Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. Password hardening based on keystroke dynamics. In ACM Conference on Computer and Communications Security 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... The hardness of our scheme is based on the polynomial reconstruction problem, a special case of the Reed Solomon list decoding problem [4] Other schemes making use of this problem include, for example, the scheme proposed by Monrose, Reiter, and Wetzel for hardening passwords using keystroke data [18]. An important di#erence between our scheme and previous ones of this flavor is our range of parameter choices. The [18] scheme bases its security on the computational hardness of small polynomial reconstruction instances, while we select parameters enabling us to achieve information theoretic ....

....problem [4] Other schemes making use of this problem include, for example, the scheme proposed by Monrose, Reiter, and Wetzel for hardening passwords using keystroke data [18] An important di#erence between our scheme and previous ones of this flavor is our range of parameter choices. The [18] scheme bases its security on the computational hardness of small polynomial reconstruction instances, while we select parameters enabling us to achieve information theoretic security guarantees for the same problem. Organization We sketch protocol and security definitions for our scheme in ....

[Article contains additional citation context not shown here]

F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In G. Tsudik, editor, Sixth ACM Conference on Computer and Communications Security, pages 73-82. ACM Press, 1999.

....The simplest approach is to apply the mechanisms independently and then combine their resulting confidences, but more powerful fusing is also possible. For example, merged lip reading and speech processing [3] can be better than either alone. Likewise for password checks and typing patterns [8]. Note that if the outcomes conflict, this will reduce confidence, but will do so appropriately. 1.2. Propagating identity among distributed systems Solid mechanisms exist for propagating authenticated identity across systems [2] but they assume that intermediary nodes can be trusted to ....

Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. Password hardening based on keystroke dynamics. ACM Conference on Computer and Communications Security. Kent Ridge Digital Labs, Singapore, November 2-4. Published as Proceedings of ACM Conference on Computer and Communications Security, pages 73-82. ACM Press, November 1999.

....from the arrival times of packets. Experience shows that users typing follows stable patterns 1 . Many researchers have proposed to use the duration of key strokes and latencies between key strokes as a biometric for user authentication [GLPS80, UW85, LW88, LWU89, JG90, BSH90, MR97, RLCM98, MRW99] A more challenging question which has not yet been addressed in the literature is whether we can use timing information about key strokes to infer the key sequences being typed. If we can, can we estimate quantitatively how many bits of information are revealed by the timing information ....

....20 20 i a J u l Return 20 N Prompt time time Figure 1: The traffic signature associated with running SU in a SSH session. The numbers in the figure are the size (in bytes) of the corresponding packet payloads. tity of the user [GLPS80, UW85, LW88, LWU89, JG90, BSH90, MR97, RLCM98, MRW99] In this section, we show that several simple and practical attacks exploiting these two weaknesses. In particular, an attacker can identify which transmitted packets correspond to keystrokes of sensitive data such as passwords in a SSH session. Using this information, the attacker can easily ....

F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM Conference on Computer and Communications Security, November 1999.

....any type of database where 4 knowledge of some data (of sufficient size) is required for a lookup to be possible. In our setting, this key information is the results of some fixed forensic tests. Two recent papers that are related in a technical sense are those of Monrose, Reiter and Wetzel [23] who used similar methods for strengthening login sessions by measuring typing speeds; and Ellison, Hall, Milbert and Schneier [10] who suggested a method for fuzzy passphrase based logins, where only a certain portion of the passphrase needs to be correct. Whereas the former employs techniques ....

F. Monrose, M. Reiter, S. Wetzel.: Password hardening based on keystroke dynamics. In 6th ACM Conference on Computer and Commnication Security, (to appear), 1999.

....(despite known hardness results [2, 24] on the lattice shortest vector problem) and thus, should be used cautiously as an intractability assumption. 3 Interestingly, the noisy polynomial interpolation and the polynomial reconstruction problems also appeared in password authentication schemes [25, 13]. Both schemes use Shamir s secret sharing scheme based on Lagrange s polynomial interpolation, where the shares are encrypted with low entropy secrets. Shamir s scheme achieves perfect security, but here, additional information is available to the attacker. A closer inspection shows that [13] is ....

....therefore insecure for many choices of the parameters. For instance, the authors propose to use n = 22; k = 14 and m 256 to protect a 112 bit key. But this configuration can be broken using a meet in the middle attack (see Section 2.3) using n 0 = 16 in time 2 64 . The solution described in [25] is much better as it is based on the hardness of the discrete log problem and a variant of the polynomial reconstruction problem. We also discuss analogous methods for a related problem, the so called noisy Chinese remaindering problem arising from the well known analogy between polynomials and ....

[Article contains additional citation context not shown here]

F. Monrose, M. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proc. of 6th Conf. on Computer and Communications Security. ACM, 1999.

No context found.

F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6 ACM Conference on Computer and Communications Security, pages 73--82, November 1999.

No context found.

Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. Password hardening based on keystroke dynamics. In ACM Conference on Computer and Communications Security 1999.

No context found.

F. Monrose, M. K. Reiter, and S. Wetzel. Password Hardening based on Keystroke Dynamics. International Journal of Information Security, 1(1):69--83, 2001.

No context found.

F. Monrose, M. K. Reiter, and S. Wetzel. Password Hardening based on Keystroke Dynamics. International Journal of Information Security, 1(1):69--83, 2001.

No context found.

F. Monrose, M. Reiter, and S. Wetzel. Password Hardening Based on Keystroke Dynamics. ACM CCS 1999, ACM Press, 1999.

No context found.

F. Monrose, M. K. Reiter, and S. Wetzel, "Password hardening based on keystroke dynamics," in Proc. 6th ACM Conf. Computer and Communications Security, 1999, pp. 73--82.

No context found.

F. Monrose, M. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proc. ACM Conf. Computer and Communications Security, pages 73--82, 1999.

No context found.

Fabian Monrose, Michael K. Reiter, and Suzanne Wetzel, Password Hardening based on Keystroke Dynamics. in the Proceedings of the 6th ACM Conference on Computer and Communications Security, ACM, pp. 73--82, 1999.

No context found.

F. Monrose, M. Reiter, S. Wetzel. Password Hardening Based on Keystroke Dynamics. In Proc. ACM Conf. Computer and Communications Security, 1999, p. 73--82.

No context found.

Fabian Monrose, Michael K. Reiter, and SusanneWetzel. Password hardening based on keystroke dynamics. Int. J. Information Security, 1(1):1--15, 2001.

No context found.

Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. Password hardening based on keystroke dynamics. ACM Conference on Computer and Communications Security (Kent Ridge Digital Labs, Singapore, November 2-4). Published as Proceedings of ACM Conference on Computer and Communications Security, pages 73-82. ACM Press, November 1999. 21

No context found.

Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM conference on Computer and communications security, pages 73--82. ACM Press, 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC