HotSec 2008 Presentation

Jeremy ClarkAuthenticating under duress Urs Hengartner

Panic Passwords:

© Universal Pictures International 2007. Used under the fair dealings clause in the Canada Copyright Act.

Outline

1. Definitions2. Threat Model:– Dimensions– Assumptions

3. Categories of Attacks4. Concluding Remarks

Definitions

Password Space

Definitions

Password Space

Regular

Definitions

Password Space

Regular

Panic

Definitions

Password Space

Regular

Panic

Invalid

literature review

Literature Review

No thorough attention from the academic community

Off-the-shelf alarm systems have built in panic passwords

Some patents have panic passwords as a component

They use a basic scheme with limited applicability

a threat model

Participants

Alice: subject entering her password

Bob: entity receiving Alice’s password

Oscar: adversary coercing Alice

Assume Bob is trustworthy and not in collusion with Oscar

Assumptions

1. Kerckhoffs' principle: Oscar knows system

2. Observational principle: Oscar sees password entered

3. Iteration principle: Multiple authentications can be forced

4. Forced-randomization principle: Oscar can control the order of passwords to be entered

Parameter 1: Coercion

Oscar threatens Alice with retribution if he can determine that Alice entered a panic password

Called a screening attack or blackmail

Parameter 1: Coercion

If Oscar cannot tell if Alice enters a panic password, then Alice cannot prove to him, for money, that she is entering a regular password

Called signalling or bribery$

Parameter 2: Persistence

Oscar could be persistent in his attack

Oscar could have a limited timeframe in which to conduct his attack and thus be non-persistent

Persistent

Non-persistent

Parameter 3: Bob’s Action

Bob could take some server-side, unobserved reaction upon receiving a panic password

Bob could respond differently to Alice—a difference that could be observed by Oscar

AB

B Unobservable Reaction

Observable Response

Parameter 4: Oscar’s Goal

Oscar may want to prevent a panic password from being entered at all

Oscar may not care if a panic password is entered, as long as a regular password is entered at some point

some categories of attacks

Unrecoverable reactions

B $

Unrecoverable reactions

Oscar wants to gain entry to a premise secured with an alarm

Alice can deactivate the alarm with a password

If Alice uses a panic password, the authorities are alerted

B $

2P System

Password Space

Regular

Panic

Invalid

Unrecoverable reactions

B $

Non-Persistent Attacks

ABB $

Non-Persistent Attacks

An ATM issues marked bills if a panic PIN is entered

Oscar can tell the difference after analysing the bills—thus he wants to escape with at least some unmarked bills

ABB $

Non-Persistent Attacks

ABB $

2P-Lock System

Password Space

Regular

Panic

Invalid

2P-Lock System

Within a window of time:

No Lock

Lock upon second password

Lock upon second password

No Lock

2P-Lock System

Within a window of time:

No Lock

Lock upon second password

Lock upon second password

No Lock

Different set of bills

Same behaviour

Persistent Attacks

ABB$

Persistent Attacks

An online voting system spoils any ballots that are cast using a panic password

Oscar should not be able to coerce Alice’s vote, nor should Alice be able to verifiably sell her vote to Oscar

ABB$

Persistent Attacks

ABB$

P-Compliment System

Password Space

Regular

Panic

P-Compliment System

Password Space

Regular

Panic

Password Space

Regular

Panic

Invalid

Password Space

Regular

Panic

Invalid

Alice knows: 1 regular and 1 rule for separating panic from invalid

Regular

Panic

Invalid

A System

ABB$

concluding remarks

Future Directions

Expand the parameters for the threat model

Find new rules for unlimited panic passwords

A password exchange protocol that can distinguish regular, panic, and invalid passwords (given they will be hashed/MACed)

Usability studies!

Concluding Remarks

Questions?

Title

Body

ABB $