Fwd: "Bedazzled" Log-in Method Whitepaper
s.schear at comcast.net
Tue Nov 25 12:57:54 EST 2003
>"Bedazzled" Log-in Method Whitepaper
>Author: George Hara
>Using strings of characters as passwords has always been a security issue
>because they are hard to remember and can be stolen by key-loggers or
>screen-text harvesters. It will still be an issue for personal computers,
>but there is another method available for authentication over the Internet
>(where are the highest security concerns). This method involves no special
>technologies, but simply a new vision on how to bring existing technologies
>together. The method is easier to use than text passwords, but it requires,
>from the users, the protection of their personal computers (where they need
>text-password log-in and encryption), just as they do now.
>The "Bedazzled" log-in method uses a (public) user name / ID (for example,
>the user's email address) and a number of images, called password images,
>for authentication. The images have to be generated (by the authentication
>service) during the creation of the account for which the authentication
>will be later required. Each image is a small, PNG compressed, bulk of
>pixels with random colors. The PNG compression is used because a true-color
>image is compressed without losses, with a very high rate. In the case of
>random images this doesn't help, but, as you'll read below, in the User
>images section, this is the best format.
>Each image should contain something like 50 * 50 true-color pixels (24
>bits). This means that the total number of combinations of such a random
>image is 24 ^ (50 * 50), that is over 10 ^ 3450. Basically, a particular
>case is unbreakable through brute force search.
>The authentication is the classic method: the user is identified by his user
>name, and then he is authenticated by comparing all images specified in the
>log-in form, with the images stored on the computer which makes the
>authentication. If all images are *identical*, and put in the same order (im
>age 1 as password 1, image 2 as password 2...), the user is authenticated.
>If they are not identical, the user is rejected.
>To make the "Bedazzled" log-in method easy to use, the password images must
>be saved on the user's computer, preferably in encrypted files (see file
>encryption under WindowsXP, or PGP encrypted drives).
>Since the "Bedazzled" log-in method is supposed to be used over Internet, it
>is necessary for the user to be able to drag-and-drop each image onto the
>browser, in the log-in form. This way, the log-in form has access to the
>password images, and can download them to the authentication server when the
>user clicks the "Log-in" button.
>As you can see, the method is very eay to use, but in order to make it even
>easier, the log-in form should display a small file browser which should be
>used to navigate to the password images (they should all be in the same
>directory, for easy user access). The log-in form should save a cookie on
>the user's computer in order to automatically open the file browser at the
>same location, the next time the user attempts to authenticate himslef.
>There is no need for the images to be random. The user could choose his own
>images when he creates an authentication account, being only limited to a
>specific file size (like 20 KB / image). He could simply take some images
>from his computer and resize them to fit the size limit; the images should
>be compressed without loss (preferably in a PNG format), just in case they
>are lost but the original bigger images still exist and can be resized again
>with the same algorithm (to generate the same password image).
>Another method requires a small program which takes a string of characters
>typed by the user, and converts them through a hash algorithm into an
>apparently random image. This method makes it possible to recreate the
>password images if the user remembers the string of characters, without the
>need of storing any information.
>First of all, since the user doesn't need to type anything and the password
>images don't need to be displayed, the passwords are protected from TEMPEST
>atacks. However, the user may need to navigate through his pictures and
>choose the correct password images for each log-in form. This would create a
>potential security breach.
>The "Bedazzled" log-in method has intrinsic TEMPEST protection to this kind
>of breach because when a monitor displays an image, the colors of each pixel
>is not displayed exactly as indicated by the bits that make the picture.
>Each monitor has its own way of displaying the image. Besides, users always
>alter the image by chaging various parameters of the monitor's image:
>brightness, contrast, color balance, color temperature, gamma.
>On the other end of the TEMPEST technology, the "reader" takes a snapshot of
>the image displayed by the monitor. This is like making a scan of a print of
>a digital image. Though the resulting image looks similar with the original
>for the human eye, the binary picture will be quite different. Actually, the
>whole "reading" process makes it impossible to detect those minute details
>(= changes in colors) of the original image, details that give to the owner
>of the original picture a unique way to authenticate himself.
>Another help comes from the fact that when the user navigates through the
>images, these are displayed as thumbnails, and thus altered (if the size of
>the thumbnail is smaller than the size of the original image).
>The "Bedazzled" log-in method makes key-loggers and screen-text harvesters
>useless. However, there is still the danger of specially designed viruses
>that would look for the password images. The only protection from such
>malware I can think of, is for the log-in form to require quite a few
>password images, and ask for them (using pictures of the picture order
>index) in random order each time the user logs-in.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography