学术讲座【On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principles and Usability】

时间：2015年5月14日 (星期四)下午15：00

地点：仓山校区成功楼603报告厅

主讲：美国推特（Twitter）公司  韩进博士   

主办：数学与计算机科学学院、福建省网络安全与密码技术重点实验室

专家简介：韩进博士，美国推特（Twitter）公司应用安全软件工程师，主要负责网络安全和移动应用安全领域的开发和研究工作。先后获得复旦大学和爱尔兰都柏林大学双学士学位(2006年)、复旦大学计算机硕士学位(2009年)以及新加坡管理大学博士学位(2012年)。入职推特公司前，曾就职于新加坡科技研究局信息通讯研究院。在《NDSS》、《ACSAC》、《AsiaCCS》、《SecureComm》等多个国际期刊和会议上发表10余篇学术论文。其中1篇论文在2012年顶级安全会议NDSS上获最佳论文奖。曾在iOS移动平台上发现多个高危漏洞，这些漏洞由苹果公司公布并于iOS7中修复。

报告摘要：The design of leakage-resilient password systems (LRPSes) in the absence of trusted devices remains a challenging problem today despite two decades of intensive research in the security community. In this paper, we investigate the inherent tradeoff between security and usability in designing LRPS. First, we demonstrate that most of the existing LRPS systems are subject to two types of generic attacks - brute force and statistical attacks, whose power has been underestimated in the literature. Second, in order to defend against these two generic attacks, we introduce five design principles that are necessary to achieve leakage resilience in the absence of trusted devices. We also show that these attacks cannot be effectively mitigated without significantly sacrificing the usability of LRPS systems. Third, to better understand the tradeoff between security and usability of LRPS, we propose for the first time a quantitative analysis framework on usability costs of password systems. By decomposing the authentication process of existing LRPS systems into atomic cognitive operations in psychology, we show that a secure LRPS in practical settings always imposes a considerable amount of cognitive workload on its users, which indicates the inherent limitations of such systems and in turn implies that an LRPS has to incorporate certain trusted devices in order to be both secure and usable.