DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Slides: Logging safely in public spaces using color PINs
1. Logging safely in public spaces
using attribute PINs
Frank Nielsen
Frank.Nielsen@acm.org
5793b870
Sony Computer Science Laboratories, Inc.
2013
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
1/17
2. Logging, the need for a secure UI...
We daily use...
◮
more and more cloud services...
◮
Internet terminals in public spaces...
→ threats of passwords being stolen (yielding identity theft!).
Many potential threats:
◮
shoulder-surfing attacks
◮
concealed spy cameras (video surveillance)
◮
spyware (key and mouse loggers)
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
2/17
3. Tokens, biometrics and secure UI...
Current mainstream solution:
◮
One Time passwords (OTPs), physical token (can be stolen
or borrowed too!), or
◮
biometrics (expensive)+PINs
Our proposal: Design a secure UI with zero-knowledge using
associative PINs: A UI PIN associated to a USR PIN (both secret).
→ robust by design to mouse loggers and video captures.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
3/17
4. Associative PINs
Concept = Two graphics keyboards:
◮
Fixed digit board (or letters, icons, etc.)
◮
Moveable cursor letter board (or digits, icons, etc.)
Task (Human): Align the cursor to the corresponding digit
◮
Origin is chosen at random (keylogger cannot replay mouse
motions).
◮
Torus topology for wrapping the moveable cursor board.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
4/17
5. Example (shuffling the fixed digit board after each input)
3141
CAHB
3141
CAHB
3141
CAHB
3141
CAHB
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
5/17
6. 2 × 5 keyboard layout
◮
Implemented in Processing, processing.org
◮
Wrapping the cursor operating system on the screen edges
(for endless smooth toric motion) using JavaTM Robot class
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
6/17
8. Some extensions of the basic AssociativePIN system
◮
Use legacy password systems (split in half the password into
PASSWD and USR-PASSWD parts),
◮
Graphics board skins,
◮
Cursor control using another device,
◮
Free users from remembering another UI PASSWD: Generate
One-time UI PASSWDS from user profiles.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
8/17
10. Generating UI passwords from user profiles
To help user memorize the UI password and generate many UI
passwords, we define a user profile by asking a set of k questions,
each with n choices like what is her favorite food, favorite place,
favorite color, favorite celebrity, favorite movie, favorite music, etc.
Each time the user enters a key, the moveable cursor skin changes
to the next mode: food→place→color→celebrity→movie→music,
...
Furthermore, for k-length passwords, we generate a random
permutation on the question orders (yielding k! UI passwords)
However less secure when observers know or guess his/her
preferences.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
10/17
11. Prior work (I)
◮
CursorCamouflage [11]: set of dummy cursors that makes it
difficult for observers to correlate with the user hand motion.
◮
Convex Hull Pass Icons [12]: enter password with pass-icons
blended with other icons on a 2D layout; The user is required
to pass several challenges where each challenge asks to click
inside the convex hull of the pass icons.
◮
Cognitive Trapdoor Games [8]: select on which set the current
PIN code digit is contained. After a few selections, the system
knows by “intersecting” the challenge subsets which digit was
entered, and proceed for entering the next digit, etc.
◮
FakeCursor [9]: The FakeCursor system manages a fixed
secret and a disposal secret: enter pin code by aligning the
secret digit on the fixed disposal icons using left/right
ATM-like arrow buttons. We can interpret FakeCursor as a
discrete UI working on the 1D ring topology.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
11/17
12. Prior work (II)
◮
ColorPin [3]: PIN entry system using color PINs relying on
keyboard interactions. At the bottom of each digit, three
colored letters (black, red and white) are shown. Each letter
appears in all three different colors for security reasons. The
user enters the color PIN by pressing corresponding keyboard
keys.
◮
Login systems designed based on eye gaze input [6]
◮
PIN Tactons [7]. Well-suited for visually impaired people.
◮
etc.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
12/17
13. Potential security threats
◮
UI PASSWORD too simple
◮
gaze tracking and advanced computer vision: guess which
part were “intentionally” aligned by observing the user’ eyes.
→ risk minimized by showing a small board size.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
13/17
15. Bibliographic references I
William Cheswick.
Rethinking passwords.
Commun. ACM, 56(2):40–44, February 2013.
John Chuang, Hamilton Nguyen, Charles Wang, and Benjamin Johnson.
I think, therefore i am: Usability and security of authentication using brainwaves.
In Proceedings of the Workshop on Usable Security, USEC ’13, 2013.
Alexander De Luca, Katja Hertzschuch, and Heinrich Hussmann.
Colorpin: securing pin entry through indirect input.
In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’10, pages
1103–1106, New York, NY, USA, 2010. ACM.
Yutaka Hirakawa, Motohiro Take, and Kazuo Ohzeki.
Pass-image authentication method tolerant to random and video-recording attacks.
International Journal of Computer Science & Applications (IJCSA), 9(3):20–36, 2012.
B. Kaliski.
Pkcs #5: Password-based cryptography specification version 2.0 (rfc), 2000.
Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd.
Reducing shoulder-surfing by using gaze-based password entry.
In Proceedings of the 3rd symposium on Usable privacy and security, SOUPS ’07, pages 13–19, New York,
NY, USA, 2007. ACM.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
15/17
16. Bibliographic references II
Xuˆn-Linh Labb´.
a
e
Touchscreen accessibility - accessible and secure authentication using a haptic PIN.
Master’s thesis, University of Glasgow, 2010.
Volker Roth, Kai Richter, and Rene Freidinger.
A PIN-entry method resilient against shoulder surfing.
In Proceedings of the 11th ACM conference on Computer and communications security, CCS ’04, pages
236–245, New York, NY, USA, 2004. ACM.
Tetsuji Takada.
Fakepointer: An authentication scheme for improving security against peeping attacks using video cameras.
In Proceedings of the 2 Second International Conference on Mobile Ubiquitous Computing, Systems,
Services and Technologies, UBICOMM ’08, pages 395–400, Washington, DC, USA, 2008. IEEE Computer
Society.
Tetsuji Takada.
Fakepointer: An authentication scheme for improving security against peeping attacks using video cameras.
In Proceedings of the 2008 The Second International Conference on Mobile Ubiquitous Computing,
Systems, Services and Technologies, UBICOMM ’08, pages 395–400, Washington, DC, USA, 2008. IEEE
Computer Society.
Keita Watanabe, Fumito Higuchi, Masahiko Inami, and Takeo Igarashi.
CursorCamouflage: Multiple dummy cursors as a defense against shoulder surfing.
In SIGGRAPH Asia 2012 Emerging Technologies, SA ’12, pages 6:1–6:2, New York, NY, USA, 2012. ACM.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
16/17
17. Bibliographic references III
Susan Wiedenbeck, Jim Waters, Leonardo Sobrado, and Jean-Camille Birget.
Design and evaluation of a shoulder-surfing resistant graphical password scheme.
In Proceedings of the working conference on Advanced visual interfaces, AVI ’06, pages 177–184, New York,
NY, USA, 2006. ACM.
c 2013 Frank Nielsen, Sony Computer Science Laboratories, Inc.
17/17