Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users' passwords are prone to be stolen and compromised under different threats and vulnerabilities. Firstly, users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites. Second, typing passwords into untrusted computers suffers password thief threat. An adversary can launch several password stealing attacks to snatch passwords, such as phishing, keyloggers and malware. In this thesis, we design a user authentication protocol named oPass which leverages a user's cellphone and Short Message Service (SMS) to thwart password stealing and password reuse attacks. oPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a long-term password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms.

文字密碼一直是最被廣泛使用的使用者認證機制之一，因為它具有操作簡單與容易建置的特性。然而，在不同的威脅與弱點之下，使用者的文字密碼容易遭受竊取或破解。首先，受限於人類有限的記憶能力，使用者習慣設定弱安全強度的密碼，並且在不同網站上重複使用相同的密碼。重複使用密碼將會導致骨牌效應：當攻擊者破解了某個網站上的使用者密碼，他就可以利用這些使用者密碼來嘗試登入其他網站，以竊取重要的訊息。第二、在不安全的電腦上輸入密碼容易遭受密碼竊取的威脅。攻擊者可以很容易的在電腦上發動密碼竊取攻擊，如釣魚網站，鍵盤側錄軟體，惡意軟體等。在這個論文中，我們將提出一套全新的使用者認證機制(oPass)，藉由智慧型手機與簡訊服務的特性來抵擋密碼竊取攻擊與密碼重用攻擊。oPass只需要參與的網站擁有一組手機號碼，並且在註冊與還原階段有電信公司的輔助即可建置。在oPass系統中，使用者只需要記憶一組長期的密碼就可以登入任何網站。我們也實作出oPass的原型系統，透過分析與比較之後，oPass是一個有效率且接受度高的新認證系統。

[1] B. Ives, K. R. Walsh, and H. Schneider, “The domino effect of password reuse,”
Communications of the ACM, vol. 47, no. 4, pp. 75–78, 2004.
[2] S. Gaw and E. W. Felten, “Password management strategies for online accounts,”
in SOUPS’06: Proceedings of the second symposium on Usable privacy
and security. New York, NY, USA: ACM, 2006, pp. 44–55.
[3] D. Florencio and C. Herley, “A large-scale study of web password habits,” in
WWW’07: Proceedings of the 16th international conference on World Wide
Web. New York, NY, USA: ACM, 2007, pp. 657–666.
[4] S. Chiasson, A. Forget, E. Stobert, P. C. Van Oorschot, and R. Biddle, “Multiple
password interference in text passwords and click-based graphical passwords,”
in CCS’09: Proceedings of the 16th ACM conference on Computer and
communications security. New York, NY, USA: ACM, 2009, pp. 500–511.
[5] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design
and analysis of graphical passwords,” in SSYM’99: Proceedings of the 8th
conference on USENIX Security Symposium. Berkeley, CA, USA: USENIX
Association, 1999, pp. 1–1.
[6] A. Perrig and D. Song, “Hash visualization: A new technique to improve realworld
security,” in International Workshop on Cryptographic Techniques and
E-Commerce. Citeseer, 1999, pp. 131–138.
[7] J. Thorpe and P. C. Van Oorschot, “Towards secure design choices for implementing
graphical passwords,” dec. 2004, pp. 50 – 60.
[8] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “Passpoints:
design and longitudinal evaluation of a graphical password system,”
International Journal of Human-Computer Studies, vol. 63, no. 1-2, pp. 102 –
127, 2005, hCI research in privacy and security.
[9] S. Wiedenbeck, J. Waters, L. Sobrado, and J. C. Birget, “Design and evaluation
of a shoulder-surfing resistant graphical password scheme,” in AVI’06: Proceedings
of the working conference on Advanced visual interfaces. New York, NY,
USA: ACM, 2006, pp. 177–184.
[10] B. Pinkas and T. Sander, “Securing passwords against dictionary attacks,” in
CCS’02: Proceedings of the 9th ACM conference on Computer and communications
security. New York, NY, USA: ACM, 2002, pp. 161–170.
[11] J. A. Halderman, B. Waters, and E. W. Felten, “A convenient method for
securely managing passwords,” in WWW ’05: Proceedings of the 14th international
conference on World Wide Web. New York, NY, USA: ACM, 2005, pp.
471–479.
[12] K.-P. Yee and K. Sitaker, “Passpet: convenient password management and
phishing protection,” in SOUPS ’06: Proceedings of the second symposium on
Usable privacy and security. New York, NY, USA: ACM, 2006, pp. 32–43.
[13] S. Chiasson, R. Biddle, and P. C. Van Oorschot, “A second look at the usability
of click-based graphical passwords,” in SOUPS ’07: Proceedings of the 3rd
symposium on Usable privacy and security. New York, NY, USA: ACM, 2007,
pp. 1–12.
[14] K. M. Everitt, T. Bragin, J. Fogarty, and T. Kohno, “A comprehensive study
of frequency, interference, and training of multiple graphical passwords,” in
CHI ’09: Proceedings of the 27th international conference on Human factors in
computing systems. New York, NY, USA: ACM, 2009, pp. 889–898.
[15] J. Thorpe and P. C. Van Oorschot, “Graphical dictionaries and the memorable
space of graphical passwords,” in SSYM’04: Proceedings of the 13th conference
on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association,
2004, pp. 10–10.
[16] J. Thorpe and P. C. van Oorschot, “Human-seeded attacks and exploiting hotspots
in graphical passwords,” in SS’07: Proceedings of 16th USENIX Security
Symposium on USENIX Security Symposium. Berkeley, CA, USA: USENIX
Association, 2007, pp. 1–16.
[17] P. C. Van Oorschot, A. Salehi-Abari, and J. Thorpe, “Purely automated attacks
on passpoints-style graphical passwords,” Information Forensics and Security,
IEEE Transactions on, vol. 5, no. 3, pp. 393 –405, sep. 2010.
[18] R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in CHI ’06:
Proceedings of the SIGCHI conference on Human Factors in computing systems.
New York, NY, USA: ACM, 2006, pp. 581–590.
[19] C. Karlof, U. Shankar, J. D. Tygar, and D. Wagner, “Dynamic pharming attacks
and locked same-origin policies for web browsers,” in CCS’07: Proceedings
of the 14th ACM conference on Computer and communications security. New
York, NY, USA: ACM, 2007, pp. 58–71.
[20] T. Holz, M. Engelberth, and F. Freiling, “Learning more about the underground
economy: A case-study of keyloggers and dropzones,” Computer Security –
ESORICS 2009, pp. 1–18, 2010.
[21] N. Provos, D. Mcnamee, P. Mavrommatis, K. Wang, N. Modadugu, and G. Inc,
“The ghost in the browser: Analysis of web-based malware,” 2007.
[22] Anti-Phishing Working Group, “Phishing Activity Trends Report, 2nd Quarter
/ 2010,” http://www.antiphishing.org/.
[23] B. Parno, C. Kuo, and A. Perrig, “Phoolproof phishing prevention,” Financial
Cryptography and Data Security, pp. 1–19, 2006.
[24] H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, “Panorama: capturing
system-wide information flow for malware detection and analysis,” in CCS ’07:
Proceedings of the 14th ACM conference on Computer and communications
security. New York, NY, USA: ACM, 2007, pp. 116–127.
[25] S. Garriss, R. Caceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang,
“Trustworthy and personalized computing on public kiosks,” in Proceeding of
the 6th international conference on Mobile systems, applications, and services.
ACM, 2008, pp. 199–210.
[26] “RSA SecureID,” http://www.rsa.com/node.aspx?id=1156/.
[27] L. O’Gorman, “Comparing passwords, tokens, and biometrics for user authentication,”
Proceedings of the IEEE, vol. 91, no. 12, pp. 2021 – 2040, dec. 2003.
[28] A. Rabkin, “Personal knowledge questions for fallback authentication: security
questions in the era of facebook,” in Proceedings of the 4th symposium on Usable
privacy and security, ser. SOUPS ’08. New York, NY, USA: ACM, 2008, pp.
13–23. [Online]. Available: http://doi.acm.org/10.1145/1408664.1408667
[29] S. Schechter, A. Brush, and S. Egelman, “It’s no secret. measuring the security
and reliability of authentication via secret questions,” in Security and Privacy,
2009 30th IEEE Symposium on, may 2009, pp. 375 –390.
[30] “Passfaces,” http://www.realuser.com/.
[31] E. Hayashi, R. Dhamija, N. Christin, and A. Perrig, “Use your illusion: secure
authentication usable anywhere,” in Proceedings of the 4th symposium on Usable
privacy and security, ser. SOUPS ’08. New York, NY, USA: ACM, 2008, pp.
35–45. [Online]. Available: http://doi.acm.org/10.1145/1408664.1408670
[32] R. Dhamija and A. Perrig, “Deja vu: A user study using images for authentication,”
in Proceedings of the 9th conference on USENIX Security Symposium-
Volume 9. USENIX Association, 2000, pp. 4–4.
[33] I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design
and analysis of graphical passwords,” in Proceedings of the 8th conference on
USENIX Security Symposium-Volume 8. USENIX Association, 1999, pp. 1–
1.
[34] R. Weiss and A. De Luca, “Passshapes: utilizing stroke based authentication
to increase password memorability,” in Proceedings of the 5th Nordic
conference on Human-computer interaction: building bridges, ser. NordiCHI
’08. New York, NY, USA: ACM, 2008, pp. 383–392. [Online]. Available:
http://doi.acm.org/10.1145/1463160.1463202
[35] A. Syukri, E. Okamoto, and M. Mambo, “A user identification system using
signature written with mouse,” in Information Security and Privacy. Springer,
1998, pp. 403–414.
[36] S. Chiasson, P. C. Van Oorschot, and R. Biddle, “Graphical password authentication
using cued click points,” Computer Security–ESORICS 2007, pp. 359–
374, 2008.
[37] R. N. and Shepard, “Recognition memory for words, sentences, and pictures,”
Journal of Verbal Learning and Verbal Behavior, vol. 6, no. 1, pp. 156 –
163, 1967. [Online]. Available: http://www.sciencedirect.com/science/article/
pii/S0022537167800677
[38] T. Valentine, “An evaluation of the passface personal authentication system,”
Goldsmiths College Univ. of London, Tech. Rep, 1999.
[39] Valentine, T., “Memory for passfaces after a long delay,” Technical Report,
Goldsmiths College, University of London, Tech. Rep., 1999.
[40] D. Davis, F. Monrose, and M. Reiter, “On user choice in graphical password
schemes,” in Proceedings of the 13th conference on USENIX Security
Symposium-Volume 13. USENIX Association, 2004, pp. 11–11.
[41] G. Blonder, “Graphical password,” Sep. 24 1996, uS Patent 5,559,961.
[42] S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon, “Authentication
using graphical passwords: Basic results,” Human-Computer Interaction
International (HCII 2005), 2005.
[43] Wiedenbeck, S. and Waters, J. and Birget, J.C. and Brodskiy, A. and Memon,
N., “Authentication using graphical passwords: effects of tolerance and image
choice,” in Proceedings of the 2005 symposium on Usable privacy and security.
ACM, 2005, pp. 1–12.
[44] J. Birget, D. Hong, and N. Memon, “Graphical passwords based on robust
discretization,” Information Forensics and Security, IEEE Transactions on,
vol. 1, no. 3, pp. 395–399, 2006.
[45] J. Bonneau and S. Preibusch, “The password thicket: technical and market
failures in human authentication on the web,” in The Ninth Workshop on the
Economics of Information Security, WEIS, 2010.
[46] J. Brainard, A. Juels, R. L. Rivest, M. Szydlo, and M. Yung, “Fourthfactor
authentication: somebody you know,” in Proceedings of the 13th
ACM conference on Computer and communications security, ser. CCS
’06. New York, NY, USA: ACM, 2006, pp. 168–178. [Online]. Available:
http://doi.acm.org/10.1145/1180405.1180427
[47] M. Jakobsson, E. Stolterman, S. Wetzel, and L. Yang, “Love and
authentication,” in Proceedings of the twenty-sixth annual SIGCHI conference
on Human factors in computing systems, ser. CHI ’08. New York, NY, USA:
ACM, 2008, pp. 197–200. [Online]. Available: http://doi.acm.org/10.1145/
1357054.1357087
[48] M. Wu, S. Garfinkel, and R. Miller, “Secure web authentication with mobile
phones,” in DIMACS Workshop on Usable Privacy and Security Software. Citeseer,
2004.
[49] E. Barkan and E. Biham, “Conditional estimators: An effective attack on
A5/1,” in Selected Areas in Cryptography. Springer, 2006, pp. 1–19.
[50] M. Mannan and P. C. Van Oorschot, “Using a personal device to strengthen
password authentication from an untrusted computer,” Financial Cryptography
and Data Security, pp. 88–103, 2007.
[51] C. Yue and H. Wang, “SessionMagnifier: a simple approach to secure and
convenient kiosk browsing,” in Proceedings of the 11th international conference
on Ubiquitous computing. ACM, 2009, pp. 125–134.
[52] J. McCune, A. Perrig, and M. Reiter, “Bump in the ether: A framework for
securing sensitive user input,” in USENIX Annual Technical Conference, 2006,
pp. 185–198.
[53] A. E. Dirik, N. Memon, and J.-C. Birget, “Modeling user choice in the
passpoints graphical password scheme,” in Proceedings of the 3rd symposium on
Usable privacy and security, ser. SOUPS ’07. New York, NY, USA: ACM, 2007,
pp. 20–28. [Online]. Available: http://doi.acm.org/10.1145/1280680.1280684
[54] L. Lamport, “Password authentication with insecure communication,” Commun.
ACM, vol. 24, pp. 770–772, November 1981.
[55] H. Gilbert and H. Handschuh, “Security analysis of SHA-256 and sisters,” in
Selected Areas in Cryptography. Springer, 2003, pp. 175–193.
[56] 3GPP, “TS 23.040: Technical realization of the Short Message Service (SMS),”
http://www.3gpp.org/.
[57] I. T. Report, “ITU Internet Reports 2006: digital.life,” http://www.itu.int/.
[58] 3GPP, “TS 35.201: Specification of the 3GPP Confidentiality and Integrity
Algorithms Document 1: f8 and f9 Specification,” http://www.3gpp.org/.
[59] 3GPP, “TS 35.202: Specification of the 3GPP Confidentiality and Integrity
Algorithms Document 2: KASUMI Specification,” http://www.3gpp.org/.
[60] B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell, “Stronger password
authentication using browser extensions,” in SSYM’05: Proceedings of
the 14th conference on USENIX Security Symposium. Berkeley, CA, USA:
USENIX Association, 2005, pp. 2–2.
[61] M. Bellare and C. Namprempre, “Authenticated Encryption: Relations among
Notions and Analysis of the Generic Composition Paradigm,” Advances in
Cryptology – ASIACRYPT 2000, pp. 531–545, 2000.
[62] H. Krawczyk, “The order of encryption and authentication for protecting communications
(or: How secure is SSL?),” in Advances in Cryptology – CRYPTO
2001. Springer, 2001, pp. 310–331.
[63] B. Blanchet, “ProVerif: Cryptographic protocol verifier in the formal model,”
http://www.proverif.ens.fr/.
[64] B. Blanchet, “An efficient cryptographic protocol verifier based on prolog rules,”
in Computer Security Foundations Workshop, 2001. Proceedings. 14th IEEE,
2001, pp. 82 –96.
[65] M. Weir, S. Aggarwal, M. Collins, and H. Stern, “Testing metrics for password
creation policies by attacking large sets of revealed passwords,” in Proceedings
of the 17th ACM conference on Computer and communications security, ser.
CCS’10. New York, NY, USA: ACM, 2010, pp. 162–175.
[66] T. Delenikas and et al., “SMSLib API – Java library for sending/receiving
SMS.” http://smslib.org/.
[67] D. Wendlandt, D. G. Andersen, and A. Perrig, “Perspectives: improving sshstyle
host authentication with multi-path probing,” in USENIX 2008 Annual
Technical Conference on Annual Technical Conference. Berkeley, CA, USA:
USENIX Association, 2008, pp. 321–334.
[68] S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer, “Emperor’s new security
indicators: An evaluation of website authentication and the effect of role
playing on usability studies,” in In Proceedings of the 2007 IEEE Symposium
on Security and Privacy, 2007.
[69] R. Biddle, S. Chiasson, and P. C. Van Oorschot, “Graphical passwords: Learning
from the first twelve years,” ACM Computing Surveys (to appear). School
of Computer Science, Carleton University.
[70] K. Fuglerud and O. Dale, “Secure and inclusive authentication with a talking
mobile one-time-password client,” Security Privacy, IEEE, vol. 9, no. 2, pp. 27
–34, march-april 2011.
[71] WiMAX Forum, “Femtocells core specification: DRAFT-T33-118-R016v01-B,”
May 2010.
[72] 3GPP, “TR-25.820-v8.2.0: 3G Home NodeB Study Item Technical Report (Release
8),” Sep. 2008.
[73] N. Doraswamy and D. Harkins, IPSec: the new security standard for the Internet,
intranets, and virtual private networks. Prentice Hall, 2003.
[74] C. Kaufman et al., “Internet key exchange (IKEv2) protocol,” 2005.
[75] Golaup, A. and Mustapha, M. and Patanapongpibul, Leo Boonchin, “Femtocell
access control strategy in UMTS and LTE,” IEEE Communications Magazine,
vol. 47, no. 9, pp. 117–123, 2009.
[76] A. Golaup, M. Mustapha, and L. B. Patanapongpibul, “Femtocell access control
strategy in umts and lte,” Comm. Mag., vol. 47, no. 9, pp. 117–123, 2009.
[77] J. M. McCune, A. Perrig, and M. K. Reiter, “Seeing-Is-Believing: Using Camera
Phones for Human-Verifiable Authentication,” in Proceedings of the IEEE
Symposium on Security and Privacy, May 2005.
[78] Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L.
Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang, “SPATE: Small-group PKI-less authenticated
trust establishment,” in Proceedings of the 7th Annual International
Conference on Mobile Systems, Applications and Services (MobiSys 2009), Jun.
2009.
[79] S. Laur and K. Nyberg, “Efficient mutual data authentication using manually
authenticated strings,” in Cryptology and Network Security (CANS), 2006, pp.
90–107.
[80] S. Vaudenay, “Secure communications over insecure channels based on short
authenticated strings,” in Advances in Cryptology (Crypto), 2005, pp. 309–326.
[81] D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong, “Talking to strangers:
Authentication in ad-hoc wireless networks,” in Proceedings of the 9th Annual
Network and Distributed System Security Symposium (NDSS), 2002.
[82] F. Stajano and R. J. Anderson, “The resurrecting duckling: Security issues for
ad-hoc wireless networks,” in Security Protocols Workshop, 1999, pp. 172–194.
[83] NFC Forum, “NFC Forum: Specifications,” http://www.nfc-forum.org/specs/.
[84] C. Castelluccia and P. Mutaf, “Shake Them Up! A movement-based pairing
protocol for CPU-constrained devices,” in Proceedings of ACM/Usenix MobiSys,
2005.
[85] J. Lester, B. Hannaford, and B. Gaetano, “Are you with me? - Using accelerometers
to determine if two devices are carried by the same person,” in
Proceedings of Pervasive, 2004.
[86] H. Kato and K. Tan, “Pervasive 2D barcodes for camera phone applications,”
IEEE Pervasive Computing, pp. 76–85, 2007.
[87] M. J. Cox and R. S. Engelschall, “OpenSSL: Open Source toolkit implementing
for SSL/TLS,” http://www.openssl.org/, May 1999.
[88] R. Housley, W. Polk, W. Ford, and D. Solo, “Internet X. 509 public key infrastructure
certificate and certificate revocation list (CRL) profile,” 2002.
[89] S. Owen and et al., “ZXing: Multi-format 1D/2D barcode image processing
library with clients for Andriod, Java,” http://code.google.com/p/zxing/, Oct
2009.