10. Security and user interface
EPKeygen
https://gyazo.com/b613461e4759af40dcbd1950a5f0a4d3
Twitter takeover incident (2017)
https://gyazo.com/4fd4b80773fe58d40b65bbad5daeb82e
Usability and security
Tradeoff exists
Important, but not popular
Think about security issues from a wider view
システム/人間を総合的にセキュリティを考える
重要概念だが流行っていない
必要技術
人が安心できる方式
安全性を評価する技術
SPT SIG @ IPSJ (Information Processing Society in Japan) https://gyazo.com/a082e9d54a3f2e778c516bb82c47a376.png
Think about security from psychological aspect
Since 2011
Number of people ar small
Research on Security
Cryptography, attacks, valunarability, ...
社会における様々な機能がインターネットやそこに接続された無数のコンピュータによって制御され、運用管理が行われるようになった現在、ネットワークで接続されたサイバースペースの安全は今後の社会を支えていく上でますます重要なものとなっている。日々様々な形の犯罪や事故が発生しておりこういった事態を未然に防止し被害を最小に止めるサイバーセキュリティの専門家に対するニーズが高まっている。セキュリティ専門家は情報技術やネットワークの技術的な知識だけでなく、法律、社会制度、組織の運営管理など学際的で総合的な知識に加えサイバー攻撃やシステム脆弱性の分析、事件・事故への迅速な対処などセキュリティ領域における深い理解と高度な対処能力も求められる。本コースでは、 SFCの学際性と情報通信分野における高度な専門性を活かして社会の要請に応える高度なサイバーセキュリティ人材を育成する。
Cyber leadership course (Prof. Nakamura)
https://gyazo.com/52014c00ff1fa1871055ae1bd7be3838
WHat is the right authentication approach?
https://gyazo.com/dc4a183e4c4854480e590c09fcb5e40b
https://gyazo.com/12e4b11d6ce50f83514d8a1e7b1b82cd
Security visualizaton
https://www.amazon.co.jp/dp/0321510100 https://gyazo.com/7aedb3bff6f9ce6ecb04ff6ab23b32af
Reason why we need authentication
Ubiquitous society
→ Everybody uses computers anywhere
→ Computers ared shared by many people
→ Authentication required everywhere
Authentication methods
What we have
Keys, USB devices
What we are
Biometric authentication (fingerprint, etc.)
What we know
Passwords, challenge questions
What we can do
CAPTCHA
Combination of above methods
Bank card + PIN
2-factor authentication
Biometric authentication + PIN
Authentication on the Web
Mainly password-based
Ather authentication methods are rarely used
Password authentication
Easy to implement
No recognition systems required
Easy to use on PC
Using keyboards
Secure if properly managed
Can be strong with very long passwords
Problems of password authentication
Difficult to choose an appropriate password
Difficult to remember
Easily forgotten
Easily attacked
Easily copied
Text input device required
Problems of authentication hardware
(Like keys, cards, etc.)
Inconvenient to carry
Forget to carry
Risk of theft or loss
Problems of biometric authentication
Unusable when sick or injured
Can be copied
Can be used by stunning
Can't change data
Comparison of various authentication techniques
Passwords might be the best
http://gyazz.com/upload/be36ee9a3c80239387aea5e5776de6f5.pdf https://gyazo.com/dae200eef4281fe3b8e4f8dc6c9b44b9.png
Managing passwords
Password reuse is very risky
https://gyazo.com/4f1e7b5e4442fb9e71683c859632ccde
Password management
Frequent change of password is not recommended
People tend to use simpler passwords
Ok if people change it voluntarily
Writing down on paper may be okay
Checking if your password is known
Chrome extension
Warned when we try to use a stolen password
Check examplle
Authentication on browsers
Basic authentication
Digest authentication
Proprietary methods
Basic authentication (Apache)
Describe info in .htaccess
code:.htaccess
AuthUserFile /home/masui/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Required"
AuthType Basic
require user masui
Create the password file using htpasswd command
Passwords are sent to the server in plain text
Describe inf in .htaccess
code:.htaccess
AuthType Digest
AuthName "member only"
AuthDigestDomain /server/script/digest/
AuthDigestFile /home/masui/.htdigest
require user masui
Create the password file using htdigest command
Encrypted passwords sent to server
Encryption is based on an ID give by server
Use special authentication technique
code:html
<center>
<input type="password" style="font-size:30pt;"><br>
<span style="font-size:24pt;"><input type="password" style="font-size:20pt;"></span>
</center>
Communication via HTTPS
Prevent peeking
How to continue login status
Use "cookies"
Send auth data every time browser interact with server
Authentication on the Web
PKI (Public Key Infrastructure)
PGP (Pretty Good Privacy)
c.f. Certificate authority in the real world
https://gyazo.com/58ba83f7368ca767ab28ffb25a368d1f.png
Notary
Publish certificate document (deed)
Give credential to personal documents
Prove the fixed date to data
City hall
PKI
Infrastructure based on Public-key cryptography
Use Certificate Authority (CA)
https://gyazo.com/0647da8a7628a2081e047edfa16b4473.png
Prevent the risk of losing secret key
Use public key (pk) and secret key (sk)
pk⇒sk、sk⇒pk cannot be calculated
Encryption algorithm Epk
Decryption algorithm Dsk
m == Dsk(Epk(x))
Publish pk
Using ssh
Use ssh-keygen command to generate public key and secret key
Public key: id_dsa.pub or id_rsa.pub
Secret key: id_dsa or id_rsa
Copy public key to server
Keep secret key in PC
Public key should be treated carefully
Demo: ssh
% ssh-keygen
SSL
Secure Sockets Layer
Developed by Netscape in 1994
Used for secure communication between browser and server
https://(url)
Characteristics of public-key cryptography
Secure communication using shared public key
Public key should be examined before starting communication
Cirtificate Authority (CA)
Guarantee that the public key is correct
Publish certificate
If we can trust the CA, we can trust the public key guaranteed by the CA
Public keys of the CAs should be guaranteed
Registered on browsers
https://gyazo.com/9e9b7d53ce5f24737b725fcbe197a858.png
CA hiearachical structure
https://gyazo.com/d3abed0b5c711d0bd2106c9facc4a53e.png
Certificate published by the user
Not registered in browsers
No money paid to CA
Difficulty of proving whether the data is right
Data can be easily copied and created from scratch
e.g. Difficult to prove that certain data existed at a specified time
Use notary office
Electric notarization
Problems of electric notarization
Takes time
Costs a lot
Not easily usable
Register information (and its hash value) at many places
Maybe used for proving the date
Digital timestamp technology and services
Authentication topics related to time
Can you create data tha can be available only after 2 years?
PGP (Pretty Good Privacy) Don't use centeral CAs
People believe the data if the data is signed by many people
Web authentication services
FlickrAPI
TypeKey authentication
Hatena authentication API
livedoor Auth
JugemKey authentication API
Facebook OAuth
特定サービスにパスワードを教えることなくFlickerにアクセスさせる
Flickerのパスワードで別のサービスを利用する
https://gyazo.com/5575fb6404ab2b6f6913944dfbc4456f.png
はてなアカウントによる認証を別サイトで利用
アカウント管理をはてなにアウトソーシング
知名度向上や新規ユーザ獲得を期待
https://i.gyazo.com/8c320e4e21bc931f824736189f9f0b7c.png
Problems of OpenID
https://i.gyazo.com/c545180dc113d2aaab03a2d664489bb0.png
Many services from many providers
Confusing
Standardization of authentication services
OpenID
OAath
Basic technology
Single Sign-On (SSO)
Authentication and Autorization
Authentication (認証)
Authorization (認可)
Authentication (認証)
Check if the right user is accessing the network
Using ID and passwords
If successful, all data can be managed by the login user
Authorization
Control access rights based on the authentication information
Possible to allow partial access
Use outside service for authentication
No need to handle password in the service
Single sign-on standard
Authentication for the Web
Authentication only
(no authorization)
Commponents in OpenID
OP(OpenID Provider)
Authentication service provider
RP(Relying Party)
Web service that use OpenID authenticator
OpenID account
Users
OpenID protocol
https://i.gyazo.com/98a5e827a405bd8d1192b65b6fd20700.png
OpenI protocol
https://i.gyazo.com/25c180ad66415d47e5f6337848aa3e6d.png
OpenID providers
https://gyazo.com/9b06c996489f365ae5daffd8a94c77f7.png
その他多数
Put the following code in pitecan.com
code:html
<html>
<head>
<link rel="openid.server"
<link rel="openid.delegate"
Log in at a service that support OpenID
Enter ID and password in vox authentication window
OpenID providers
Usability of OpenID
Registration and setting up difficult
Difficult to underestand the principle
Difficult to enter ID
Current status
Less number of people are using
Non-smart specification
Concerns
Is it okay to use outside service for passwor management?
We cannot tell if service provider is reliable
Introduced in 2007
Authorization protocol
Useful for "mushup" services
Users allow the usage of their data to other services
e.g. allow a service to use Facebook data
Consumer (e.g. smart.fm) asks service provider (e.g. Google) to get access token
VERY complicated
https://gyazo.com/02a7c417784367f814663dd9021f1056.png
0. ConsumerはService ProviderからあらかじめOAuth利用許可を得る
1. UserがConsumerに,Service Providerから認可が必要な情報へのアクセス権を取得するように指示する。
2. ConsumerはバックグラウンドでService Providerにアクセスし,未認可のRequest Tokenを取得する
3. ConsumerはUserをService Providerにリダイレクトさせる。この際Consumerは未認可のRequest TokenをURL Parameterに付加する
4. UserはService Provider上でConsumerへのアクセス権委譲を許可する。この際Service Providerは未認可のRequest Tokenを認可済とする
5. Service ProviderはUserをConsumerにリダイレクトさせる。この際Service Providerは認可済のRequest TokenをURLに含める
6. ConsumerはバックグラウンドでService Providerと通信を行い,認可済のRequest Tokenを実際のアクセス権を示すAccess Tokenと交換する
7. Consumerは6)で得られたTokenを利用して,特定の情報にアクセスする</span><br>
OAuth example
https://gyazo.com/e5154feec4faf9726a793a39baff7068.png
OpenID vs OAuth
https://gyazo.com/907f74bfce4340a058081fca4f277ccf
Problems of authorization services
Difficult to understand the principle
Can anybody understand concepts?
Can people notice flaud?
Not very easy to use
Phishing possibilities
Toward ideal authentication interface
Everybody
Everywhere
Easy
Safe
c.f. Safety(安全) and peace of mind (安心)
Safety = objective
Peace of mind = subjective
Safety
No fatal risk
Not safe but feels safe
Car driving
Password
Keys
Safe but feels unsafe
Chemical ingredient
PKI?
Something with safe feeling
Understandable
Familiar
Old
Problems of password authentication (再掲)
Difficult to choose an appropriate password
Difficult to remember
Easily forgotten
Easily attacked
Easily copied
Text input device required
Problems of authentication hardware
(Like keys, cards, etc.)
Inconvenient to carry
Forget to carry
Risk of theft or loss
Problems of biometric authentication
Unusable when sick or injured
Can be copied
Can be used by stunning
Can't change data
Password management systems
Handle multiple passwords in a single application
Users should remember a "master passwords"
Fatal if they forget it
Not the best solution, but practical solution
Password management systems
1Password
LastPass
Just1Key
SuperGenPass
Dashlane
Enpass
SplashID
KeePass
Keeper
...
Two-step authentication
Use SMS and phone to double-check
Losing smartphone might be fatal
"Recovery code" required, but difficult to manage them
Ideal authentication system
Safe
Feel safe
Available anywhere
No need to think a lot
No need to remember something
No need to use special devices
Requirements
Only use info in the brain
Knowledge, ability, ...
⇒ Use episodic memoty
c.f. semantic memory
Everybody has episodic memories
Never forget
Other people cannot guess
Cannot be copied
Why not using episoic memories for authentication?
Image-based authentication
Use images for authentication
Use images related to memories
Draw special images
Recommending image-based authentication
Article on image-based authentication
IPSJ Journal (情報処理) vol.47, no.5 (2006)
Draw-A-Secret (DAS)
Gesture recognition
http://gyazo.com/c8b5733cb850b946e8bfea27dc3fd518.png
DéjàVu
Select your favorite images
Images are automatically created
https://gyazo.com/38a52f9d4f2c67eaf6f6cc7acdf3e13e.png
Select faces you like
https://gyazo.com/918210f59d3892b2acdeb7aa276e9863.png
Mnemonic guard
https://www.axseed.co.jp/?page_id=287 https://gyazo.com/7c556f3b48c57da14dcd2868a63b64fa
LockTile
https://gyazo.com/d819ab10b299cc8cb8769b81ff342a8c
Select special points in an image
https://gyazo.com/2dbb4edc510938f3f23a0811e6b12ea6.png
PassPoints
https://gyazo.com/eb52cc445b41c141dae0c2425b962d19.png
Remember categories
Select an image related to the category
https://gyazo.com/a5e94fe05d651e09b942566eba50684b.png
Triangle-based image authentication
Draw a triangle that surrounds the icon you want to choose
Prevent sholder hacking
https://gyazo.com/351a3b2722a7f524c2271812f07308c5.png
Shoulder hacking
https://gyazo.com/324af4ef486afe640be3e0268010f19e
GATESCEME
https://gyazo.com/81ebd8dd7d8957b7a8418f515d42f7e9.png
Remember combination of images and numbers
Recall-a-Story
https://gyazo.com/80cf70536ce29eb3e8afcde8e93f30f6.png
Remember a story, and select items based on the story
MARASIM
https://gyazo.com/7cc969827bd1b4d58449afc0b6daeafa.png
Remember a special image
Select images related to the special image
https://gyazo.com/75adce63e0ef68b5e2e41aac155cab96.png
潜在記憶を利用するもの
https://gyazo.com/936884a1c4ed1dfec042c2e2d5fb501b.png
Problems of image-based authentication
Difficult to keep memory
Not easy to perform authentication
QA-based image authentication
Select right answers for personal images
Authentication success when all the answers are correct
Demo: Hondana.org
Advantages of QA-based image authentication
Difficult to forget answers
Easy to select an answer
Can be used in a specific group
Problems of QA-based image authentication
Difficult to create questions
Not feel safe
Generate a password string from episodic memories
Convert a "seed string" based on the answers and generate a password string
http://EpisoPass.com https://gyazo.com/795316ca9f1305f4e41c5f095a0197e0.png
EpisoPass questions
EpisoPass chrome extension
Available for Amazon, Twitter, etc.
No need to enter passwords
Demo: Masui's passwords
Advantages of EpisoPass
All the data can be put in public places
Never lose the password data
Never forget passwords
Available on any machine that have a Web browser
Tips for creating questons
Create a list of answers
Names of places
Names of people you know
Then create a question that describes one entry
e.g. "Where was the scary mountain?"
Questions can be created easily from answers
Authentication and human factor
Many researchers working on safety issues
Strength of cryptography techniques
Authentication protocols
Few people working on human factor in authentication
How to feel safe
How to run safe systems
How can we feel safe?
We should understand the basics before feeling safe
Passwords
Cryptography
Public-key method
Certificate authority
OpenID basics
Difficult to understand the logic
⇒ Cannot feel safe
Authentication systems should be easy to use
Installation
Everyday use
Tradeoff between usability and security
Operation problems
Too much secret information on PC
Passwords on browser
Secret keys
Passwords for Web services (e.g. ~/.netrc)
Risk of theft very large
When your PC is stolen, you lose everything
Solution: EPKeygen
Generate secret string using EpisoPass interface
e.g. generate ~/.ssh/id_rsa using EpisoPass
Demo: EPKeygen
Future outlook
Better authentication services emerge
Simple, usable authentication methods
http://mypico.org/ http://gyazo.com/deca5de3a60363eaa7d6b14a70f5ca5c.png
A Progect at Cambridge University
Masui joined the team in 2016
Use a special hardware to solve the password problems
Video: Pico
https://vimeo.com/82448991