Attribfuscation: A New Class of Challenge-Response Authentication Systems
Mike Clark (c) 2017
Abstract
In a *traditional* password system such as the numeric pinpad on most Automated Teller Machines (ATM), the user is presented with a challenge (i.e. the numerals 1 through 9 presented over a 3-by-3 grid), and the user must then enter the corresponding response (which is their secret/password). The correct secret is a successful response to the challenge presented, and a failure otherwise. However, this challenge-response password system suffers from attacks where an adversary can deduce the secret either directly (direct observation) or indirectly (physical indicators such as smudges or worn buttons). Once the adversary knows the secret, they can provide a valid response to the system. In other words, an adversary will know the password with absolute certainty after viewing the user enter their password once.
We propose a new challenge-response authentication (CRA) protocol and an implementation that uses the new protocol. The system allows for the adversary to have complete and full observations of a user's challenges and responses, yet there will still remain a calculable amount of uncertainty as to what the user's secret is. This property is leveraged to provide security against shoulder-surfing and smudge-like attacks.
Documentation
- This README provides an overview of the project file structure.
- This README provides a description of our proposed system and protocol written for a non-technical audience.
- This README provides a more technical description of our implementation and the autonomous usability study framework we developed.
- The source code is also extensively documented and should be referred to for specific details.
Demonstration
Study Framework
Below you will find a link to a prepared usability study. For demonstration purposes, we have shortened the time for each section to 2 minutes (where the actual study was much longer in duration). As well, the telemetry is enabled, however, the study manifest has been set to not transmit the results and they are only stored in the client web browsers memory. In practice, this would be sent to a remote collection point (see documentation for more details).
Standalone
The standalone demos provide additional controls so that you can modify the parameters of the system on-the-fly. The dial interface never made it into the actual study but is presented here as a standalone. It still needs a bit of work to get a more aesthetically pleasing presentation, however, it suffices to demonstrate the principle of attribfuscation and, using our study framework, could easily be incorporated into an actual study by adding the appropriate lines to the study manifest.