dip paper presentation Seminar

[born_for seminars]

Abstract

Current security systems suffer from the fact that they fail to account for human factors. This paper considers two human limitations: First, people are slow and unreliable when comparing meaningless strings; and second, people have difficulties in remembering strong passwords or PINs. We identify two applications where these human factors negatively affect security: Validation of root keys in public-key infrastructures, and user authentication. Our approach to improve the security of these systems is to use hash visualization, a technique which replaces meaningless strings with structured images. We
examine the requirements of such a system and propose the prototypical solution Random Art. We also show how to apply hash visualization to improve the real-world security of root key validation and user authentication.

Keywords: Human factors in security, hash visualization, user authentication through image recognition, root key validation.

1 Introduction

Although research in security has made tremendous progress over the past years, most security systems still suffer from the fact that they neglect human limitations in the real world. In this paper, we analyze two human limitations: difficulties people have with remembering strong passwords and personal identification numbers (PIN), and second, with comparing meaningless strings. These human factors negatively affect many security systems, including the security of root key validation and user authentication. The problem in root key validation is that people need to compare meaningless key fingerprints, which are strings of 32 hexadecimal digits. It is a known fact in psychology that people are slow and unreliable at processing or memorizing meaningless strings. Also, in [2] Anderson et al. show that strings can be memorized better if people can associate meaning with them, or if they look familiar. Similarly, the problem in user authentication is that people have difficulties with choosing and memorizing strong passwords. If the passwords are too simple and have meanings, they are easy to remember but vulnerable to attacks which use password cracker programs. If the passwords are more complex and random, they are difficult to remember and hence users have to write them down. In either case, the security of the systems is degraded.
These problems have long been considered as some of the fundamental weaknesses of security systems in the real world, we propose to use images to alleviate them. In the case of root key validation we use hash visualization to generate images from the strings, and the user can simply compare the images instead of the strings. This scheme is based on the fact that humans are very good at identifying geometrical shapes, patterns, and colors,and they can compare two images efficiently. In the case of user authentication, we replace the precise recall of a password or PIN with a recognition
of a previously seen image. Again, it has been shown that people are extremely efficient at recognizing previously seen images [1, 6].
Researchers have been trying to make cryptographic primitives stronger against attacks. The central point of this paper is to show that human factors have a large impact on the security of a real-world system. Our contribution is to propose the new security primitive hash visualization, to establish the necessary requirements, to propose Random Art as a prototypical solution, and finally, to show how to apply hash visualization to improve the security of root key validation and user authentication. Since Random Art is just a prototype of the final solution, we hope with this paper to direct the interest of researchers in image processing, security, and psychology, and cooperation between them in order to find better solutions.
The paper is organized as follows. First we examine the requirements of the ideal hash visualization scheme in section 2. In section 3 we propose a possible solution to satisfy the requirements of the hash visualization. We then give in section 4 two example applications about how to apply the hash visualization scheme to improve the security of systems. We discuss some problems and limitations of this approach in section 5 and finally conclude and list our future work in section 6.

2 Requirements for Hash Visualization Algorithms

We first briefly review the definition and desired properties of usual hash functions. We then discuss the properties that hash visualization algorithms should satisfy.

2.1 Review of the requirements for traditional hash functions

This review is based on the Handbook of Applied Cryptography [10]

A hash function is a function h which has, as a minimum, the following two properties:

1. Compression: h maps an input x of arbitrary finite length, to an output h(x) of fixed bit length n.
2. Ease of computation: given h and an input x, h(x) is easy to compute.

Three most desired properties:

1. Preimage resistance: for any pre-specified output y, it is computationally infeasible to find the input x such that h(x) = y.
2. 2nd-preimage resistance: given any input x, it is computationally infeasible to find an input x1 such that h (x1) = h (x).
3. Collision resistance: it is computationally infeasible to find any two distinct inputs x, x1 which hash to the same output, h (x) = h (x1).

A one-way hash function is a hash function h with two additional properties: pre-image resistance and 2nd-preimage resistance. A collision resistant hash function is a hash function h with the additional property of collision resistance.

2.2 Requirements for hash visualization algorithms

Definition 1 A hash visualization algorithm(HVA) is a function hI which has, as a minimum, the following two properties:
1. Image-generation: hI maps an input x of arbitrary finite length, to an output image hI(x) of fixed size.
2. Ease of computation: given h and an input x, hI(x) is easy to compute.

In order for HVAs to be useful for secure applications, we illustrate a variety of desired properties for HVAs. A HVA that is used in a particular application will only need to satisfy a subset of the properties. We will give several examples of these applications and their usage of the HVAs in the later section.

Near-one-way property
We define two images I1 and I2 to be near, denoted as I1 ~ I2, if the two images are perceptually indistinguishable.
1. Near preimage resistance: for any pre-specified output image y, it is computationally infeasible to find the input x such that hI (x) ~ y.
2. Near 2nd-preimage resistance: given any input x, it's computationally infeasible to find x1 such that hI (x1) ~ hI (x).
3. Near collision resistance: it is computationally infeasible to find any two distinct inputs x; x1 which hash to the same output, hI (x) ~ hI (x1).
It is difficult to devise an algorithm which can judge automatically whether two images are near since that depends on the person comparing the images. But in general, we can find some similarity-metric function delta: I x I -> R and a threshold beta such that if delta (I1, I2) ->beta, then the two images I1 and I2 are not near. Finding a good function for delta is an active area of research in image retrieval and is not in the scope of this paper.

Regularity property
Humans are good at identifying geometric objects (such as circles, rectangles, triangles, and lines), and shapes in general. We call images, which contain mostly recognizable shapes, regular images. If an image is not regular, i.e. does not contain identifiable objects or patterns, or is too chaotic (such as white noise), it is difficult for humans to compare or recall it.
We suggest two ways for testing the regularity of an image automatically.
1. We can use a compression algorithm to compress the image. If the image is chaotic, such as white noise, the compression factor will be very small since almost every pixel is random. Therefore we can show that an image is regular if the compression factor is
above a certain threshold.