F ig hting Co e rc io n Atta c ks using Skin Co nduc ta nc e Mo - - PowerPoint PPT Presentation

▶

Apr 12, 2023 276 likes •540 views

F ig hting Co e rc io n Atta c ks using Skin Co nduc ta nc e Mo b ile Co nte xtua l Se c urity F ighting Co e r c io n Attac ks in Ke y Ge ne r atio n using Skin Co nduc tanc e Pa ya s Gupta a nd De b in Ga o , Sing a po

SLIDE 1

SLIDE 2

 F

ig hting Co e rc io n Atta c ks using Skin Co nduc ta nc e

 Mo b ile Co nte xtua l Se c urity

SLIDE 3

 F

ighting Co e r c io n Attac ks in Ke y Ge ne r atio n using Skin Co nduc tanc e

› Pa ya s Gupta a nd De b in Ga o , Sing a po re Ma na g e me nt Unive rsity, › 19th USE NI X Se c urity Sympo sium, 2010

SLIDE 4

USB Biometrics Password

Coercion Attack

Unforgettability Unforgeability High entropy

1 0 1 1 0 0 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 1

SLIDE 5

 Ba nk Va ult  T

p Se c re t L

a b

 Airpla ne Co c kpit

SLIDE 6

SLIDE 7

Existing Approach

Authe ntic a te d

Voic e

Co rre c t Crypto g ra phic ke y

Problem with the : Coercion Attack

SLIDE 8

 Co e rc io n-re sista nt se c urity sc he me

› Use r do e s no t ha ve a c ho ic e › Use r do e s no t ha ve the c a pa b ility

 Assumptio n: Atta c ke r kno ws ho w the

syste m wo rks

 I

mplic a tio ns: Atta c ke r will no t c o e rc e the use r

 Pa nic Pa sswo rds [Cla rk ‘08]

› Ca n b e use d fo r a uthe ntic a ting unde r dure ss

SLIDE 9

Along with Voice, use Skin Conductance as Emotional Response Parameter

Cor r e c t

Crypto g ra phic ke y

Authe ntic a te d

Vo ic e & Skin Co nduc ta nc e

T ime Skin Co nduc ta nc e

Skin Co nduc ta nc e De vic e

SLIDE 10

Along with Voice, use Skin Conductance as Emotional Response Parameter

Inc or r e c t

Crypto g ra phic ke y No t

Authe ntic a te d

Voic e & Skin Conduc tanc e

T ime Skin Co nduc ta nc e

Skin Co nduc ta nc e De vic e

SLIDE 11

 Ho w to sho w up re sults a nd to pe rfo rm

use r study?

SLIDE 12

 Unde rg ra dua te a nd g ra dua te stude nts

in the a g e fro m 18 to 28.

 43 pa rtic ipa nts

› 4 pa rtic ipa nts re mo ve d the me a suring de vic e fro m the ir fing e rs whe n the y we re ne rvo us during the e xpe rime nt.

 T

he re fo re , suc c e ssful pa rtic ipa nts – 39

› 22 ma le a nd 17 fe ma le

SLIDE 13

He a rt ra te ta g s

SLIDE 14

 Ob je c tive

› Mo nito r Skin Co nduc ta nc e

No rma l Stre sse d

SLIDE 15

F a lse fe e db a c k o f He a rt Ra te

SLIDE 16

SLIDE 17

SLIDE 18

Do not touch the ‘X’ key of the keyboard

SLIDE 19

It was your fault Who will pay for the device? How will I recover my data? Yeah it was my mistake, I pressed the X key of your keyboard. I am ready to help you!!! I am sorry, but I did not press X key. Your experiment sucks, your laptop sucks, moreover you suck

SLIDE 20

Examiner leaves the room, leaving the subject alone

SLIDE 21

Subject sits in-front of a PC and is asked to type a few sentences.

SLIDE 22

The core of the experiment begins when the PC shuts off as the subject is typing a letter

SLIDE 23

As a result, subject succumbs to stress.

SLIDE 24

Examiner enters the room

SLIDE 25

 F

ig hting Co e rc io n Atta c ks using Skin Co nduc ta nc e

 Mo b ile Co nte xtua l Se c urity

 F

ighting Co e r c io n Attac ks in Ke y Ge ne r atio n using Skin Co nduc tanc e

› Pa ya s Gupta a nd De b in Ga o , Sing a po re Ma na g e me nt Unive rsity, › 19th USE NI X Se c urity Sympo sium, 2010

USB Biometrics Password

Coercion Attack

Unforgettability Unforgeability High entropy

1 0 1 1 0 0 0 1 0 1 0 1 1 0 1 1 0 1 1 0 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 1

 Ba nk Va ult  T

a b

 Airpla ne Co c kpit

Existing Approach

Authe ntic a te d

Voic e

Co rre c t Crypto g ra phic ke y

Problem with the : Coercion Attack

 Co e rc io n-re sista nt se c urity sc he me

› Use r do e s no t ha ve a c ho ic e › Use r do e s no t ha ve the c a pa b ility

 Assumptio n: Atta c ke r kno ws ho w the

syste m wo rks

 I

mplic a tio ns: Atta c ke r will no t c o e rc e the use r

 Pa nic Pa sswo rds [Cla rk ‘08]

› Ca n b e use d fo r a uthe ntic a ting unde r dure ss

Along with Voice, use Skin Conductance as Emotional Response Parameter

Cor r e c t

Crypto g ra phic ke y

Authe ntic a te d

Vo ic e & Skin Co nduc ta nc e

T ime Skin Co nduc ta nc e

Skin Co nduc ta nc e De vic e

Along with Voice, use Skin Conductance as Emotional Response Parameter

Inc or r e c t

Crypto g ra phic ke y No t

Authe ntic a te d

Voic e & Skin Conduc tanc e

T ime Skin Co nduc ta nc e

Skin Co nduc ta nc e De vic e

 Ho w to sho w up re sults a nd to pe rfo rm

use r study?

 Unde rg ra dua te a nd g ra dua te stude nts

in the a g e fro m 18 to 28.

 43 pa rtic ipa nts

› 4 pa rtic ipa nts re mo ve d the me a suring de vic e fro m the ir fing e rs whe n the y we re ne rvo us during the e xpe rime nt.

 T

he re fo re , suc c e ssful pa rtic ipa nts – 39

› 22 ma le a nd 17 fe ma le

He a rt ra te ta g s

 Ob je c tive

› Mo nito r Skin Co nduc ta nc e

No rma l Stre sse d

F a lse fe e db a c k o f He a rt Ra te

Do not touch the ‘X’ key of the keyboard

It was your fault Who will pay for the device? How will I recover my data? Yeah it was my mistake, I pressed the X key of your keyboard. I am ready to help you!!! I am sorry, but I did not press X key. Your experiment sucks, your laptop sucks, moreover you suck

Examiner leaves the room, leaving the subject alone

Subject sits in-front of a PC and is asked to type a few sentences.

The core of the experiment begins when the PC shuts off as the subject is typing a letter

As a result, subject succumbs to stress.

Examiner enters the room

And, falsely accused the subject for inappropriate handling of PC and corresponding data loss