Microsoft White Paper: Trustworthy Computing

  • “Trustworthy computing is a multi-dimensional set of issues”: good availability for almost needs requested by the users, acceptable reliability of provided services, high security of users’ data and system configurations, recoverability of damaged systems and lost data, full control of users’ data only by themselves with suitable manners, great reputation of the services providers, etc.

Shujun Li, VS at VC Group of Microsoft Research Asia


2 does perfect trustworthiness exist l.jpg
2. Does Perfect Trustworthiness Exist?

  • Nothing is perfect. We can only provide ENOUGH trustworthiness in practice.

  • It is very hard to give a “right” definition of trustworthiness. Trustworthinessis a complicated concept in both technical and social world.

  • “An architecture built on diversity is robust, but it also operates on the edge of chaos.” As a natural result, it is very difficult to exactly analyze the trustworthiness of

  • Trade-offs exist between the different requirements of “perfect trustworthiness”. For example, higher security always corresponds to less usability, higher trustworthiness needs more costs in many cases.

Shujun Li, VS at VC Group of Microsoft Research Asia


3 how to increase trustworthiness l.jpg
3. How to Increase Trustworthiness?

  • Avoid using insecure codes

  • Trustworthiness first, not new features

  • Adopt suitable algorithms to protect the security and integrity of users’ data and systems

  • Keep in mind that “a computing system is only as trustworthy as its weakest link”

  • Users-centered design, coding and support

  • Keep things simple to enhance usability and long-term and large-scale reliability

  • More redundancy trend to less risks

Shujun Li, VS at VC Group of Microsoft Research Asia


4a a case study visual password l.jpg
4a. A Case Study: Visual Password

  • What is Visual Password?

  • The user interface by which one can generate password with graphical/visual operations, such as movement and clicking of mouse on a picture.

  • Why Use Visual Password?

  • It may provide higher trustworthiness than traditional textual password.

  • How to Make Visual Password?

  • Some schemes have been proposed, we will briefly introduce and analyze those ideas. Some principles and more potential solutions will also be discussed.

Shujun Li, VS at VC Group of Microsoft Research Asia


4b some proposed schemes l.jpg
4b. Some Proposed Schemes

  • Drawing-Based Visual Password: I. Jermyn’s Graphical Password for PDA

  • Visual Password Based on Selected Secret Pictures from a Picture Database: PassFaceTM and Déjà Vu System

  • Click-by-Click Visual Password: Blonder’s Patent, PassPicTM, Passlogix v-GOTM Graphical Password Window, Darko Kirovski’s System (Microsoft)

  • More details about proposed schemes are needed for further investigations.

Shujun Li, VS at VC Group of Microsoft Research Asia


4c a comparison between visual password and textual password l.jpg
4c. A Comparison Between Visual Password and Textual Password

Shujun Li, VS at VC Group of Microsoft Research Asia


4d problems how to resist shoulder surfing attack l.jpg
4d. Problems: How to Resist Shoulder-Surfing Attack? Password

  • How does shoulder-surfing attack work?

  • Once one impostor peeps legal users’ login actions, he can repeat those actions to cheat the login system, without guessing the right password behind such login actions.

  • How to resist shoulder-surfing attack?

  • The login operations of different logins must not be same. We call such a feature time-variant login-actions.

  • How to obtain time-variant property?

  • Pseudo-randomization mechanism may be helpful.

Shujun Li, VS at VC Group of Microsoft Research Asia


4d principles visual password l.jpg
4d. Principles: Visual Password Password

  • Larger strong key space than textual password

  • Similar or better usability than textual password: a) easy user interface; b) good memorizability.

  • Resistance to shoulder-surfing attack: Is such a capability possible? (Clue: a shoulder-surfing attacker can see what you can see and understand what you can understand; people hate hard deduction required by time-variant login-actions.)

  • Acceptable solution of the trade-off between usability and security.

Shujun Li, VS at VC Group of Microsoft Research Asia


4d solutions a theoretical model of visual password login system resisting shoulder surfing attack l.jpg
4d. Solutions: A Theoretical Model of Visual Password Login System Resisting Shoulder-Surfing Attack

Here, PCNL should satisfy the following requirements: deducing the actions in the next login is easy enough for legal users who know the password, but is hard enough for illegal users who have monitored your previous logins.

Shujun Li, VS at VC Group of Microsoft Research Asia


4d problems is a practical pcnl possible l.jpg
4d. Problems: Is a Practical PCNL Possible? System Resisting Shoulder-Surfing Attack

  • In fact, a PCNL is a trapdoor function from cryptographic viewpoint.

  • Human beings are not machines and hate complicated deduction, a PCNL MUST be easy enough for any users, including young children.

  • Legal users may forget what they input in the last login, clues should be given to remind them. Consider such clues may be also peeped by an impostor, they should not provide useful information to him under the assumption that he does not know password.

  • Now I have not found a really practical PCNL. Does a practical PCNL exist? We try to find the answer.

Shujun Li, VS at VC Group of Microsoft Research Asia


4d solutions more fresh ways l.jpg
4d. Solutions: More Fresh Ways? System Resisting Shoulder-Surfing Attack

  • More Click-by-Click Visual Passwords: Visual Password Based on Clicking Picture Properties, such as differences of a pair of pictures, the relations between two countries in a world map, the geometry properties of elements in a computer painting.

  • Visual Passwords Based on Specially-Designed Input Devices: a) Device tracking users’ eyes; b) “Strange” mouse that can generate password by ones touching different parts; c) “Strange” glasses that can generate different scenes from different view directions with enough sensitivity.

Shujun Li, VS at VC Group of Microsoft Research Asia


Slide14 l.jpg

Thanks System Resisting Shoulder-Surfing Attack

For your watching and advice!

Shujun Li, VS at VC Group of Microsoft Research Asia


ad