Napredna pretraga

Pregled bibliografske jedinice broj: 604412

Breaking Undercover: Exploiting Design Flaws and Nonuniform Human Behavior


Perković, Toni; Mumtaz, Asma; Javed, Yousra; Li, Shujun; Ali Khayam, Syed; Čagalj, Mario
Breaking Undercover: Exploiting Design Flaws and Nonuniform Human Behavior // Proceedings of the SOUPS '11 (Symposium on Usable Privacy and Security)
Pittsburgh, Sjedinjene Američke Države, 2011. (predavanje, međunarodna recenzija, cjeloviti rad (in extenso), znanstveni)


Naslov
Breaking Undercover: Exploiting Design Flaws and Nonuniform Human Behavior

Autori
Perković, Toni ; Mumtaz, Asma ; Javed, Yousra ; Li, Shujun ; Ali Khayam, Syed ; Čagalj, Mario

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Izvornik
Proceedings of the SOUPS '11 (Symposium on Usable Privacy and Security) / - , 2011

Skup
The 7th Symposium on Usable Privacy and Security (SOUPS)

Mjesto i datum
Pittsburgh, Sjedinjene Američke Države, 20-22.07.2011

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
Passwords; Observation Attack; Undercover; Tactile Device; Audio Channel; Timing Attack; Intersection Attack

Sažetak
This paper reports two attacks on Undercover, a human authentication scheme against passive observers proposed at CHI 2008. The first attack exploits nonuniform human behavior in responding to authentication challenges and the second one is based on information leaked from authentication challenges or responses visible to the attacker. The second attack can be generalized to break two alternative Undercover designs presented at Pervasive 2009. All the attacks exploit design flaws of the Undercover implementations. Theoretical and experimental analyses show that both attacks can reveal the user’s password with high probability with O(10) observed login sessions. Both attacks were verified by using the login data collected in a user study with 28 participants. We also propose some enhancements to make Undercover secure against the attacks reported in this paper. Our research in breaking and improving Undercover leads to two broader implications. First, it reemphasizes the principle of "devil is in details" for the design of security-related human- computer interface. Secondly, it reveals a subtle relationship between security and usability: human users may behave in an insecure way to compromise the security of a system. To design a secure human-computer interface, designers should pay special attention to possible negative influence of any detail of the interface including how human users interact with the system.

Izvorni jezik
Engleski

Znanstvena područja
Elektrotehnika, Računarstvo



POVEZANOST RADA


Projekt / tema
023-0231924-1660 - NAPREDNE HETEROGENE MREŽNE TEHNOLOGIJE (Dinko Begušić, )

Ustanove
Fakultet elektrotehnike, strojarstva i brodogradnje, Split