optimizing password composition policies
DESCRIPTION
Optimizing Password Composition Policies. Jeremiah Blocki Saranga Komanduri Ariel Procaccia Or Sheffet. To appear at EC 2013. Password Composition Policy. password. Password Composition Policy. How Do Users Respond?. Password1. Predictable Responses. 1. password 2. 123456 3. 12345678 - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/1.jpg)
Optimizing Password Composition Policies
Jeremiah BlockiSaranga Komanduri
Ariel ProcacciaOr Sheffet
To appear at EC 2013
![Page 2: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/2.jpg)
2
![Page 3: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/3.jpg)
3
Password Composition Policy
password
Password Composition Policy
![Page 4: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/4.jpg)
4
How Do Users Respond?
Password1
![Page 5: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/5.jpg)
6
Predictable Responses
1. password2. 1234563. 123456784. abc1235. qwerty6. monkey7. letmein8. dragon9. 111111….25. password1
![Page 6: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/6.jpg)
7
Previous Work
• Initial password composition policies designed without empirical data [BDP, 2006].
• User’s respond to password composition policies in predictable ways [KSKMBCCE, 2011]
• Trivial password choices vary widely across contexts [BX, 2012].
• No theoretical models of password composition policies.
![Page 7: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/7.jpg)
8
Our Contributions
We initiate an algorithmic study of password composition policies.
Theoretical Model
Security Goal
Policy Structure
User Model
![Page 8: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/8.jpg)
9
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments
![Page 9: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/9.jpg)
10
Rankings ModelUser 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Each User: Passwords P ordered by preference.n = 7 (number of users).
![Page 10: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/10.jpg)
11
Rankings Model: Example 1User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Allowed Passwords All Passwords
𝑨=𝑷− { 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 ′ }
![Page 11: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/11.jpg)
12
Rankings Model: Example 1
Pr[111111 | A] = 3/7Pr[letmein | A] = 2/7Pr[123456 | A]=Pr[12345 | A]=1/7
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
![Page 12: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/12.jpg)
13
Rankings Model: Example 2User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
)}(|{ wNoNumberswPAAllowed Passwords All Passwords
![Page 13: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/13.jpg)
14
Warm-up
Fact: Let A’ A then for any w A’ Pr[w|A] ≤ Pr[w|A’]
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Initially one person uses letmein as their password.
letmein
![Page 14: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/14.jpg)
15
Warm-up
Fact: Let A’ A then for any w A’ Pr[w|A] ≤ Pr[w|A’]
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
Every user who used letmein before is still using the same password.
![Page 15: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/15.jpg)
16
Outline
• User Model• Policy Structure– Positive Rules – Negative Rules – Singleton Rules
• Goal• Algorithms and Reductions• Experiments
![Page 16: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/16.jpg)
17
Positive Rules
Rules R1,…,Rm P
R1 = {w | Length(w) 14}.
Active Rules: S {1,…,m}.
.
![Page 17: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/17.jpg)
18
Positive Rules - Example
Rules R1,…,Rm P
R1 = {w | Length(w) 14}.
Active Rules: S {1,…,m}.
A{1}= {w | Length(w) 14}.
![Page 18: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/18.jpg)
19
Negative Rules
Rules R1,…,Rm P
R1 = {w | Length(w) < 8}.
Active Rules: S {1,…,m}.
![Page 19: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/19.jpg)
20
Negative Rules - Example
Rules R1,…,Rm P
R1 = {w | Length(w) < 8}.
Active Rules: S {1,…,m}.
A{1}= P - {w | Length(w) < 8}.
![Page 20: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/20.jpg)
21
Singleton Rules
Rule Rw= {w} for each w P.
Can allow/ban any individual password.
Special Case of Positive Rules/Negative Rules.
![Page 21: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/21.jpg)
22
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments
![Page 22: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/22.jpg)
23
Online Attack
password
Guess Limit: k-strikes policy
12345
12345
p(k, A) – probability of a successful untargeted attack given A.
![Page 23: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/23.jpg)
25
p(k,A) - Example
p(1,A) = Pr[111111] = 3/7p(2,A) = p(1,A) + Pr[letmein] = 5/7p(3,A) = p(2,A) + Pr[123456]= 6/7
User 1 User 2 User 3 User 4 User 5 User 6 User 7
password 123456 letmein password 12345 password password
letmein 12345 password 111111 123456 111111 111111
abc123 12345678 baseball Passw0rd 12345678 letmein Passw0rd
Passw0rd password Passw0rd abc123 baseball iloveyou iloveyou
… … … … … … …
qwerty Passw0rd qwerty1 letmein password baseball #$H%*@T
qwerty1 qwerty1 qwerty qwerty P@ssw0rd #$H%*@T letmein
![Page 24: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/24.jpg)
26
Goal: Optimize p(k,A)
Goal: Find a password composition policy S {1,…,m} which minimizes p(k,AS) for some k.
p(k, A) – Fraction of accounts an adversary can crack with k guesses per account given policy A.
p(1, A): minimum entropy of the password distribution resulting from policy A.
![Page 25: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/25.jpg)
28
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments
![Page 26: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/26.jpg)
29
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
n1/3-approx is NP-Hard
Parameters: n, m, |P|
![Page 27: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/27.jpg)
30
Negative Rules are Hard!
Theorem: Unless P = NP no polynomial time algorithm can even approximate p(1,AS) to a factor of n1/3- in the negative rules setting.
![Page 28: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/28.jpg)
31
Reduction
Maximum Independent Set: g vertices e edges
Theorem [Hastad 1996]: NP-Hard to distinguish the following two cases (1) any independent set has size at most K = g or (2) the maximum independent set has size g1-.
![Page 29: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/29.jpg)
32
Reduction (Preference Lists)Preference Lists: Type 1
W1 … W1
W2 … W2
… … …WK … WK
B1 … Bg
… … …
Observation: Unless we ban W1,…,WK we have p(1,AS) ≥ g/n
![Page 30: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/30.jpg)
33
Reduction (Preference Lists)
Preference Lists: Type 2 (for each edge e = {u,v})(u,v,1) … (u,v,g)(v,u,1) … (v,u,g)
X … X… … …
Observation: If for any edge e = {u,v} we ban (u,v,1),…,(u,v,g) and (v,u,1),…,(v,u,g) then p(1,AS) ≥ g/n.
![Page 31: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/31.jpg)
34
Reduction (Preference Lists)
Preference Lists: Type 3 (for each vertex v, i j [K])(v,i,j,1) … (v,i,j,g)(v,j,i,1) … (v,j,i,g)
X … X… … …
Observation: If we ban (v,i,j,1),…,(v,i,j,g) and (v,j,i,1),…,(v,j,i,g) then p(1,AS) ≥ g/n.
![Page 32: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/32.jpg)
35
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4Preference Lists: Type 1
W1 … W1
W2 … W2
… … …
WK … WK
B1 … Bg
… … …
s
t
![Page 33: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/33.jpg)
36
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4 Preference Lists: Type 2 (edge e = {u,x})
(u,x,1) … (u,x,g)
(x,u,1) … (x,u,g)
X … X
… … …
s
t
p(1,AS) ≥ g/n
![Page 34: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/34.jpg)
37
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4 Preference Lists: Type 2 (edge e = {u,s})
(u,s,1) … (u,s,g)
(s,u,1) … (s,u,g)
X … X
… … …
s
t
![Page 35: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/35.jpg)
38
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rx,4
K=4 Preference Lists: Type 2 (edge e = {s,t})
(s,t,1) … (s,t,g)
(t,s,1) … (t,s,g)
X … X
… … …
s
t
![Page 36: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/36.jpg)
39
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=5Preference Lists: Type 1
W1 … W1
W2 … W2
… … …
WK … WK
B1 … Bg
… … …
s
t
p(1,AS) ≥ g/n
![Page 37: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/37.jpg)
40
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=5Preference Lists: Type 1
W1 … W1
W2 … W2
… … …
WK … WK
B1 … Bg
… … …
s
t
Rv,5
![Page 38: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/38.jpg)
41
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=5
s
t
Rv,5
Preference Lists: Type 3 (for each vertex u, i j [K])
(v,2,5,1) … (v,2,5,g)
(v,5,2,1) … (v,5,2,g)
X … X
… … …
p(1,AS) ≥ g/n
![Page 39: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/39.jpg)
42
Reduction (Rules)
Ru,1
Rv,2Rw,3
Rw,4
K=4
s
tPreference Lists: Type 3 (w, i=4, j=2)
(w,4,2,1) … (w,4,2,g)
(w,2,4,1) … (w,2,4,g)
X … X
… … …
![Page 40: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/40.jpg)
44
ReductionIndependent Set of Size K? maxS [m] p(1,AS)Yes 1/n
No g/n where n = O(g3)
![Page 41: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/41.jpg)
45
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
P
Parameters: n, m, |P|
![Page 42: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/42.jpg)
46
Key Difference: Positive vs. Negative
Let S w = {i | w Ri} (all rules Ri that contain w).
Negative Rules: Ban w - activate any rule in Sw.
Positive Rules: Ban w - deactivate all rules in Sw.
![Page 43: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/43.jpg)
47
Positive Rules
Fact: Let S* {1,…m} denote the optimal solution, and let S S* then either
(1) p(1,AS) = p(1,AS*), or (S is optimal) (2) S-Sw S*, where Pr[w|AS] = p(1,AS).
All rules Ri that contain the most popular word in AS.
![Page 44: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/44.jpg)
48
Positive Rules
Fact: Let S* {1,…m} denote the optimal solution, and let S S* then either
(1) p(1,AS) = p(1,AS*), or (S is optimal) (2) S-Sw S*, where Pr[w|AS] = p(1,AS).
Proof: Suppose for contradiction that w AS*, and observe that .
Therefore, . Contradiction!S*S AA
Si
iSi
i RR*
S*S*S AA|wA |PrPr,1 wp
![Page 45: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/45.jpg)
49
Positive Rules Algorithm
Iterative Elimination: Initialize: S0 = {1,…,m} Repeat: (Ban w - current most popular password)
Si+1 = Si – Sw
Claim: One of the Si’s must be the optimal solution!
![Page 46: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/46.jpg)
50
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
Question: What if we don’t have access to the full preference lists of each user? What if we don’t want to run in time n?
Parameters: n, m
![Page 47: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/47.jpg)
51
ResultsRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
This Talk: k=1
Sampling Algorithm: ε-approximation with probability 1-δ
Parameters: m, 1/ε, 1/δ
![Page 48: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/48.jpg)
52
Sampling Algorithm
Theorem: There is an efficient algorithm that makes O(m log (m/𝛿)/𝜀2) queries and with probability at least 𝛿 outputs positive rules S ⊆ [m] s.t
p(1,AS) ≤ p(1,AS*)+𝜀.
Sample: q(A) returns w with probability P[w|A].
Idea: Run iterative elimination. In each round use sampling to estimate the probability of the most popular word.
![Page 49: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/49.jpg)
53
Sampling Lemma
Lemma: Let s=100 log (m/)/2 denote the number of samples in each round, and let BADi denote the event that in iteration i, there exists a password w s.t.
(e.g., our probability estimate off by /2). ThenPr[i.BADi]≤
2
|Pr
ssw w
iSA# times w sampled
![Page 50: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/50.jpg)
54
Sampling Lemma
Partition P into buckets.
2
Pr
iSAw
4Pr
2
iS
Aw
… …
12Pr
2 iSi iAw
B0 B1 Biw
Contains at mot 2i+1/ such passwords.
![Page 51: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/51.jpg)
55
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
2122PrPr
iw
Sms
sAwi
Chernoff Bounds:
Contains at most 2i+1/ such passwords.
w
![Page 52: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/52.jpg)
56
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
Contains at most 2i+1/ passwords.
Union Bound: 1
1
21 22
22Pr.Pr
i
i
iw
Si mmssAwBw
i
![Page 53: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/53.jpg)
57
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
mm
BADi
ii
012
PrUnion Bound (buckets):
![Page 54: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/54.jpg)
58
Sampling Lemma
Partition P into buckets.
s=100 log (m/)/2
… …B0 B1 Bi
mmBADi i.PrUnion Bound (rounds):
![Page 55: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/55.jpg)
64
Outline
• User Model• Policy Structure• Goal• Algorithms and Reductions• Experiments– RockYou Dataset– Rules– Results
![Page 56: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/56.jpg)
65
RockYou Dataset
• RockYou password leak: 32 million plaintext passwords.
• No Preference Lists: Insufficient for our sampling algorithm.
• We test our algorithm under an additional assumption…
![Page 57: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/57.jpg)
66
0.51
Normalized Probabilities
RockYou: initial distribution over P.
0.5
letmein (0.1)
PA
1letmein (0.2)
A
![Page 58: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/58.jpg)
67
Normalized ProbabilitiesRankings Model
Constant k Large k
Singleton Rules P NP-HardAPX-Hard (UGC)
Positive Rules P NP-Hard
Negative Rules n1/3-approx is NP-Hard NP-Hard
Normalized Probabilities Model
Constant k Large k
Singleton Rules P P
Positive Rules P NP-Hard
Negative Rules NP-Hard NP-Hard
![Page 59: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/59.jpg)
71
![Page 60: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/60.jpg)
72
Base Line Results
![Page 61: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/61.jpg)
73
Results
![Page 62: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/62.jpg)
74
Discussion
• Optimal solution was better under negative rules.
• However, sampled solutions were much better with positive rules.
• Interesting Directions:– Additional Rules?– Is the Normalized Probabilities Model reasonable?– General experiment in preference list model?
![Page 63: Optimizing Password Composition Policies](https://reader036.vdocuments.us/reader036/viewer/2022062323/568161b3550346895dd17d1c/html5/thumbnails/63.jpg)
75
Open Questions
• Efficient approximation algorithm in negative rules setting with normalized probabilities assumption?
• Adversary with limited background knowledge about the user (e.g., age, gender, birthday).