Citation Context

... found values D and L that 4 This example also illustrates that the use of pattern classifiers that aim to separate a population given some similarity measure (e.g., linear discriminant analysis; see =-=[7]-=-) would not necessarily yield good results for our purposes. That is, in the example above the distinguishing feature for each account could be used by a classifier to perfectly separate the populatio...

Citation Context

...ction) from Sects. 5 and 6, but will return to this in Sect. 7. 5 An instance usingpolynomials In this section we describe an instance of the technique of Sect. 4 using Shamir’s secret sharing scheme =-=[31]-=-.s74 F. Monrose et al.: Password hardening based on keystroke dynamics In this scheme, hpwda is shared by choosing a random polynomial fa ∈ Zq[x] of degree m − 1 such that fa(0) = hpwda, whereq>2m + 1...

Citation Context

.... This makes the careful utilization of keystroke features critical in our setting, whereas in [6] the biometric data considered were presumed independent of the password chosen. Juels and Wattenberg =-=[14]-=- generalized and improved the Davida et al. scheme through a novel modification in the use of error-correcting codes, thereby shrinking the code size and achieving higher resilience. However, since th...

Citation Context

...ch f. Asymptotically (i.e., as m grows arbitrarily large), it is known that the second case can be distinguished from the first in O(m2 )timeifd≤ (2 − √ 2)m ≈ 0.585m using error-correcting techniques =-=[11]-=-. These techniques do not attack our scheme directly, since our analysis in Sect. 8 suggests that for many reasonable values of k, d will typically be too large relative to m for these techniques to s...

Citation Context

.... Salting is a method in which the user’s password is prepended with a random number (the “salt”) of s bits in length before hashing the password and comparing the result to a previously stored value =-=[20, 26]-=-. As a result, the search space of an attacker is increased by a factor of 2 s if the attacker does not have access to the salts. However, the correct salt either must be stored in the system or found...

Citation Context

...subset of all possible passwords. In one case study of 14 000 Unix™passwords, almost 25% of the passwords were found by searching for words from a carefully formed “dictionary” of only 3 × 10 6 words =-=[15]-=- (see also [9, 26, ∗ Correspondence to: M. Reiter, Carnegie Mellon University, Hamerschlag Hall D208, Pittsburgh, PA 15213, USA 33, 34]). This high success rate is not unusual despite the fact that th...

Citation Context

...oach is not directly amenable to generating cryptographic keys from timing information. A different approach to generating a repeatable key based on biometric data is due to Davida, Frankel, and Matt =-=[6]-=-. In this scheme, a user carries a portable storage device containing: (1) error-correcting parameters to decode readings of biometric data (e.g., an iris scan) with a limited number of errors to a “c...

Citation Context

...s, because multiple accounts can map to the same total feature descriptor under C. So, in the example of the previous paragraph, all accounts can map to at most two such descriptors. Guessing entropy =-=[5, 21]-=- is a natural way to define the entropy of a cover. Let Img(C)={b |∃a ∈ A : C(a)= b}, and wC(b) =|{a ∈ A |C(a) =b}|/|A|. If we denote Img(C)={b1,... ,bl} such that wC(b1) ≥ wC(b2) ≥ ...≥ wC(bl), then ...

Citation Context

...available keyboard at which the user can type her password, which is the ideal situation for repeated generation of her hardened password. Moreover, with the alarming rate of laptop thefts (e.g., see =-=[28]-=-), these applications demand security better than that provided by traditional passwords. Although we study only the generation of hardened passwords using keystroke patterns in this paper, the techni...

Citation Context

... motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and different between users =-=[1, 10, 13, 17, 18, 23, 30]-=-. Prior work has anticipated utilizing keystroke information in the user login process (e.g., [13]), and indeed products implementing this are being marketed today (e.g., see http://www.biopassword.co...

Citation Context

... motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and different between users =-=[1, 10, 13, 17, 18, 23, 30]-=-. Prior work has anticipated utilizing keystroke information in the user login process (e.g., [13]), and indeed products implementing this are being marketed today (e.g., see http://www.biopassword.co...

Citation Context

...me achieves a degree of resilience to forgotten answers. However, Bleichenbacher and Nguyen have shown that the Ellison et al. scheme is insecure, whereas our constructions appear to be much stronger =-=[2]-=-. In work subsequent to ours, a construction similar to that in Sects. 5.1 and 5.2 was used in the design of a forensic database, where a person’s medical record can be decrypted only once a DNA sampl...

Citation Context

... motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and different between users =-=[1, 10, 13, 17, 18, 23, 30]-=-. Prior work has anticipated utilizing keystroke information in the user login process (e.g., [13]), and indeed products implementing this are being marketed today (e.g., see http://www.biopassword.co...

Citation Context

.... Salting is a method in which the user’s password is prepended with a random number (the “salt”) of s bits in length before hashing the password and comparing the result to a previously stored value =-=[20, 26]-=-. As a result, the search space of an attacker is increased by a factor of 2 s if the attacker does not have access to the salts. However, the correct salt either must be stored in the system or found...

Citation Context

...cations other than login, such as file encryption. The first work (that we are aware of) that previously proposed generating a repeatable key based on biometric information is due to Soutar and Tomko =-=[32]-=-. This work outlines a technique for using optical computing to generate a cryptographic key from a fingerprint pressed against a glass prism; products based on this technique are marketed by Mytec Te...

Citation Context

... motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and different between users =-=[1, 10, 13, 17, 18, 23, 30]-=-. Prior work has anticipated utilizing keystroke information in the user login process (e.g., [13]), and indeed products implementing this are being marketed today (e.g., see http://www.biopassword.co...

Citation Context

...the unauthorized modification of system information related to password authentication (e.g., the attacker adds a new account with a password it knows, or changes the password of an existing account) =-=[12, 16, 19]-=-. Here we do not focus on this threat model, although our hardened passwords can be directly combined with these techniques to also provide security against this type of attacker. 3 Preliminaries The ...

Citation Context

...omenon for which features can be measured can, in theory, be employed with our techniques to generate cryptographic secrets. Our continuing work, for example, has demonstrated this for voice patterns =-=[24, 25]-=-. 2 Related work The motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and diff...

Citation Context

...to that in Sects. 5.1 and 5.2 was used in the design of a forensic database, where a person’s medical record can be decrypted only once a DNA sample of the person is obtained (e.g., at a crime scene) =-=[3]-=-. Our method of hardening user passwords has conceptual similarities to password “salting” for user logins. Salting is a method in which the user’s password is prepended with a random number (the “sal...

Citation Context

...ed on vector spaces We first briefly present the secret sharing scheme based on vector spaces that we use in our construction. Vector-space secret sharing schemes have been studied extensively (e.g., =-=[4]-=-). The scheme presented here is based on similar ideas, though it is tuned for use in our application. For example, this sharing scheme requires no information other than the shares to reconstruct the...

Citation Context

...t is unknown whether this technique is more applicable in our setting. Ellison et al. independently developed a method for generating a cryptographic key based on answers to questions posed to a user =-=[8]-=-. The work is premised on the assumption that questions can be posed that the legitimate user will answer one way but others attempting to impersonate the user will answer another way. Their construct...

Citation Context

... motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and different between users =-=[1, 10, 13, 17, 18, 23, 30]-=-. Prior work has anticipated utilizing keystroke information in the user login process (e.g., [13]), and indeed products implementing this are being marketed today (e.g., see http://www.biopassword.co...

Citation Context

...the unauthorized modification of system information related to password authentication (e.g., the attacker adds a new account with a password it knows, or changes the password of an existing account) =-=[12, 16, 19]-=-. Here we do not focus on this threat model, although our hardened passwords can be directly combined with these techniques to also provide security against this type of attacker. 3 Preliminaries The ...

Citation Context

...the unauthorized modification of system information related to password authentication (e.g., the attacker adds a new account with a password it knows, or changes the password of an existing account) =-=[12, 16, 19]-=-. Here we do not focus on this threat model, although our hardened passwords can be directly combined with these techniques to also provide security against this type of attacker. 3 Preliminaries The ...

Citation Context

...s, because multiple accounts can map to the same total feature descriptor under C. So, in the example of the previous paragraph, all accounts can map to at most two such descriptors. Guessing entropy =-=[5, 21]-=- is a natural way to define the entropy of a cover. Let Img(C)={b |∃a ∈ A : C(a)= b}, and wC(b) =|{a ∈ A |C(a) =b}|/|A|. If we denote Img(C)={b1,... ,bl} such that wC(b1) ≥ wC(b2) ≥ ...≥ wC(bl), then ...

Citation Context

...omenon for which features can be measured can, in theory, be employed with our techniques to generate cryptographic secrets. Our continuing work, for example, has demonstrated this for voice patterns =-=[24, 25]-=-. 2 Related work The motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and diff...

Citation Context

...uessing entropy is more sensitive to variations in D than in L. Thisisconsistentwith previous works that have found keystroke durations to be more variable among users than keystroke latencies (e.g., =-=[27]-=-). Fig. 5. Guessing entropy as a function of D and L We remind the reader that all of the foregoing analysis is based on a relatively small trial of our techniques: 20 users, 481 logins, and 1 passwor...

Citation Context

...impler variation and then extending it in Sect. 5.4 to be more secure. 5.1 Stored data structures and initialization Let G be a pseudorandom function family and P be a pseudorandom permutation family =-=[29]-=- such that for any key K, GK : Zq → Zq and PK : Z ∗ q → Z∗ q .1 There are three data structures stored in the system per account: 1. A randomly chosen element r ∈{0, 1} κ where κ is a security paramet...

Citation Context

... motivation for using keystroke features to harden passwords comes from years of research validating the hypothesis that user keystroke features are both highly repeatable and different between users =-=[1, 10, 13, 17, 18, 23, 30]-=-. Prior work has anticipated utilizing keystroke information in the user login process (e.g., [13]), and indeed products implementing this are being marketed today (e.g., see http://www.biopassword.co...