[liberationtech] Stanford Security: Jeremiah Blocki on Usable & Secure Human Authentication (Tue Nov18)

Mon Nov 17 18:26:49 PST 2014

From: Joe Zimmerman <jzim at cs.stanford.edu>

>
>            Usable and Secure Human Authentication
>
>                       Jeremiah Blocki
>
>                  Tuesday, November 18, 2014
>                        Talk at 4:15pm
>                          Gates 463A
>
> Abstract:
>
> A typical computer user today manages passwords for many different online
> accounts. Users struggle with this task --- often forgetting their
> passwords
> or adopting insecure practices, such as using the same passwords for
> multiple
> accounts and selecting weak passwords. While there are many books,
> articles,
> papers and even comics about selecting strong individual passwords, there
> is
> very little work on password management schemes --- systematic strategies
> to help users create and remember multiple passwords. Before we can design
> good password management schemes it is necessary to address a fundamental
> question: How can we quantify the usability or security of a password
> management scheme. One way to quantify the usability of a password
> management
> scheme would be to conduct user studies evaluating each user's success at
> remembering multiple passwords over an extended period of time. However,
> these user studies would necessarily be slow and expensive and would need
> to
> be repeated for each new password management scheme. In this talk we argue
> that user models and security models can guide the development of password
> management schemes with analyzable usability and security properties. We
> present several results in support of this premise. First, we introduce
> Naturally Rehearsing Password schemes. Notably, our user model, which is
> based
> on research on human memory about spaced rehearsal, allows us to analyze
> the
> usability of this family of schemes while experimentally validating only
> the common user model underlying all of them. Second, we introduce Human
> Computable Password schemes, which leverage human capabilities for simple
> arithmetic operations. We provide constructions that make modest demands
> on users and we prove that these constructions provide strong security: an
> adversary who has seen 100 10-digit passwords of a user cannot compute any
> other passwords except with very low probability. Our password management
> schemes are precisely specified and publishable: the security proofs hold
> even if the adversary knows the scheme and has extensive background
> knowledge
> about the user (hobbies, birthdate, etc.).
>
> The talk is based on joint work with the following collaborators: Manuel
> Blum,
> Anupam Datta, Lorrie Cranor, Saranga Komanduri and Santosh Vempala.
>
> Bio:
>
> Jeremiah Blocki is a post-doctoral fellow in the Computer Science
> Department at
> Carnegie Mellon University. He completed his PhD at Carnegie Mellon
> University
> in 2014 under the supervision of Manuel Blum and Anupam Datta. His research
> interests include: Passwords, Usable and Secure Human Authentication, Human
> Computable Cryptography, Differential Privacy and the intersection of Game
> Theory and Security. He is generally interested in applying fundamental
> ideas from theoretical computer science to address practical problems in
> privacy and security.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141117/eb698178/attachment.html>