[PPT] - Fast, Lean, and Accurate: Modeling Password Guessability Using PowerPoint Presentation

SLIDE 1

Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

William Melicher, Blase Ur, Sean Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor

SLIDE 2

Guessing Methods

2

SLIDE 3

Guessing Methods

John the Ripper
Hashcat

3

SLIDE 4

Guessing Methods

John the Ripper
Hashcat

4

Dictionary word + Rules

SLIDE 5

Guessing Methods

John the Ripper
Hashcat

5

Dictionary word + Rules password + append 2 digits

SLIDE 6

Guessing Methods

John the Ripper
Hashcat

6

Dictionary word + Rules password + append 2 digits password11 password12 ...

SLIDE 7

Guessing Methods

John the Ripper
Hashcat
Markov Models

7

SLIDE 8

Guessing Methods

John the Ripper
Hashcat
Markov Models

8

p a s s t

...

e

SLIDE 9

Guessing Methods

John the Ripper
Hashcat
Markov Models
PCFGs

9

SLIDE 10

Guessing Methods

John the Ripper
Hashcat
Markov Models
PCFGs

10

L8D2 L6S2 password12 password11 ... monkey!! qwerty.. ... ...

SLIDE 11

Guessing Methods

John the Ripper
Hashcat
Markov Models
PCFGs

11

SLIDE 12

SLIDE 13

Can we guess more accurately? Quicker? With fewer resources?

13

SLIDE 14

Our Approach: Neural Networks

14

Hello = Здравствуйте Handwriting Recognition → Handwriting recognition

SLIDE 15

Outline: Guessing with Neural Networks

How to guess passwords with neural networks
Password guesser design
Comparison to other guessing methods
Real-time, in-browser feedback with neural networks

15

SLIDE 16

Generating Passwords

16

SLIDE 17

Generating Passwords

17

passw

or maybe 0 or O or ...

SLIDE 18

Generating Passwords

18

passw

Next char is: A: 3% B: 1% C: 0.6% … O: 55% … Z: 0.01% 0: 20% 1: ...

SLIDE 19

Generating Passwords

19

“” Prob: 100%

SLIDE 20

Generating Passwords

20

Next char is: A: 3% B: 2% C: 5% … O: 2% … Z: 0.2% 0: 1% 1: … END: 2%

“” Prob: 100%

SLIDE 21

Generating Passwords

21

Next char is: A: 3% B: 2% C: 5% … O: 2% … Z: 0.2% 0: 1% 1: … END: 2%

“” Prob: 100%

SLIDE 22

Generating Passwords

22

“” Prob: 100%

Next char is: A: 3% B: 2% C: 5% … O: 2% … Z: 0.2% 0: 1% 1: … END: 2%

SLIDE 23

Generating Passwords

23

“C” Prob: 5%

SLIDE 24

Generating Passwords

24

Next char is: A: 10% B: 1% C: 4% … O: 8% … Z: 0.02% 0: 3% 1: … END: 6%

“C” Prob: 5%

SLIDE 25

Generating Passwords

25

Next char is: A: 10% B: 1% C: 4% … O: 8% … Z: 0.02% 0: 3% 1: … END: 6%

“C” Prob: 5%

SLIDE 26

Generating Passwords

26

“CA” Prob: 0.5%

Next char is: A: 3% B: 10% C: 7% … O: 1% … Z: 0.03% 0: 2% 1: … END: 12%

SLIDE 27

Generating Passwords

27

“CAB” Prob: 0.05%

Next char is: A: 3% B: 10% C: 7% … O: 1% … Z: 0.03% 0: 2% 1: … END: 3%

SLIDE 28

Generating Passwords

28

“CAB” Prob: 0.05%

Next char is: A: 4% B: 3% C: 1% … O: 2% … Z: 0.01% 0: 4% 1: … END: 12%

SLIDE 29

Generating Passwords

29

“CAB” Prob: 0.05%

Next char is: A: 4% B: 3% C: 1% … O: 2% … Z: 0.01% 0: 4% 1: … END: 12%

SLIDE 30

Generating Passwords

30

“CAB” Prob: 0.006%

SLIDE 31

Generating Passwords

31

CAB - 0.006% CAC - 0.0042% ADD1 - 0.002% CODE - 0.0013% ...

SLIDE 32

Generating Passwords

32

CAB - 0.006% CAC - 0.0042% ADD1 - 0.002% CODE - 0.0013% ...

Must be longer than 3 characters

SLIDE 33

Password Policies: 1class8

1 character class and 8 characters minimum password123 12345678 monkey99

33

SLIDE 34

Password Policies: 4class8

4 character classes and 8 characters minimum Pa$$w0rd !Qaz2wsx Jvj24601!

34

SLIDE 35

Password Policies: 1class16

1 character class and 16 characters minimum 123456789123456789 qwertyuiop123456 Monika1234567890

35

SLIDE 36

Password Policies: 3class12

3 character class and 12 characters minimum llamalove123 Mypassword#3 N@rut0_r0ck5

36

SLIDE 37

Outline: Guessing with Neural Networks

How to guess passwords with neural networks
Password guesser design
Comparison to other guessing methods
Real-time, in-browser feedback with neural networks

37

SLIDE 38

Design Space

38

SLIDE 39

Design Space

Model size

3MB - Browser 60MB - Limited by GPU

39

SLIDE 40

Design Space

Model size
Transference learning

40

1class8 network 3class12 network Transfer knowledge

SLIDE 41

Design Space

Model size
Transference learning
Training data

Natural language? Varying training sets?

41

SLIDE 42

Design Space

Model size
Transference learning
Training data
Model architecture
Alphabet size
Password context

42

SLIDE 43

Testing Methodology

Approach: measure # guessed passwords
Training data: leaked password sets
Testing data

○ MTurk study passwords: 1class8, 4class8, 1class16, 3class12 ○ Real passwords: 000webhost password leak

Use Monte-Carlo to estimate guess numbers

(Dell’Amico and Filippone CCS ‘15)

43

SLIDE 44

44

Tuning Training

SLIDE 45

45

SLIDE 46

46

SLIDE 47

47

SLIDE 48

48

More accurate guessing

SLIDE 49

49

More accurate guessing

SLIDE 50

Transference Learning → More Accurate

50

15% → 22%

SLIDE 51

Natural Language Doesn’t Help

51

SLIDE 52

Model Size: Larger Is More Accurate

52

SLIDE 53

Model Size: Larger Is More Accurate

53

SLIDE 54

Model Size: Larger Is More Accurate

54

SLIDE 55

Model Size: Larger Is More Accurate

55

Sometimes

SLIDE 56

56

Comparison to Other Approaches

SLIDE 57

1class8: Comparison

57

SLIDE 58

1class8: Neural Networks Guess Better

58

SLIDE 59

1class8: Neural Networks Guess Better

59

SLIDE 60

4class8: Neural Networks Guess Better

60

SLIDE 61

3class12: Neural Networks Guess Better

61

SLIDE 62

3class12: Neural Networks Guess Better

62

30% → 45%

SLIDE 63

Password feedback:

63

SLIDE 64

Current password feedback: Quick or accurate

64

SLIDE 65

Accurate Guessing Methods

100s MB to GBs!

65

SLIDE 66

Accurate Guessing Methods

100s MB to GBs!

66

SLIDE 67

Accurate Guessing Methods

100s MB to GBs!

67

Neural networks: 60MB, 3MB

SLIDE 68

Accurate Guessing Methods

68

Neural networks: 60MB, 3MB

?

SLIDE 69

Accurate Guessing Methods

69

Hours to days!

SLIDE 70

Can neural networks give real-time feedback?

70

SLIDE 71

Ideal Meter Targets

Small: < 1MB
Fast: < 0.1 sec
JavaScript
Accurate

71

SLIDE 72

Making Meters Small

Start with small version of neural network
Quantize parameters of model
Compress with existing lossless compression methods

72

850KB < 1MB

SLIDE 73

Making Meters Fast

Pre-compute inexact mapping from prob → guess number
Cache intermediate results
Run on separate thread

73

17 ms < 0.1 sec

SLIDE 74

Meter Accuracy

74

SLIDE 75

Meter Accuracy

75

SLIDE 76

Meter Accuracy

76

SLIDE 77

Meter Accuracy

77

SLIDE 78

Modeling Passwords Using Neural Networks

Neural networks guess passwords accurately
Can be made small and fast for client-side feedback

github.com/cupslab

78

William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor