Professional Documents
Culture Documents
Ristenpart
Password checking systems and typos
Typo-tolerance improves utility
… corrects only the tip of the iceberg
We propose: Personalized typo-tolerance
•
•
Adaptive typo-tolerance
If only we could store passwords in plaintext…
Simulate password typing behavior at
•
•
•
45% of users repeat their typos
Design of TypTop : Registration
Register
E 𝑠𝑘
𝑝𝑘
E( ):
𝑘 ← PBKDF2( )
𝐶 ← AEAD (𝑘,
𝐶
Design of TypTop : Login
E 𝑠𝑘 ℰ(𝑝𝑘, (ℰ, 𝒟):
𝑝𝑘
D( ) ≠⊥
Design of TypTop : Login
E 𝑠𝑘 ℰ(𝑝𝑘,
E 𝑠𝑘
𝑝𝑘
D( ) ≠⊥
𝒟 ( 𝑠𝑘 , )
Design of TypTop : Login with a typo
E 𝑠𝑘
E 𝑠𝑘
𝑝𝑘
Design of TypTop : Some more details
E 𝑠𝑘 β第υ玉ε二回
E 𝑠𝑘 了βτ不ней 題
親父 έρ親न् 父έρ親ο回衙
𝑝𝑘
𝑝𝑘
zxcvbn
Security of TypTop
•
•
•
Smash and grab attacker (Offline attacker)
E 𝑠𝑘 ℰ(𝑝𝑘,
E 𝑠𝑘 ℰ(𝑝𝑘,
#父 βτ不 ℰ(𝑝𝑘,
𝑝𝑘
Cryptographic reduction
父 έ έρ親न् β第υ玉ε二回 E 𝑠𝑘 ℰ(𝑝𝑘,
父親父親ρ
έ 了βτ不ней 題 ≅ E 𝑠𝑘 ℰ(𝑝𝑘,
𝐴𝑠𝑠𝑢𝑚𝑖𝑛𝑔 𝑡ℎ𝑒 𝑢𝑛𝑑𝑒𝑟𝑙𝑦𝑖𝑛𝑔 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 𝑏𝑎𝑠𝑒𝑑 𝑎𝑛𝑑 𝑝𝑢𝑏𝑙𝑖𝑐 𝑘𝑒𝑦 𝑒𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛 𝑠𝑐ℎ𝑒𝑚𝑒𝑠
𝑎𝑟𝑒 𝑠𝑒𝑐𝑢𝑟𝑒 𝑇𝑦𝑝𝑇𝑜𝑝 𝑠 𝑒𝑛𝑐𝑟𝑦𝑝𝑡𝑒𝑑 𝑑𝑎𝑡𝑎 𝑖𝑠 𝑖𝑛𝑑𝑖𝑠𝑡𝑖𝑛𝑔𝑢𝑖𝑠ℎ𝑎𝑏𝑙𝑒 𝑓𝑟𝑜𝑚 𝑟𝑎𝑛𝑑𝑜𝑚 𝑣𝑎𝑙𝑢𝑒𝑠
𝑢𝑛𝑙𝑒𝑠𝑠 𝑡ℎ𝑒 𝑎𝑡𝑡𝑎𝑐𝑘𝑒𝑟 𝑐𝑎𝑛 𝑔𝑢𝑒𝑠𝑠 𝑎 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 𝑜𝑟 𝑎 𝑡𝑦𝑝𝑜 𝑜𝑓 𝑖𝑡 𝑎𝑐𝑡𝑖𝑣𝑒 𝑖𝑛 𝑡ℎ𝑒 𝑐𝑎𝑐ℎ𝑒
Guessing game against the TypTop’s cache
Guessing game w/ artificial cache distribution
Cache inclusion probability and t-sparsity
𝜏ǁ 𝑤 (𝑤)
𝑤
𝑤)
𝑤
t-sparse
𝑤
∀𝑤,
𝜏ǁ 𝑤 (𝑤)
≤𝑡
𝑤
t-sparse
𝜏ǁ pasw92 passe92 + 𝜏ǁ pas192 passe92 ≤ 2
•
•
•
•
•
TypTop pilot deployment study
•
•
•
•
•
•
•
Adaptive typo-tolerance | Secure version
D( E 𝑠𝑘 ) ℰ(𝑝𝑘, (ℰ, 𝒟):
E 𝑠𝑘
𝑝𝑘
𝒟( 𝑠𝑘 , )
Adaptive typo-tolerance | Secure version
D( E 𝑠𝑘 ) (ℰ, 𝒟):
D( E 𝑠𝑘 )
𝑝𝑘
Cache inclusion function and edge weight
𝜏ǁ 𝑤 (𝑤)
𝑤
Design of TypTop | Login with a typo
E 𝑠𝑘
E 𝑠𝑘
𝑝𝑘
D( ) ≠⊥
D( ) ≠⊥
TypTop is as secure as others
•
• Pr [𝑤
∈ TypoCache of 𝑤]
∀𝑤,
Pr 𝑤
∈ 𝑇𝑦𝑝𝑜𝐶𝑎𝑐ℎ𝑒 of 𝑤 ≤ 0.67
𝑤∈ RockYou.100K
𝜏ǁ 𝑤 (𝑤)
𝑤
𝑤
TypoCacheOf(𝑤) 𝑤
𝑡
t-sparsity
t-sparse
𝑤
𝑤
1
∀𝑤,
𝜏𝑤 (𝑤
) ≤ 𝑡 𝑡=2
𝑤
2
𝑤
t-sparse 𝑤
𝑤
𝑡
𝜏ǁ 𝑤
Offline guessing game for artificial distribution
Security of TypTop