Password leakage is one of the most common security threats for pervasive password based user authentication. The design of a secure and usable password entry against password leakage remains a challenge since twenty year ago when the first academic proposal attempted to address it. This dissertation focuses on investigating the difficulty in designing leakage-resilient password entry (LRPE) schemes and exploring the feasibility of constructing secure and usable LRPE schemes with the assistance of state-of-the-art technology. The first work in this dissertation reveals the infeasibility of designing practical LRPE schemes in the absence of trusted devices by investigating the inherent tradeoff between security and usability in LRPE design. We start with demonstrating that most of the existing LRPE schemes without using trusted devices are subject to two types of generic attacks - brute force and statistical attacks, whose power has been underestimated in the literature. In order to defend against these two generic attacks, we introduce five design principles that are necessary to achieve leakage resilience in the absence of trusted devices. We show that these attacks cannot be effectively mitigated without significantly sacrificing the usability of LRPE schemes. To better understand the tradeoff between security and usability of LRPE schemes, we further propose a quantitative analysis framework on usability costs of password entry schemes based on experimental psychology. Our analysis shows that a secure LRPE scheme in practical settings always imposes a considerable amount of cognitive workload on its users, which indicates the inherent limitations of such schemes and in turn implies that an LRPE scheme has to incorporate certain trusted device in order to be both secure and usable. Following the first work, we further explore the feasibility of designing practical LRPE schemes by analyzing the existing LRPE schemes that utilize trusted devices. We develop a broad set of design metrics which cover three aspects in evaluating LRPE schemes, including quantitative usability costs with specified security strength, built-in security, and universal accessibility. We apply these design metrics on existing LRPE schemes, revealing that all the schemes have limitations, which may explain why none of them are widely adopted. However, our further analysis indicates that it is possible to overcome these limitations by improving the design according to the proposed metrics. Guided by these design metrics, we propose a secure and usable LRPE scheme leveraging on the touchscreen feature of mobile devices. These devices provide additional features such as touchscreen that are not available in the traditional settings, which makes it possible to achieve both security and usability objectives that are difficult to achieve in the past. Our scheme named CoverPad achieves leakage resilience while retaining most benefits of legacy passwords. The usability of CoverPad is evaluated with an extended user study which includes additional test conditions related to time pressure, distraction, and mental workload. These test conditions simulate common situations for a password entry scheme used on a daily basis, which have not been evaluated in the prior literature. The results of our user study show the impacts of these test conditions on user performance as well as the practicability of the proposed scheme. This dissertation makes contributions on understanding and solving the problem of designing secure and usable LRPE schemes. The proposed design principles, design metrics, analysis and evaluation methodologies are applicable to not only LRPE schemes but also generic user authentication schemes, which provide useful insights for the field of user authentication research. The proposed scheme has been implemented as a prototype, which can be used to effectively defend against password leakage during password entry.
user authentication, password leakage, leakage-resilience password entry, mobile devices, cognitive analysis
PhD in Information Systems
DENG, Robert H.
Towards Secure and Usable Leakage-Resilient Password Entry. (2013). Dissertations and Theses Collection (Open Access).
Available at: http://ink.library.smu.edu.sg/etd_coll/91