IMAGE-BASED AUTHENTICATION

IMAGE-BASED AUTHENTICATION

University of Florida

Richard E. Newman, Piyush Harsh, and Prashant Jayaraman

Human Authentication

• What you are (biometric)• What you have (token)• What you know (password)

Problems with Passwords

• Meaningful• Word of mouth transfer• Sticking it near workstation

• Image-based authentication (IBA) can solve these

Definitions

• Image Space (IS) –the set of all images used by the IBA system.

• Individual Image Set (IISa) – the set of images that a user Alice (a) chooses to authenticate herself.

• Key Image – any image in a user's IIS.• Presentation Set (PS) – the set of images

presented to Alice (from which the key images must be selected) for a given authentication attempt.

• PS_i – the ith subset of PS presented to Alice during a run – PS = U PS_i

Architecture

• Authentication User Agent (AUA)• Authentication Server (AS)

The communication between them is encrypted using authenticated Diffie-Hellman

The AS is assumed to be a part of the Trusted Computing Base

Basic Protocol - Initialize

• Alice selects ‘n’ images (n is set by the administrator, Bob)

• Bob stores the image set at the AS

Image Set Selection

• Bob picks one image from IISa and some other images from IS-IISa for each PS_i

• Alice picks the IISa image from each PS_i

Presentation Subsets

Basic Protocol - Authenticate

• A→B: Username=Alice • B→A: Presentation set for Round 1, PS1. • A→B: Identified image. • B→A: Presentation set for Round 2, PS2. • A→B: Identified image. • …... • B→A: Presentation set for Round R, PSR. • A→B: Identified image.

If all R steps are successful, Bob authenticates Alice

Authentication

Attacks

• Image-based authentication is not foolproof

• The are four points of vulnerability– information stored on the AS– information sent between the AS

and the AUA– the output at the AUA– the input at the AUA.

Keystroke Logging: AUA Input

• Eve can observe or log Alice’s keystrokes and later authenticate herself as Alice.

Counter • Display the images in random order

- keystrokes are are only meaningful for this PS in this display order

Shoulder Surfing: AUA Output Logging• Eve can observe Alice’s screen (during

the authentication process)and later authenticate herself as Alice.

Counter • Display the image when the mouse is over it. Otherwise, gray out

the image• If input is hidden, then which image is selected is not known – only

get PS_i’s• More on PS-based attacks later

TEMPEST Attack: AUA Output

• Electromagnetic emanations from the output are used to recreate the screen a distance away.

Counter • Use contrasting colors that a person can

easily distinguish, but which look the same to the eavesdropper.

• Blur the images.• Add random noise to the images.

Brute Force Attack

• Select every possible combination.• Note that dictionary attack is

impossible.

Counters • Keep IIS and IS large• Attack cannot be done offline

Frequency Correlation Attack: Presentation Sets

Logic Attack

• The IS is large, and PS_i’s are chosen randomly (with one image from IIS). Any image that repeats across attempts, is very likely to be a part of IIS

Intersection Attack

• If the PS is the same (but not PS_i’s) in every attempt, using logic, within a small number of authentication attempts the attacker can narrow down the IIS to one or a few subsets from the PS.

Countering Frequency Correlation Attacks

• A decoy screen is image grid consisting of images none of which are part of the user’s IIS. The user has to select “none of the above” to succeed in those rounds.

• Make use of x rounds of decoy screens and y (y<=n) rounds or screens with images from user image set.

Decoy Screens

Countering Frequency Correlation Logic Attacks

• The IS can be partitioned into groups of images called image buckets. When an image from the IIS is displayed, all of the other images in the image bucket to which this image belongs will also be shown.

• The intersection of the images displayed will never decrease.

Image Buckets

Leaking Image Set Size• The size of the image set is equal to the number of

rounds.• Correlation between the Image set size and the number

of rounds may be blurred

Randomized number of rounds• The number of rounds is randomized according to a

bounded normal distribution.• The mean number of rounds and the variance can be

changed as necessary.

Implementation IssuesImage Set Storage • If the images are randomized, only the

seed for each image need be stored• Otherwise, entire IS needs to be stored

Security Implications• AS must store each user’s IIS.• If the AS is compromised, the IIS of every

user can be obtained.• The scheme depends on the

impenetrability of the AS

Key Strength

• If K images per display may be selected, then with R rounds and |PS_i|=N we obtain an equivalent key size of

KS= R log (C(N,K)) .

• If K=1 thenKS= R log (N)

Equivalent key bits for N=16 images/round

Equivalent key bits per key image

Conclusions

• IBA is in its infancy• IBA is more user-friendly• It is difficult to share IBA image sets

without showing the person the images• IBA offers an alternative to passwords

that my be attractive for some situation– Asymmetric bandwidth– Poor user input capability

• Protection at AS still an issue