fast lean and accurate modeling password guessability
play

Fast, Lean, and Accurate: Modeling Password Guessability Using - PowerPoint PPT Presentation

Jan 23, 2023 •20 likes •800 views

Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher , Blase Ur, Sean Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor Guessing Methods 2 Guessing Methods John the

  1. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks William Melicher , Blase Ur, Sean Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor

  2. Guessing Methods 2

  3. Guessing Methods ● John the Ripper ● Hashcat 3

  4. Guessing Methods ● John the Ripper Dictionary word + Rules ● Hashcat 4

  5. Guessing Methods ● John the Ripper Dictionary word + Rules + append 2 digits password ● Hashcat 5

  6. Guessing Methods ● John the Ripper Dictionary word + Rules + append 2 digits password ● Hashcat password11 password12 ... 6

  7. Guessing Methods ● John the Ripper ● Hashcat ● Markov Models 7

  8. Guessing Methods ● John the Ripper p a s s ● Hashcat e t ● Markov Models ... 8

  9. Guessing Methods ● John the Ripper ● Hashcat ● Markov Models ● PCFGs 9

  10. Guessing Methods ● John the Ripper ● Hashcat L8D2 L6S2 ... ● Markov Models monkey!! password12 qwerty.. password11 ● PCFGs ... ... 10

  11. Guessing Methods ● John the Ripper ● Hashcat ● Markov Models ● PCFGs 11

  13. Can we guess more accurately? Quicker? With fewer resources? 13

  14. Our Approach: Neural Networks Hello = Здравствуйте Handwriting Recognition → Handwriting recognition 14

  15. Outline: Guessing with Neural Networks ● How to guess passwords with neural networks ● Password guesser design ● Comparison to other guessing methods ● Real-time, in-browser feedback with neural networks 15

  16. Generating Passwords 16

  17. Generating Passwords o or maybe 0 or O or ... passw 17

  18. Generating Passwords Next char is: A: 3% B: 1% C: 0.6% passw … O: 55% … Z: 0.01% 0: 20% 1: ... 18

  19. Generating Passwords “” Prob: 100% 19

  20. Generating Passwords Next char is: A: 3% B: 2% C: 5% “” … Prob: 100% O: 2% … Z: 0.2% 0: 1% 1: … END: 2% 20

  21. Generating Passwords Next char is: A: 3% B: 2% C: 5% “” … Prob: 100% O: 2% … Z: 0.2% 0: 1% 1: … END: 2% 21

  22. Generating Passwords Next char is: A: 3% B: 2% C: 5% “” … Prob: 100% O: 2% … Z: 0.2% 0: 1% 1: … END: 2% 22

  23. Generating Passwords “C” Prob: 5% 23

  24. Generating Passwords Next char is: A: 10% B: 1% C: 4% “C” … O: 8% Prob: 5% … Z: 0.02% 0: 3% 1: … END: 6% 24

  25. Generating Passwords Next char is: A: 10% B: 1% C: 4% “C” … O: 8% Prob: 5% … Z: 0.02% 0: 3% 1: … END: 6% 25

  26. Generating Passwords Next char is: A: 3% B: 10% C: 7% “CA” … O: 1% Prob: 0.5% … Z: 0.03% 0: 2% 1: … END: 12% 26

  27. Generating Passwords Next char is: A: 3% B: 10% C: 7% “CAB” … O: 1% Prob: 0.05% … Z: 0.03% 0: 2% 1: … END: 3% 27

  28. Generating Passwords Next char is: A: 4% B: 3% C: 1% “CAB” … O: 2% Prob: 0.05% … Z: 0.01% 0: 4% 1: … END: 12% 28

  29. Generating Passwords Next char is: A: 4% B: 3% C: 1% “CAB” … O: 2% Prob: 0.05% … Z: 0.01% 0: 4% 1: … END: 12% 29

  30. Generating Passwords “CAB” Prob: 0.006% 30

  31. Generating Passwords CAB - 0.006% CAC - 0.0042% ADD1 - 0.002% CODE - 0.0013% ... 31

  32. Generating Passwords Must be longer than CAB - 0.006% 3 characters CAC - 0.0042% ADD1 - 0.002% CODE - 0.0013% ... 32

  33. Password Policies: 1class8 1 character class and 8 characters minimum password123 12345678 monkey99 33

  34. Password Policies: 4class8 4 character classes and 8 characters minimum Pa$$w0rd !Qaz2wsx Jvj24601! 34

  35. Password Policies: 1class16 1 character class and 16 characters minimum 123456789123456789 qwertyuiop123456 Monika1234567890 35

  36. Password Policies: 3class12 3 character class and 12 characters minimum llamalove123 Mypassword#3 N@rut0_r0ck5 36

  37. Outline: Guessing with Neural Networks ● How to guess passwords with neural networks ● Password guesser design ● Comparison to other guessing methods ● Real-time, in-browser feedback with neural networks 37

  38. Design Space 38

  39. Design Space ● Model size 3MB - Browser 60MB - Limited by GPU 39

  40. Design Space ● Model size 1class8 network ● Transference learning Transfer knowledge 3class12 network 40

  41. Design Space ● Model size Natural language? ● Transference learning ● Training data Varying training sets? 41

  42. Design Space ● Model size ● Transference learning ● Training data ● Model architecture ● Alphabet size ● Password context 42

  43. Testing Methodology ● Approach: measure # guessed passwords ● Training data: leaked password sets ● Testing data ○ MTurk study passwords: 1class8, 4class8, 1class16, 3class12 ○ Real passwords: 000webhost password leak ● Use Monte-Carlo to estimate guess numbers (Dell’Amico and Filippone CCS ‘15) 43

  44. Tuning Training 44

  45. 45

  46. 46

  47. 47

  48. More accurate guessing 48

  49. More accurate guessing 49

  50. Transference Learning → More Accurate 15% → 22% 50

  51. Natural Language Doesn’t Help 51

  52. Model Size: Larger Is More Accurate 52

  53. Model Size: Larger Is More Accurate 53

  54. Model Size: Larger Is More Accurate 54

  55. Sometimes Model Size: Larger Is More Accurate 55

  56. Comparison to Other Approaches 56

  57. 1class8: Comparison 57

  58. 1class8: Neural Networks Guess Better 58

  59. 1class8: Neural Networks Guess Better 59

  60. 4class8: Neural Networks Guess Better 60

  61. 3class12: Neural Networks Guess Better 61

  62. 3class12: Neural Networks Guess Better 30% → 45% 62

  63. Password feedback: 63

  64. Current password feedback: Quick or accurate 64

  65. Accurate Guessing Methods 100s MB to GBs! 65

  66. Accurate Guessing Methods 100s MB to GBs! 66

  67. Accurate Guessing Methods 100s MB to GBs! Neural networks: 60MB, 3MB 67

  68. Accurate Guessing Methods ? Neural networks: 60MB, 3MB 68

  69. Accurate Guessing Methods Hours to days! 69

  70. Can neural networks give real-time feedback? 70

  71. Ideal Meter Targets ● Small: < 1MB ● Fast: < 0.1 sec ● JavaScript ● Accurate 71

  72. Making Meters Small ● Start with small version of neural network ● Quantize parameters of model ● Compress with existing lossless compression methods 850KB < 1MB 72

  73. Making Meters Fast ● Pre-compute inexact mapping from prob → guess number ● Cache intermediate results ● Run on separate thread 17 ms < 0.1 sec 73

  74. Meter Accuracy 74

  75. Meter Accuracy 75

  76. Meter Accuracy 76

  77. Meter Accuracy 77

  78. Modeling Passwords Using Neural Networks ● Neural networks guess passwords accurately ● Can be made small and fast for client-side feedback github.com/cupslab William Melicher , Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor 78

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Accuracies and Biases in Modeling Password Guessability Blase Ur, Sean M. Segreti, Lujo Bauer,

Accuracies and Biases in Modeling Password Guessability Blase Ur, Sean M. Segreti, Lujo Bauer,

Measuring Real-World Accuracies and Biases in Modeling Password Guessability Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay

1.35k views • 114 slides
6/4/2020 State of Michigan Lean Process Improvement (LPI) Fast, Accurate, and Secure Using Lean

6/4/2020 State of Michigan Lean Process Improvement (LPI) Fast, Accurate, and Secure Using Lean

6/4/2020 State of Michigan Lean Process Improvement (LPI) Fast, Accurate, and Secure Using Lean Principles to Improve your Election Process Anne Cram and Matt Casby , Office of Continuous Improvement MAMC Annual Convention 6/11/20 1 WELCOME!

351 views • 11 slides
FAST: A Functionally Accurate Simulation Toolset for the Cyclops-64 Cellular Architecture Juan

FAST: A Functionally Accurate Simulation Toolset for the Cyclops-64 Cellular Architecture Juan

First Workshop on Modeling, Benchmarking and Simulation (MoBS) at the 32 nd International Symposium on Computer Architecture FAST: A Functionally Accurate Simulation Toolset for the Cyclops-64 Cellular Architecture Juan del Cuvillo, Weirong Zhu,

436 views • 33 slides
JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile Simulation Berkin Ilbeyi and Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University

541 views • 24 slides
Drive-Thru: Drive-Thru: Fast, Accurate Evaluation of Fast, Accurate Evaluation of Storage Power

Drive-Thru: Drive-Thru: Fast, Accurate Evaluation of Fast, Accurate Evaluation of Storage Power

Drive-Thru: Drive-Thru: Fast, Accurate Evaluation of Fast, Accurate Evaluation of Storage Power Management Storage Power Management Daniel Peek Jason Flinn University of Michigan 1 Power Management Needed Power Management Needed

587 views • 34 slides
Bio Detectors Accurate and precise Stable system Fast and visible response Versatile

Bio Detectors Accurate and precise Stable system Fast and visible response Versatile

Introduction Bio Detectors Accurate and precise Stable system Fast and visible response Versatile Our Idea Our Idea Fast Visible Output Accurate Detection

692 views • 39 slides
UK Lean Summit 2016 UK Lean Summit 2016 Learning Lean, Lean Learning Learning Lean, Lean

UK Lean Summit 2016 UK Lean Summit 2016 Learning Lean, Lean Learning Learning Lean, Lean

UK Lean Summit 2016 UK Lean Summit 2016 Learning Lean, Lean Learning Learning Lean, Lean Learning Wel elcom e e t o t t he e Pre re-Sum m it t Mas ast erclas ass Sessi ssions www.leanuk.org Monday 14 th November UK Lean Summit 2016

1.13k views • 65 slides
Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Hierarchical ERG models Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances David Hunter Michael Schweinberger Duy Vu Ruth Hummel Department of Statistics, Penn State University MURI meeting, Nov

521 views • 34 slides
Delegation Sketch : a Parallel Design with Support for Fast and Accurate Concurrent Operations

Delegation Sketch : a Parallel Design with Support for Fast and Accurate Concurrent Operations

EuroSys 2020 Delegation Sketch : a Parallel Design with Support for Fast and Accurate Concurrent Operations Charalampos Stylianopoulos, Ivan Walulya, Magnus Almgren, Olaf Landsiedel and Marina Papatriantafilou Chalmers University of Technology,

315 views • 14 slides
DeepLumen Fast and Accurate Segmentation of Coronary Arteries for Improved Cardiovascular Care

DeepLumen Fast and Accurate Segmentation of Coronary Arteries for Improved Cardiovascular Care

DeepLumen Fast and Accurate Segmentation of Coronary Arteries for Improved Cardiovascular Care Kersten Petersen, Michiel Schaap, David Lesage, Matthew Lee, and Leo Grady GTC 2017 How do we find the right treatment for patients with symptoms of

709 views • 55 slides
User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart

User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart

Build Smart Applications Fast User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart Applications Fast Two ways to reset a (forgotten or expired) password: Forgot Details Receive an email from

593 views • 10 slides
ACCURATE MODELING &amp; GENERATION OF STORAGE I/O FOR DC WORKLOADS Christina Delimitrou 1 , Sriram

ACCURATE MODELING &amp; GENERATION OF STORAGE I/O FOR DC WORKLOADS Christina Delimitrou 1 , Sriram

ACCURATE MODELING &amp; GENERATION OF STORAGE I/O FOR DC WORKLOADS Christina Delimitrou 1 , Sriram Sankar 2 , Kushagra Vaid 2 , Christos Kozyrakis 1 1 Stanford University, 2 Microsoft EXERT March 06 th 2011 Datacenter Workload Studies

263 views • 25 slides
Non-penetration modeling error in physical simulation time-steppers A more accurate and robust

Non-penetration modeling error in physical simulation time-steppers A more accurate and robust

Outline Introduction Error in non-penetration modeling New method to determine active set Conclusion Non-penetration modeling error in physical simulation time-steppers A more accurate and robust method Binh Nguyen, Jeff Trinkle Computer

274 views • 24 slides
Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed

Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed

Fast and Accurate Load Balancing for Geo-Distributed Storage Systems Kirill L. Bogdanov 1 Waleed Reda 1,2 Gerald Q. Maguire Jr. 1 Dejan Kostic 1 Marco Canini 3 1 KTH Royal Institute of Technology 2 Universit Catholique de Louvain 3 KAUST

959 views • 33 slides
Lean Processing For Practice Transformation Ellen Batchelor Objectives How &amp; Why Lean,

Lean Processing For Practice Transformation Ellen Batchelor Objectives How &amp; Why Lean,

5/13/13 Lean Processing For Practice Transformation Ellen Batchelor Objectives How &amp; Why Lean, a.k.a., the Toyota Production System Introduce concepts Whet your appetite Next steps 1 5/13/13 What is Lean? Lean

866 views • 24 slides
Fast and Accurate Inference for the Smoothing Parameter in Semiparametric Models Alex Trindade

Fast and Accurate Inference for the Smoothing Parameter in Semiparametric Models Alex Trindade

Fast and Accurate Inference for the Smoothing Parameter in Semiparametric Models Alex Trindade Dept. of Mathematics &amp; Statistics, Texas Tech University Joint work with Rob Paige , Missouri University of Science and Technology Funded in part by

409 views • 19 slides
GRUPPO DI STUDIO PER IL BILANCIO SOCIALE SOME INSIGNTS OBJECTIVESS: AWARENESS AND REGULATIONS

GRUPPO DI STUDIO PER IL BILANCIO SOCIALE SOME INSIGNTS OBJECTIVESS: AWARENESS AND REGULATIONS

16/11/2012 GRUPPO DI STUDIO PER IL BILANCIO SOCIALE SOME INSIGNTS OBJECTIVESS: AWARENESS AND REGULATIONS THE GROWING AWARENESS OF THE SOCIAL ROLE OF BUSINESS HAS RENEWED INTEREST IN SOCIAL COMMUNICATION CULTURE AND APPROACHES..

507 views • 7 slides
Cooperating with upstream projects Packaging tips and tricks Philippe Coval Tizen engineer

Cooperating with upstream projects Packaging tips and tricks Philippe Coval Tizen engineer

Cooperating with upstream projects Packaging tips and tricks Philippe Coval Tizen engineer &lt;https://wiki.tizen.org/wiki/User:Pcoval&gt; &lt;philippe.coval@open.eurogiciel.org&gt; Context Who am I ? FLOSS enthusiast Communities:

769 views • 39 slides
Predicting the performance of QuantumESPRESSO Pietro Bonf, Fabio Affinito, Carlo Cavazzoni

Predicting the performance of QuantumESPRESSO Pietro Bonf, Fabio Affinito, Carlo Cavazzoni

Predicting the performance of QuantumESPRESSO Pietro Bonf, Fabio Affinito, Carlo Cavazzoni CINECA MaX International Conference 2018, Trieste 29-31 January 2018 Hardware software co-design Intel : [...] the new architecture we are designing

434 views • 25 slides
Cache on delivery marco@sensepost.com Tuesday 20 July 2010 whoami Tuesday 20 July 2010

Cache on delivery marco@sensepost.com Tuesday 20 July 2010 whoami Tuesday 20 July 2010

Cache on delivery marco@sensepost.com Tuesday 20 July 2010 whoami Tuesday 20 July 2010 Scalable applications / Cloud? http://csrc.nist.gov/groups/SNS/cloud-computing/ Tuesday 20 July 2010 Cloud options

679 views • 36 slides
Distributed TensorFlow CSE545 - Spring 2020 Stony Brook University Big Data Analytics, The Class

Distributed TensorFlow CSE545 - Spring 2020 Stony Brook University Big Data Analytics, The Class

Distributed TensorFlow CSE545 - Spring 2020 Stony Brook University Big Data Analytics, The Class Goal: Generalizations A model or summarization of the data. Data Frameworks Algorithms and Analyses Similarity Search Hadoop File System Spark

935 views • 81 slides
Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation CHES 2015 Sujoy Sinha

Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation CHES 2015 Sujoy Sinha

1 Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation CHES 2015 Sujoy Sinha Roy 1 , Kimmo Jrvinen 1 , Frederik Vercauteren 1 , Vassil Dimitrov 2 , and Ingrid Verbauwhede 1 1 ESAT/COSIC and iMinds, KU Leuven 2 The

849 views • 53 slides
Return Address Integrity Naif Saleh Almakhdhub 1,4 Abraham A. Clements 3 Saurabh Bagchi 1 Mathias

Return Address Integrity Naif Saleh Almakhdhub 1,4 Abraham A. Clements 3 Saurabh Bagchi 1 Mathias

RAI : Securing Embedded Systems with Return Address Integrity Naif Saleh Almakhdhub 1,4 Abraham A. Clements 3 Saurabh Bagchi 1 Mathias Payer 2 1 2 3 4 Sandia National Laboratories is a multimission laboratory managed and operated by National

852 views • 35 slides
Accelera'ng Convergence of Free Energy Calcula'on with Hamiltonian Replica Exchange Wei Jiang

Accelera'ng Convergence of Free Energy Calcula'on with Hamiltonian Replica Exchange Wei Jiang

Accelera'ng Convergence of Free Energy Calcula'on with Hamiltonian Replica Exchange Wei Jiang 2017 Computa3onal Biophysics Workshop, Sept 25-29th Outline 1. Mul'ple Copy Algorithm of NAMD Aims &amp; Implementa3on User interface Popular

277 views • 24 slides

More recommend