Standard
Towards new security primitives based on hard ai problems (Transcript of discussion). /
Yan, Jeff.
Security Protocols XXI: 21st International Workshop, Cambridge, UK, March 19-20, 2013, Revised Selected Papers. ed. / Bruce Christianson; James Malcolm; Frank Stajano; Jonathan Anderson; Joseph Bonneau. Berlin: Springer Verlag, 2013. p. 11-18 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8263 ).
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Harvard
Yan, J 2013,
Towards new security primitives based on hard ai problems (Transcript of discussion). in B Christianson, J Malcolm, F Stajano, J Anderson & J Bonneau (eds),
Security Protocols XXI: 21st International Workshop, Cambridge, UK, March 19-20, 2013, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8263 , Springer Verlag, Berlin, pp. 11-18, 21st International Workshop on Security Protocols XXI, Cambridge, United Kingdom,
19/03/13.
https://doi.org/10.1007/978-3-642-41717-7_3
APA
Yan, J. (2013).
Towards new security primitives based on hard ai problems (Transcript of discussion). In B. Christianson, J. Malcolm, F. Stajano, J. Anderson, & J. Bonneau (Eds.),
Security Protocols XXI: 21st International Workshop, Cambridge, UK, March 19-20, 2013, Revised Selected Papers (pp. 11-18). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8263 ). Springer Verlag.
https://doi.org/10.1007/978-3-642-41717-7_3
Vancouver
Yan J.
Towards new security primitives based on hard ai problems (Transcript of discussion). In Christianson B, Malcolm J, Stajano F, Anderson J, Bonneau J, editors, Security Protocols XXI: 21st International Workshop, Cambridge, UK, March 19-20, 2013, Revised Selected Papers. Berlin: Springer Verlag. 2013. p. 11-18. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-41717-7_3
Author
Yan, Jeff. /
Towards new security primitives based on hard ai problems (Transcript of discussion). Security Protocols XXI: 21st International Workshop, Cambridge, UK, March 19-20, 2013, Revised Selected Papers. editor / Bruce Christianson ; James Malcolm ; Frank Stajano ; Jonathan Anderson ; Joseph Bonneau. Berlin : Springer Verlag, 2013. pp. 11-18 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Bibtex
@inproceedings{5f7ae0b4efde45df81f5fd5121aa2eb6,
title = "Towards new security primitives based on hard ai problems (Transcript of discussion)",
abstract = "OK, today I talk about {\textquoteleft}Towards new security primitives based on hard AI problems{\textquoteright}. We all know that actually most security primitives are based on hard math problems, such as integer factorisation and discrete logarithm, but in 2003, using hard AI problems for security purposes was proposed at CMU. Everyone knows that Captcha is the most successful example. The research question we have asked is very simple: what else can we invent along this line? Can we do anything else in security primitives based on hard AI problems?My next slide, which some people in this audience have seen before, is taken from a talk I gave at a Cambridge Security Seminar in 2007. At the time I was busy designing a new graphical password scheme, which is now known as Background Draw A Secret. I had a look at a popular graphical password scheme, which is called PassPoints. In this scheme basically each user has an image, you click five points on this image, and derive your password. Apparently you can apply image processing techniques to automatically grab all those salient points, those eye-catching points. Therefore, if you do a random combination of those salient points you effectively do a brute-force attack on the passwords. And in this system, because multiple users will use the same image to create and enter their passwords, some salient points are more popular than others, therefore they lead to {\textquoteleft}hotspots{\textquoteright}. If the hotspots are detected then you effectively can launch a very successful dictionary attack to break PassPoints. The attack was demonstrated in two papers, one at USENIX Security{\textquoteright}07 and the other at SOUPS{\textquoteright}07.",
author = "Jeff Yan",
year = "2013",
doi = "10.1007/978-3-642-41717-7_3",
language = "English",
isbn = "9783642417160",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "11--18",
editor = "Bruce Christianson and James Malcolm and Frank Stajano and Jonathan Anderson and Joseph Bonneau",
booktitle = "Security Protocols XXI",
note = "21st International Workshop on Security Protocols XXI ; Conference date: 19-03-2013 Through 20-03-2013",
}
RIS
TY - GEN
T1 - Towards new security primitives based on hard ai problems (Transcript of discussion)
AU - Yan, Jeff
PY - 2013
Y1 - 2013
N2 - OK, today I talk about ‘Towards new security primitives based on hard AI problems’. We all know that actually most security primitives are based on hard math problems, such as integer factorisation and discrete logarithm, but in 2003, using hard AI problems for security purposes was proposed at CMU. Everyone knows that Captcha is the most successful example. The research question we have asked is very simple: what else can we invent along this line? Can we do anything else in security primitives based on hard AI problems?My next slide, which some people in this audience have seen before, is taken from a talk I gave at a Cambridge Security Seminar in 2007. At the time I was busy designing a new graphical password scheme, which is now known as Background Draw A Secret. I had a look at a popular graphical password scheme, which is called PassPoints. In this scheme basically each user has an image, you click five points on this image, and derive your password. Apparently you can apply image processing techniques to automatically grab all those salient points, those eye-catching points. Therefore, if you do a random combination of those salient points you effectively do a brute-force attack on the passwords. And in this system, because multiple users will use the same image to create and enter their passwords, some salient points are more popular than others, therefore they lead to ‘hotspots’. If the hotspots are detected then you effectively can launch a very successful dictionary attack to break PassPoints. The attack was demonstrated in two papers, one at USENIX Security’07 and the other at SOUPS’07.
AB - OK, today I talk about ‘Towards new security primitives based on hard AI problems’. We all know that actually most security primitives are based on hard math problems, such as integer factorisation and discrete logarithm, but in 2003, using hard AI problems for security purposes was proposed at CMU. Everyone knows that Captcha is the most successful example. The research question we have asked is very simple: what else can we invent along this line? Can we do anything else in security primitives based on hard AI problems?My next slide, which some people in this audience have seen before, is taken from a talk I gave at a Cambridge Security Seminar in 2007. At the time I was busy designing a new graphical password scheme, which is now known as Background Draw A Secret. I had a look at a popular graphical password scheme, which is called PassPoints. In this scheme basically each user has an image, you click five points on this image, and derive your password. Apparently you can apply image processing techniques to automatically grab all those salient points, those eye-catching points. Therefore, if you do a random combination of those salient points you effectively do a brute-force attack on the passwords. And in this system, because multiple users will use the same image to create and enter their passwords, some salient points are more popular than others, therefore they lead to ‘hotspots’. If the hotspots are detected then you effectively can launch a very successful dictionary attack to break PassPoints. The attack was demonstrated in two papers, one at USENIX Security’07 and the other at SOUPS’07.
U2 - 10.1007/978-3-642-41717-7_3
DO - 10.1007/978-3-642-41717-7_3
M3 - Conference contribution/Paper
AN - SCOPUS:84893355957
SN - 9783642417160
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 11
EP - 18
BT - Security Protocols XXI
A2 - Christianson, Bruce
A2 - Malcolm, James
A2 - Stajano, Frank
A2 - Anderson, Jonathan
A2 - Bonneau, Joseph
PB - Springer Verlag
CY - Berlin
T2 - 21st International Workshop on Security Protocols XXI
Y2 - 19 March 2013 through 20 March 2013
ER -