Abstract
OK, today I talk about ‘Towards new security primitives based on hard AI problems’. We all know that actually most security primitives are based on hard math problems, such as integer factorisation and discrete logarithm, but in 2003, using hard AI problems for security purposes was proposed at CMU. Everyone knows that Captcha is the most successful example. The research question we have asked is very simple: what else can we invent along this line? Can we do anything else in security primitives based on hard AI problems?
My next slide, which some people in this audience have seen before, is taken from a talk I gave at a Cambridge Security Seminar in 2007. At the time I was busy designing a new graphical password scheme, which is now known as Background Draw A Secret. I had a look at a popular graphical password scheme, which is called PassPoints. In this scheme basically each user has an image, you click five points on this image, and derive your password. Apparently you can apply image processing techniques to automatically grab all those salient points, those eye-catching points. Therefore, if you do a random combination of those salient points you effectively do a brute-force attack on the passwords. And in this system, because multiple users will use the same image to create and enter their passwords, some salient points are more popular than others, therefore they lead to ‘hotspots’. If the hotspots are detected then you effectively can launch a very successful dictionary attack to break PassPoints. The attack was demonstrated in two papers, one at USENIX Security’07 and the other at SOUPS’07.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yan, J. (2013). Towards New Security Primitives Based on Hard AI Problems (Transcript of Discussion). In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J., Bonneau, J. (eds) Security Protocols XXI. Security Protocols 2013. Lecture Notes in Computer Science, vol 8263. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41717-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-41717-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41716-0
Online ISBN: 978-3-642-41717-7
eBook Packages: Computer ScienceComputer Science (R0)