started analysis of shuffles
This commit is contained in:
loeding
@@ -3,18 +3,17 @@
|
||||
Luke Oeding (Auburn University)
|
||||
|
||||
## What is an nKode?
|
||||
|
||||
An nKode consists of a passcode $P$ selected utilizing the following setup:
|
||||
|
||||
- a $k$ digit keypad, where each key has:
|
||||
- $p$ properties (position, central number, color, letter, emoji,...)
|
||||
- $m$ options for each property ($\#$ positions, $\#$ central numbers, $\#$ colors, $\#$ letters, $\#$ emoji, ... )
|
||||
* a $k$ digit keypad, where each key has:
|
||||
* $p$ properties (position, central number, color, letter, emoji,...)
|
||||
* $m$ options for each property (\# positions, \# central numbers, \# colors, \# letters, \# emoji, ... )
|
||||
|
||||
- In principle the number of options for each property doesn't have to be the same, but for the sake of our analysis, we make this uniform choice.
|
||||
- Typically one wants to have all letters displayed exactly once on the keypad for any instance of a keypad, so we take $m = k$.
|
||||
|
||||
- $\ell$ = length of the passcode, which is a sequence of $\ell$ letters (options) selected from any of the options.
|
||||
- a shuffling rule (the split-shuffle)
|
||||
* $\ell$ = length of the passcode, which is a sequence of $\ell$ letters (options) selected from any of the options.
|
||||
* a shuffling rule (the split-shuffle)
|
||||
|
||||
## Split shuffling
|
||||
|
||||
@@ -84,6 +83,7 @@ We are interested in understanding the number of times an eavesdropping intruder
|
||||
|
||||
[Brooks Brown says that the lower bound is $\min\{3, s \log_2+1\}$, where $s$ is the number of attribute sets, for an nKode of complexity $c=1$, regardless of nKode length $l$, or the number of tiles $t$.]
|
||||
|
||||
|
||||
Regarding the eavesdropper attack we should also consider the case of a keystroke recorder that doesn't observe the labels on the keys of the nKode keypad.
|
||||
Blind single attacks and repeated blind attempts that successfully log in, and learning the nKode.
|
||||
|
||||
@@ -95,11 +95,16 @@ Blind single attacks and repeated blind attempts that successfully log in, and l
|
||||
|
||||
The probability that a (blind) randomly entered key-string will yield a successful login:
|
||||
|
||||
$R = \frac{\#(\text{passcodes that would yield a correct login})}{\#(\text{possible passcodes})}.$
|
||||
$
|
||||
R = \frac{\text{Num}(\text{passcodes that would yield a correct login})}{\text{Num}(\text{possible passcodes})}.
|
||||
$
|
||||
|
||||
(Num stands for 'number of'.)
|
||||
This should be simply computed using the number of keys $k$ and the length $l$ of the passcode:
|
||||
|
||||
$R = (1/k)^l.$
|
||||
$
|
||||
R = (1/k)^l.
|
||||
$
|
||||
|
||||
For example, a 6 digit pin would yield a one-in-a-million chance of blindly hitting the correct passcode.
|
||||
|
||||
@@ -138,9 +143,13 @@ For example,
|
||||
### Guessing the passcode:
|
||||
|
||||
The likelihood that a randomly chosen passcode will yield a successful login no matter what shuffle has been applied, i.e. so that the attacker can successfully log in as many times as they want:
|
||||
$1 / \#(\text{possible passcodes}).$
|
||||
$1 / \text{Num}(\text{possible passcodes}).$
|
||||
|
||||
For example, when $k=m=10, p=7$ for $\ell = 4$ this probability is $(70)^{-4} \sim 4.16*10^{-8}$, or about 4 chances in 100 million, and for $\ell = 6$ this probability is $(70)^{-6} \sim 8.5*10^{-12}$, or about 8.5 chances in 1 trillion.
|
||||
For example, when $k=m=10, p=7$ for $\ell = 4$ this probability is
|
||||
|
||||
$(70)^{-4} \sim 4.16*10^{-8},$
|
||||
|
||||
or about 4 chances in 100 million, and for $\ell = 6$ this probability is $(70)^{-6} \sim 8.5*10^{-12}$, or about 8.5 chances in 1 trillion.
|
||||
|
||||
## Multiple Blind Attempts
|
||||
|
||||
@@ -155,7 +164,6 @@ For example, when $k=10$ for $\ell = 4$ and $s=2$ this probability is $((10)^{-4
|
||||
For example, when $k=10$ for $\ell = 4$ and $s=3$ this probability is $((10)^{-4})^3 = 10^{-12}$, [same order of magnitude as a passcode of length 6], and for $\ell = 6$ this probability is $((10)^{-6})^3 = 10^{-18}$, or 1 chance in one billion billion.
|
||||
|
||||
## Incorrect nKodes that still work
|
||||
|
||||
We should also consider the number of nKodes that would yield a successful sequence of $s$ logins. [Add example]
|
||||
|
||||
## Longer passcodes might not always be more secure
|
||||
@@ -185,3 +193,121 @@ If someone is able to observe the user typing the nKode, or record the keystroke
|
||||
### Eye tracking
|
||||
|
||||
Eye tracker on phone: How good would this need to be in order to see what attribute the user is searching for?
|
||||
|
||||
# Higher Complexity
|
||||
|
||||
## Dispersion
|
||||
Dispersion is an operation on a keypad that permutes properties in such a way that 2 observations of the nKode are sufficient to learn the passcode. It does this by applying a distinct rotation to each property. The authors note that this is possible when the number of keys is not larger than the number of properties per key, because this ensures that there are enough distinct rotations so that no repetitions occur. There are more general permutations that can also have this property, and it seems that this is already implemented in the Enrollment_Login_Renewal.
|
||||
|
||||
## Split shuffle
|
||||
Split shuffle attempts to avoid the dispersion permutation of the keypad so as to increase the number of times an intruder would have to observe the nKode being entered.
|
||||
|
||||
The properties are divided into 2 sets, each set will be shuffled by the same shuffle applied to all properties in that set of properties.
|
||||
|
||||
Note: by observing both keypads (before and after a split-shuffle), one can learn both what the split was, and what the two shuffles were.
|
||||
|
||||
We're intertested in studying how many observations an intruder must make in order to learn the passcode with the split shuffle in place. There are a few scenarios I can imagine.
|
||||
|
||||
* No split (analyzed above).
|
||||
* The split is determined once, and then the shuffles only happen on one side of the split.
|
||||
* The split changes every time randomly.
|
||||
* The split changes every time by a set strategy.
|
||||
|
||||
Of course we can consider these questions each time the metaparameters change. Recall,
|
||||
* a $k$ digit keypad,
|
||||
* $p$ properties (position, central number, color, letter, emoji,...)
|
||||
* $m$ options for each property (\# positions, \# central numbers, \# colors, \# letters, \# emoji, ... ). typically $m = k$.
|
||||
* $\ell$ = length of the passcode, which is a sequence of $\ell$ letters (options) selected from any of the options.
|
||||
|
||||
Notice that when $k = 1$ the problem is nearly trivial. It doesn't matter what the properties are, the only thing the user is entering is $\ell$, and that can be observed in 1 try.
|
||||
|
||||
When $k = 2$. Here's the case $p = 2$ and a 4 letter passcode.
|
||||
|
||||
|
||||
|key | p0 | p1 |
|
||||
|:----:|:--:|:--:|
|
||||
|key 0 | a0 | b0 |
|
||||
|key 1 | a1 | b1 |
|
||||
|
||||
After a shuffle [attribute 1]
|
||||
|
||||
|key | p0 | p1 |
|
||||
|:----:|:--:|:--:|
|
||||
|key 0 | a0 | b1 |
|
||||
|key 1 | a1 | b0 |
|
||||
|
||||
interaction:
|
||||
|
||||
|what | |||||
|
||||
|--------|--|--|--|--|--|
|
||||
|Passcode| a0|b1|a1|b0|
|
||||
|Display 1| 0|1|1|0|
|
||||
|Display 2| 0|0|1|1|
|
||||
|
||||
The possible passcodes after display 1:
|
||||
0{a0,b0},1{a1,b1},1{a1,b1},0{a0,b0}
|
||||
|
||||
The possible passcodes after display 2:
|
||||
0{a0,b1},0{a0,b1},1{a1,b0},1{a1,b0}
|
||||
|
||||
Intersect:
|
||||
{a0},{b1},{a1},{b0}
|
||||
Passcode learned in 2.
|
||||
|
||||
|
||||
When $k = 2$. Here's the case $p = 4$ and a 4 letter passcode.
|
||||
|
||||
|
||||
|key | p0 | p1 | p2 | p3 |
|
||||
|:----:|:--:|:--:|:--:|:--:|
|
||||
|key 0 | a0 | b0 | c0 | d0 |
|
||||
|key 1 | a1 | b1 | c1 | d1 |
|
||||
|
||||
After a shuffle [attribute 1,2]
|
||||
|
||||
|key | p0 | p1 | p2 | p3 |
|
||||
|:----:|:--:|:--:|:--:|:--:|
|
||||
|key 0 | a0 | b1 | c1 | d0 |
|
||||
|key 1 | a1 | b0 | c0 | d1 |
|
||||
|
||||
|
||||
interaction:
|
||||
|
||||
|what | |||||
|
||||
|--------|--|--|--|--|--|
|
||||
|Passcode| a0|c1|c1|d0|
|
||||
|Display 1| 0|1|1|0|
|
||||
|Display 2| 0|0|0|0|
|
||||
|
||||
The possible passcodes after display 1:
|
||||
0{a0,b0,c0,d0},1{a1,b1,c1,d1},1{a1,b1,c1,d1},0{a0,b0,c0,d0}
|
||||
|
||||
The possible passcodes after display 2:
|
||||
0{a0,b1,c1,d0},0{a0,b1,c1,d0},0{a0,b1,c1,d0},0{a0,b1,c1,d0}
|
||||
|
||||
Intersect:
|
||||
{a0,d0},{b1,c1},{b1,c1},{a0,d0}.
|
||||
|
||||
Passcode is not learned yet.
|
||||
|
||||
After a 3rd shuffle [attribute 1,3]
|
||||
|
||||
|key | p0 | p1 | p2 | p3 |
|
||||
|:----:|:--:|:--:|:--:|:--:|
|
||||
|key 0 | a0 | b1 | c0 | d1 |
|
||||
|key 1 | a1 | b0 | c1 | d0 |
|
||||
|
||||
|what | |||||
|
||||
|--------|--|--|--|--|--|
|
||||
|Passcode| a0|c1|c1|d0|
|
||||
|Display 1| 0|1|1|0|
|
||||
|Display 2| 0|0|0|0|
|
||||
|Display 3| 0|1|1|1|
|
||||
|
||||
The possible passcodes after display 3:
|
||||
0{a0,b1,c0,d1},1{a1,b0,c1,d0},1{a1,b0,c1,d0},1{a1,b0,c1,d0}
|
||||
|
||||
Intersect:
|
||||
{a0},{c1},{c1},{d0}.
|
||||
|
||||
Passcode learned in 3.
|
||||
Reference in New Issue
Block a user