Fwd: "Bedazzled" Log-in Method Whitepaper
"Bedazzled" Log-in Method Whitepaper
Author: George Hara (http://www.filematrix.xnet.ro/ideas/whitepapers/login.htm)
Introduction ------------
Using strings of characters as passwords has always been a security issue because they are hard to remember and can be stolen by key-loggers or screen-text harvesters. It will still be an issue for personal computers, but there is another method available for authentication over the Internet (where are the highest security concerns). This method involves no special technologies, but simply a new vision on how to bring existing technologies together. The method is easier to use than text passwords, but it requires, from the users, the protection of their personal computers (where they need text-password log-in and encryption), just as they do now.
The "Bedazzled" log-in method uses a (public) user name / ID (for example, the user's email address) and a number of images, called password images, for authentication. The images have to be generated (by the authentication service) during the creation of the account for which the authentication will be later required. Each image is a small, PNG compressed, bulk of pixels with random colors. The PNG compression is used because a true-color image is compressed without losses, with a very high rate. In the case of random images this doesn't help, but, as you'll read below, in the User images section, this is the best format.
Each image should contain something like 50 * 50 true-color pixels (24 bits). This means that the total number of combinations of such a random image is 24 ^ (50 * 50), that is over 10 ^ 3450. Basically, a particular case is unbreakable through brute force search.
Authentication --------------
The authentication is the classic method: the user is identified by his user name, and then he is authenticated by comparing all images specified in the log-in form, with the images stored on the computer which makes the authentication. If all images are *identical*, and put in the same order (im age 1 as password 1, image 2 as password 2...), the user is authenticated. If they are not identical, the user is rejected.
Implementation ---------------
To make the "Bedazzled" log-in method easy to use, the password images must be saved on the user's computer, preferably in encrypted files (see file encryption under WindowsXP, or PGP encrypted drives).
Since the "Bedazzled" log-in method is supposed to be used over Internet, it is necessary for the user to be able to drag-and-drop each image onto the browser, in the log-in form. This way, the log-in form has access to the password images, and can download them to the authentication server when the user clicks the "Log-in" button.
As you can see, the method is very eay to use, but in order to make it even easier, the log-in form should display a small file browser which should be used to navigate to the password images (they should all be in the same directory, for easy user access). The log-in form should save a cookie on the user's computer in order to automatically open the file browser at the same location, the next time the user attempts to authenticate himslef.
User images ------------
There is no need for the images to be random. The user could choose his own images when he creates an authentication account, being only limited to a specific file size (like 20 KB / image). He could simply take some images from his computer and resize them to fit the size limit; the images should be compressed without loss (preferably in a PNG format), just in case they are lost but the original bigger images still exist and can be resized again with the same algorithm (to generate the same password image).
Another method requires a small program which takes a string of characters typed by the user, and converts them through a hash algorithm into an apparently random image. This method makes it possible to recreate the password images if the user remembers the string of characters, without the need of storing any information.
TEMPEST protection ----------------------
First of all, since the user doesn't need to type anything and the password images don't need to be displayed, the passwords are protected from TEMPEST atacks. However, the user may need to navigate through his pictures and choose the correct password images for each log-in form. This would create a potential security breach.
The "Bedazzled" log-in method has intrinsic TEMPEST protection to this kind of breach because when a monitor displays an image, the colors of each pixel is not displayed exactly as indicated by the bits that make the picture.
Each monitor has its own way of displaying the image. Besides, users always alter the image by chaging various parameters of the monitor's image: brightness, contrast, color balance, color temperature, gamma.
On the other end of the TEMPEST technology, the "reader" takes a snapshot of the image displayed by the monitor. This is like making a scan of a print of a digital image. Though the resulting image looks similar with the original for the human eye, the binary picture will be quite different. Actually, the whole "reading" process makes it impossible to detect those minute details (= changes in colors) of the original image, details that give to the owner of the original picture a unique way to authenticate himself.
Another help comes from the fact that when the user navigates through the images, these are displayed as thumbnails, and thus altered (if the size of the thumbnail is smaller than the size of the original image).
Last Word -----------
The "Bedazzled" log-in method makes key-loggers and screen-text harvesters useless. However, there is still the danger of specially designed viruses that would look for the password images. The only protection from such malware I can think of, is for the log-in form to require quite a few password images, and ask for them (using pictures of the picture order index) in random order each time the user logs-in.
George Hara
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
participants (1)
-
Steve Schear