Search the portal

Please enter a term

Full record

« Back to home page
TitleOcenjevanje ranljivosti gesel na napad z opazovanjem
TitleEvaluation of passwords' vulnerability to shoulder surfing attacks
AuthorBošnjak, Leon
Subject(s)avtentikacija; besedilna gesla; grafična gesla; napad z opazovanjem; ocenjevanje ranljivosti; eksperimentalni načrt; authentication; textual passwords; graphical passwords; shoulder surfing; vulnerability evaluation; experimental design; info:eu-repo/classification/udc/004.056.523(043.3)
Abstract

Problem preverjanja pristnosti ostaja eden ključnih izzivov na področju informacijske varnosti. Zaznamujejo ga naraščujoče varnostne pomanjkljivosti besedilnih gesel, ki že pol stoletja vztrajajo kot prevladujoč način avtentikacije. V tem času so bile predlagane metode, ki skušajo nadomestiti besedilna gesla, čeprav njih same odražajo druge pomanjkljivosti. Med predlaganimi izstopajo grafična gesla kot ena izmed alternativ, ki izboljšuje odpornost na napade s surovo silo, hkrati pa dosega zadostno raven uporabnosti ter enostavnosti. Kljub temu bi grafična gesla zaradi izpostavljenosti vizualnih elementov lahko bila ranljiva na napade z opazovanjem. Napad z opazovanjem je tehnika socialnega inženiringa, ki se pogosto obravnava v kontekstu grafične avtentikacije. Ne glede na to je ranljivost na tovrstni napad redko ocenjena empirično, obstoječe evalvacije pa so slabe kakovosti in veljavnosti. Glavni namen raziskave je bil preučiti razloge za slabe evalvacije ranljivosti na napad, ter oblikovati ustrezne metodološke izboljšave, ki bi raziskovalcem omogočili visoko-kakovostno vrednotenje te ranljivosti. V raziskovalni fazi smo opravili sistematičen pregled literature o napadu z opazovanjem. Preiskava je odkrila dva glavna problema. Prvič, v literaturi je uporabljenih mnogo različnih meritev ranljivosti, predvsem zaradi omejenega razumevanja napada ter številnih dejavnikov, ki nanj vplivajo. Drugič, poskusi napadov so običajno zasnovani na podlagi poljubnih in spontanih odločitev, saj se raziskovalci pogosto zanašajo na lastno intuicijo in strokovno znanje, da določijo posebne okoliščine, v katerih so dane metode ranljive na takšen napad. Da bi rešili problem merjenja občutljivosti na napad z opazovanjem, smo iz vseh možnih metrik sestavili ansambel. Individualne metrike smo normalizirali in prilagodili tako, da upoštevajo tudi delno pravilna ugibanja znakov gesla. Nato smo posamezne metrike združili v sestavljene na podlagi skupnih lastnosti. Takšen pristop je omogočal splošno in poglobljeno analizo dovzetnosti določene metode na napad z več zornih kotov. To raziskovalcem omogoča, da raziščejo možne dejavnike in druge prikrite razloge, zakaj je določena metoda dovzetna na napad z opazovanjem. Ansambel smo integrirali v ogrodje za ocenjevanje ranljivosti na napad z opazovanjem. Vseboval je nabor 30 parametrov: 10 za opis vidikov načrtovanja metode in ugotavljanja okoliščin, v katerih bi metoda lahko bila ranljiva na napad, in dodatnih 20 za določitev najprimernejšega eksperimentalnega postopka na podlagi modela tveganj. Ogrodje smo zasnovali z namenom, da bi raziskovalcem zagotovili metodološki aparat, ki bi omogočal visoko-kakovostno načrtovanje in izvedbo eksperimentov napada z opazovanjem. Za dosego tega cilja pričakujemo revizije in izboljšave ogrodja na osnovi na novo pridobljenega znanja iz izvedenih eksperimentov. Ustreznost ogrodja za ocenjevanje ranljivosti in metričnega ansambla smo preverili v živem eksperimentu, v katerem je 276 udeležencev prevzelo vlogo zlonamernih in naključnih opazovalcev, ki napadajo tri avtentikacijske metode: besedilna gesla, sistem gesel za spreminjanje iger, in asociativne sezname. Osem eksperimentalnih skupin smo primerjali in analizirali vse metrike ranljivosti na napad ter čase prijave v različnih eksperimentalnih pogojih. Rezultati potrjujejo, da so grafične metode zaradi izpostavljenosti vizualnih elementov in transparentnosti interakcije človek-računalnik bolj dovzetne na tovrsten napad. Disertacija ključno prispeva k objektivnem in celovitem načinu ocenjevanja ranljivosti na napad z opazovanjem. Z izpopolnjevanjem ocenjevalnega ogrodja in metričnega ansambla ranljivosti pričakujemo izboljševanje kakovosti tovrstnih empiričnih raziskav. Nadejamo se, da bo pridobljeno znanje povečalo naše razumevanje napada z opazovanjem in spodbudilo zasnovo novih avtentikacijskih mehanizmov, odpornih na napad z opazovanjem.

The password security problem is one of the most critical challenges in the field of information security. It is characterized by the increasing security deficiencies of textual passwords that have dominated the authentication space for half a century. Over this time, methods aiming to replace them have been proposed, all bearing different sets of flaws. Among them, graphical passwords stand out as an alternative that improves on the resilience to brute-force attacks, while attaining a reasonable level of usability and deployability. However, their visual prominence potentially makes them more vulnerable to physical observation. Shoulder surfing attack (SSA) is a social engineering technique that is often considered in the context of graphical authentication. Despite that, the vulnerability to this attack vector is rarely evaluated empirically, and the existing experimental evaluations suffer from poor quality and validity. The main purpose of this research was to examine the reasons behind substandard empirical SSA evaluations, and to design appropriate methodological improvements to facilitate high-quality SSA evaluation. In the exploratory phase, we conducted a systematic review of the shoulder surfing literature. The investigation identified two major problems. Firstly, a multitude of vulnerability metrics are employed across the literature, mainly due to a limited understanding of the SSA phenomenon and underlying factors that affect it. Secondly, SSA experiments are usually designed based on arbitrary ad-hoc decisions because researchers rely on intuition and expert knowledge to determine circumstances in which given methods are vulnerable to observation. To address the problem of SSA susceptibility measurement, we constructed a vulnerability metric ensemble from all potential measures. Individual metrics were normalized and adapted to consider partial guesses, before they were combined into composite metrics based on their core focus and similarity. This approach allowed for general and in-depth analyses of a given method's susceptibility to SSA from several points of view. Ultimately, this enables researchers to explore the potential factors and underlying reasons behind why a given method may be susceptible to observation. The established ensemble was integrated into a SSA evaluation framework. It comprised a set of 30 parameters: 10 to describe the method's design aspects and establish circumstances in which the method may be vulnerable to observation, and 20 to determine the most suitable experimental setup based on the threat model. The framework was devised with the intention to provide researchers with a methodological apparatus to facilitate high-quality SSA experiment design and execution. In pursuit of this goal, revisions of the framework are expected through novel insight obtained from the executed experiments. The evaluation framework and vulnerability metric ensemble were validated in a live shoulder surfing experiment. A total of 276 participants were recruited to simulate malicious and incidental observers attacking three authentication methods: textual passwords, the Game Changer Password System, and association lists. Eight experimental groups were compared and analyzed in terms of all SSA vulnerability metrics and login times under various experimental conditions. The results confirm that graphical methods are more susceptible to physical observation, due to their visual prominence and transparency of human-computer interaction. The work performed in this dissertation makes a key contribution toward an objective and comprehensive evaluation of the SSA vulnerability. Through continuous improvement of the evaluation framework and the vulnerability metric ensemble, the quality of empirical SSA studies is expected to grow. The obtained insight should increase researchers' understanding of the shoulder surfing phenomenon, and promote future design of SSA-resistant authentication mechanisms.

PublisherL. Bošnjak
ContributorBrumen, Boštjan
Date2022-08-12
Typeinfo:eu-repo/semantics/doctoralThesis; info:eu-repo/semantics/publishedVersion
Identifier
Identifier
Identifier
Languageeng
Formatapplication/pdf
Rightshttp://creativecommons.org/licenses/by-nc-nd/4.0/
Rightsinfo:eu-repo/semantics/openAccess
AudienceStudents
SourceMaribor