Jeremy ClarkAuthenticating under duress Urs Hengartner
Panic Passwords:
© Universal Pictures International 2007. Used under the fair dealings clause in the Canada Copyright Act.
Outline
1. Definitions2. Threat Model:– Dimensions– Assumptions
3. Categories of Attacks4. Concluding Remarks
Definitions
Password Space
Definitions
Password Space
Regular
Definitions
Password Space
Regular
Panic
Definitions
Password Space
Regular
Panic
Invalid
literature review
Literature Review
No thorough attention from the academic community
Off-the-shelf alarm systems have built in panic passwords
Some patents have panic passwords as a component
They use a basic scheme with limited applicability
a threat model
Participants
Alice: subject entering her password
Bob: entity receiving Alice’s password
Oscar: adversary coercing Alice
Assume Bob is trustworthy and not in collusion with Oscar
Assumptions
1. Kerckhoffs' principle: Oscar knows system
2. Observational principle: Oscar sees password entered
3. Iteration principle: Multiple authentications can be forced
4. Forced-randomization principle: Oscar can control the order of passwords to be entered
Parameter 1: Coercion
Oscar threatens Alice with retribution if he can determine that Alice entered a panic password
Called a screening attack or blackmail
Parameter 1: Coercion
If Oscar cannot tell if Alice enters a panic password, then Alice cannot prove to him, for money, that she is entering a regular password
Called signalling or bribery$
Parameter 2: Persistence
Oscar could be persistent in his attack
Oscar could have a limited timeframe in which to conduct his attack and thus be non-persistent
Persistent
Non-persistent
Parameter 3: Bob’s Action
Bob could take some server-side, unobserved reaction upon receiving a panic password
Bob could respond differently to Alice—a difference that could be observed by Oscar
AB
B Unobservable Reaction
Observable Response
Parameter 4: Oscar’s Goal
Oscar may want to prevent a panic password from being entered at all
Oscar may not care if a panic password is entered, as long as a regular password is entered at some point
some categories of attacks
Unrecoverable reactions
B $
Unrecoverable reactions
Oscar wants to gain entry to a premise secured with an alarm
Alice can deactivate the alarm with a password
If Alice uses a panic password, the authorities are alerted
B $
2P System
Password Space
Regular
Panic
Invalid
Unrecoverable reactions
B $
Non-Persistent Attacks
ABB $
Non-Persistent Attacks
An ATM issues marked bills if a panic PIN is entered
Oscar can tell the difference after analysing the bills—thus he wants to escape with at least some unmarked bills
ABB $
Non-Persistent Attacks
ABB $
2P-Lock System
Password Space
Regular
Panic
Invalid
2P-Lock System
Within a window of time:
No Lock
Lock upon second password
Lock upon second password
No Lock
2P-Lock System
Within a window of time:
No Lock
Lock upon second password
Lock upon second password
No Lock
Different set of bills
Same behaviour
Persistent Attacks
ABB$
Persistent Attacks
An online voting system spoils any ballots that are cast using a panic password
Oscar should not be able to coerce Alice’s vote, nor should Alice be able to verifiably sell her vote to Oscar
ABB$
Persistent Attacks
ABB$
P-Compliment System
Password Space
Regular
Panic
P-Compliment System
Password Space
Regular
Panic
Password Space
Regular
Panic
Invalid
Password Space
Regular
Panic
Invalid
Alice knows: 1 regular and 1 rule for separating panic from invalid
Regular
Panic
Invalid
A System
ABB$
concluding remarks
Future Directions
Expand the parameters for the threat model
Find new rules for unlimited panic passwords
A password exchange protocol that can distinguish regular, panic, and invalid passwords (given they will be hashed/MACed)
Usability studies!
Concluding Remarks
Questions?
Title
Body
ABB $
Top Related