SECURITY and CRYPTOGRAPHY 15-827 2 OCT 01 Lecture #5 M.B. 4615 Wean READINGS (suggested by Doug TYGAR): The deja vu project pages are at: http://www.sims.berkeley.edu/~rachna/dejavu/ http://paris.cs.berkeley.edu/%7Eperrig/projects.html#DEJAVU "Hash Visualization: a way to improve real world security" Adrian Perrig and Dawn Song http://paris.cs.berkeley.edu/%7Eperrig/projects/validation/ validation.ps http://paris.cs.berkeley.edu/%7Eperrig/projects/validation/ validation.pdf "Deja Vu: A User Study Using Images for Authentication" Rachna Dhamija and Adrian Perrig http://paris.cs.berkeley.edu/%7Eperrig/projects/usenix2000/ usenix.ps http://paris.cs.berkeley.edu/%7Eperrig/projects/usenix2000/ usenix.pdf "Timing Analysis of Keystrokes and SSH Timing Attacks" Dawn Song, David Wagner, and Xuqing Tian http://paris.cs.berkeley.edu/~dawnsong/papers/ssh-timing.ps http://paris.cs.berkeley.edu/~dawnsong/papers/ssh-timing.pdf PHONOIDS = challenge-response protocols for use over the phone. In class, show off protocols # 7, broken by Alex TANG 30, broken by ke YANG 31(Rudich), broken by Luis von AHN 34, broken by VENKatesh 44. Have the class break them. * Determine the number of challenge-response pairs the class needs to break each one. * After breaking a protocol, ask students how they would go about improving it. HW: Break Phonoid Protocol #67 by reducing the possible responses to a random challenge from 1/1000 to 1/100, or better, to 1/10. Protocol #67 takes as input a challenge string abc of 3 distinct characters, and outputs a response string uvw of 3 digits. To get uvw from abc, it first maps characters abc to digits ABC using a randomly chosen private fixed mapping f from characters to digits. It then performs a randomly chosen but fixed linear mapping mod 10 to get 3 digits UVW. It then performs a randomly chosen private fixed 1:1 mapping g from digits to digits to get uvw. Here are some typical challenge-response pairs for #67: abc = the red fox bit the nasty dog who ate his ear off uvw = 423 312 354 057 423 902 395 215 507 501 570 434