Abstract
Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Brostoff, A.: Improving password system effectiveness. Department of Computer Science, University College London UCL, Doctor of Philosophy Thesis (2004)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password Memorability and Security: Empirical Results. IEEE Security & Privacy 5(2), 25–31 (2004)
De-Angeli, A., Coutts, M., Coventry, L., Johnson, G., Cameron, D., Fischer, M.: VIP: A Visual Approach to User Authentication. In: Proc Advanced Visual Interfaces AVI, pp. 316–323. ACM Press, New York (2002)
Dhamija, R.: Hash Visualization in User Authentication. In: Proc (CHI), pp. 279–280. ACM Press, New York (2000)
Passface: Real-User PassfacesTM, http://www.passfaces.com
Pering, T., Sundar, M., Light, J., Want, R.: Photographic Authentication through Untrusted Terminals. Security & Privacy 2(1), 30–36 (2003)
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In: Proc. Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM Press, New York (2005)
Zviran, M., Haga, W.: Cognitive Passwords: the Key to Easy Access Control. Computers and Security 9, 723–736 (1990)
Just, M.: Designing and Evaluating Challenge Question Systems. Proc IEEE Security & Privacy: Special Issue on Security and Usability 2(5), 32–39 (2004)
Harper, R., Rodden, T., Rogers, Y., Sellen, A. (eds.): Being Human: Human-Computer Interaction in the year 2020. Microsoft Research Ltd., Cambridge (2008)
Zviran, M., Haga, W.: A Comparison of Password Techniques for Multilevel Authentication Mechanisms. The Computer Journal 36(3), 227–237 (1993)
Porter, S.: A Password Extension for Improved Human Factors. Computers and Security 1(1), 54–56 (1982)
Smith, S.L.: Authenticating Users by Word Association. Computers & Security 6, 464–470 (1987)
De-Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a Picture Really Worth a Thousand Words? Exploring the Feasibility of Graphical Authentication Systems. International Journal of Human-Computer Studies 63(2), 128–152 (2005)
Takada, T., Koike, H.: Awase-E: Image-based Authentication for Mobile Phones Using User’s Favourite Images. In: Chittaro, L. (ed.) Mobile HCI 2003. LNCS, vol. 2795, pp. 347–351. Springer, Heidelberg (2003)
Davis, D., Monrose, F., Reiter, K.: On User Choice in Graphical Password Schemes. In: Proc 13th USENIX Security Symposium, pp. 151–164 (2004)
Dunphy, P., Heiner, A.P., Asokan, N.: A Closer Look at Recognition-based Graphical Passwords on Mobile Devices. In: Symposium on Usable Privacy and Security (SOUPS), Redmond, WA, USA (2010)
Nosseir, A., Connor, R., Dunlop, M.: Internet Authentication Based on Personal History – A Feasibility Test. In: Workshop on Customer Focused Mobile Services at WWW 2005 (2005)
Nosseir, A., Connor, R., Revie, C., Terzis, S.: Question-Based Authentication Using Context Data. In: ACM Nordic Conference on Human Computer Interaction (NordiCHI 2006), Oslo, Norway (2006)
Renaud, K., Olsen, E.: Dynahand: Observation-resistant recognition-based web authentication. IEEE Technology and Society Magazine 26(2), 22–31 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nosseir, A., Terzis, S. (2011). Towards Authentication via Selected Extraction from Electronic Personal Histories. In: Filipe, J., Cordeiro, J. (eds) Enterprise Information Systems. ICEIS 2010. Lecture Notes in Business Information Processing, vol 73. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19802-1_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-19802-1_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19801-4
Online ISBN: 978-3-642-19802-1
eBook Packages: Computer ScienceComputer Science (R0)