research-article

ActivPass: Your Daily Activity is Your Password

Authors:

Sourav Kumar Dandapat,

Swadhin Pradhan,

Romit Roy Choudhury,

Niloy GangulyAuthors Info & Claims

CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems

Pages 2325 - 2334

https://doi.org/10.1145/2702123.2702457

Published: 18 April 2015 Publication History

Abstract

This paper explores the feasibility of automatically extracting passwords from a user's daily activity logs, such as her Facebook activity, phone activity etc. As an example, a smartphone might ask the user: "Today morning from whom did you receive an SMS?" In this paper, we observe that infrequent activities (i.e., outliers) can be memorable and unpredictable. Building on this observation, we have developed an end to end system ActivPass and experimented with 70 users. With activity logs from Facebook, browsing history, call logs, and SMSs, the system achieves 95% success (authenticates legitimate users) and is compromised in 5.5% cases (authenticates impostors). While this level of security is obviously inadequate for serious authentication systems, certain practices such as password sharing can immediately be thwarted from the dynamic nature of passwords. With security improvements in the future, activity-based authentication could fill in for the inadequacies in today's password-based systems.

Supplementary Material

ZIP File (pn1743-file4.zip)

Download
53.54 KB

References

[1]

Akhilomen, J. Data Mining Application for Cyber Credit-card Fraud Detection System. In ICDM (2013), 218--228.

Digital Library

[2]

Blonder, G. E. Graphical Password, U.S. Patent 5559961. http://www.freepatentsonline.com/5559961.html, Sept. 1996.

[3]

Bonneau, J., Herley, C., Oorschot, P. C. v., and Stajano, F. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In IEEE S & P (2012), 553--567.

Digital Library

[4]

Chibelushi, C., Deravi, F., and Mason, J. A Review of Speech-Based Bimodal Recognition. IEEE Transactions on Multimedia 4, 1 (2002), 23--37.

Digital Library

[5]

Darwish, A. A., Zaki, W. M., Saad, O. M., Nassar, N. M., and Schaefer, G. Human Authentication Using Face and Fingerprint Biometrics. In CICSyN (2010), 274--278.

Digital Library

[6]

Das, S., Hayashi, E., and Hong, J. I. Exploring Capturable Everyday Memory for Autobiographical Authentication. In UbiComp (2013), 211--220.

Digital Library

[7]

de Vel, O., Anderson, A., Corney, M., and Mohay, G. Mining e-Mail Content for Author Identification Forensics. SIGMOD Rec. 30, 4 (2001), 55--64.

Digital Library

[8]

Denning, D. E., and MacDoran, P. F. Internet besieged. ACM Press/Addison-Wesley Publishing Co., 1998, ch. Location-Based Authentication: Grounding Cyberspace for Better Security, 167--174.

Digital Library

[9]

Gafurov, D., Helkala, K., and Sondrol, T. Biometric Gait Authentication Using Accelerometer Sensor. JCP 1, 7 (2006), 51--59.

[10]

Granger, E., Khreich, W., Sabourin, R., and Gorodnichy, D. O. Fusion of Biometric Systems Using Boolean Combination: An Application to Iris-Based Authentication. Int. J. Biometrics 4, 3 (2012), 291--315.

Digital Library

[11]

Guha, S., Jain, M., and Padmanabhan, V. Koi: A Location-Privacy Platform for Smartphone Apps. In NSDI (2012), 183--196.

Digital Library

[12]

Gupta, P., Wee, T. K., Ramasubbu, N., Lo, D., Gao, D., and Balan, R. HuMan: Creating Memorable Fingerprints of Mobile Users. In PerCom (2012), 479--482.

[13]

Khan, M. K., Zhang, J., and Wang, X. Chaotic Hash-Based Fingerprint Biometric Remote User Authentication Scheme on Mobile Devices. Chaos, Solitons & Fractals 35, 3 (2008), 519--524.

[14]

Mandujano, S., and Soto, R. Deterring Password Sharing: User Authentication via Fuzzy C-Means Clustering Applied to Keystroke Biometric Data. In ENC (2004), 181--187.

Digital Library

[15]

McCool, C., et al. Bi-Modal Person Recognition on a Mobile Phone: Using Mobile Phone Data. In ICMEW (2012), 635--640.

Digital Library

[16]

Nosseir, A., Connor, R., Revie, C., and Terzis, S. Question-Based Authentication Using Context Data. In NordiCHI (2006), 429--432.

Digital Library

[17]

Peacock, A., Ke, X., and Wilkerson, M. Typing Patterns: A Key to User Identification. IEEE S & P 2, 5 (2004), 40--47.

Digital Library

[18]

Yampolskiy, R. Human Computer Interaction Based Intrusion Detection. In ITNG (2007), 837--842.

Digital Library

[19]

Zorkadis, V., and Donos, P. On biometrics-Based Authentication and Identification from a Privacy-Protection Perspective: Deriving Privacy-Enhancing Requirements. Inf. Manag. Comput. Security 12, 1 (2004), 125--137.

Cited By

Syed NShah SShaghaghi AAnwar ABaig ZDoss R(2022)Zero Trust Architecture (ZTA): A Comprehensive SurveyIEEE Access10.1109/ACCESS.2022.317467910(57143-57179)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3174679
Yamaguchi SGomi HKobayashi RThao TIrvan MYamaguchi R(2020)Effective Classification for Multi-modal Behavioral Authentication on Large-Scale Data2020 15th Asia Joint Conference on Information Security (AsiaJCIS)10.1109/AsiaJCIS50894.2020.00027(101-109)Online publication date: Aug-2020
https://doi.org/10.1109/AsiaJCIS50894.2020.00027
Sengupta SGanguly NDe PChakraborty S(2019)Exploiting Diversity in Android TLS Implementations for Mobile App Traffic ClassificationThe World Wide Web Conference10.1145/3308558.3313738(1657-1668)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313738
Show More Cited By

Index Terms

ActivPass: Your Daily Activity is Your Password
1. Applied computing
  1. Electronic commerce

Recommendations

Round-optimal ID-based dynamic authenticated group key agreement

A group key agreement protocol provides a set of users with a shared secret key to achieve cryptographic goal. When membership changes, group session key should be updated efficiently and securely. Hence, dynamic group key agreement protocols are of ...
A Study of Biometric Feature for a Recall-Based Behavioral Graphical Mobile Authentication
MISNC, SI, DS 2016: Proceedings of the The 3rd Multidisciplinary International Social Networks Conference on SocialInformatics 2016, Data Science 2016

With the increasing use of mobile devices, including smart phones and tablets, in today's IT infrastructure, the paradigms of computer applications have been significantly changed. One area of studies is to utilize a new authentication scheme that will ...
Dynamic Authentication Protocol Using Multiple Signatures

The work highlights a secure and trusted data transmission protocol focusing on dynamic cum multi-phase authentication scenarios suitable for defense sector applications under wireless environments. Initially the user communicates a proprietary logo ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems

April 2015

4290 pages

ISBN:9781450331456

DOI:10.1145/2702123

General Chairs:
Bo Begole
Huawei, USA
,
Jinwoo Kim
Yonsei University, Korea
,
Program Chairs:
Kori Inkpen
Microsoft Research, USA
,
Woontack Woo
KAIST, Korea

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

IIMA
DST
ITRA

Conference

CHI '15

Sponsor:

SIGCHI

CHI '15: CHI Conference on Human Factors in Computing Systems

April 18 - 23, 2015

Seoul, Republic of Korea

Acceptance Rates

CHI '15 Paper Acceptance Rate 486 of 2,120 submissions, 23%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
572
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Syed NShah SShaghaghi AAnwar ABaig ZDoss R(2022)Zero Trust Architecture (ZTA): A Comprehensive SurveyIEEE Access10.1109/ACCESS.2022.317467910(57143-57179)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3174679
Yamaguchi SGomi HKobayashi RThao TIrvan MYamaguchi R(2020)Effective Classification for Multi-modal Behavioral Authentication on Large-Scale Data2020 15th Asia Joint Conference on Information Security (AsiaJCIS)10.1109/AsiaJCIS50894.2020.00027(101-109)Online publication date: Aug-2020
https://doi.org/10.1109/AsiaJCIS50894.2020.00027
Sengupta SGanguly NDe PChakraborty S(2019)Exploiting Diversity in Android TLS Implementations for Mobile App Traffic ClassificationThe World Wide Web Conference10.1145/3308558.3313738(1657-1668)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313738
Gomi HYamaguchi SOgami WTeraoka THigurashi T(2019)Context-Aware Authentication Using Co-Located Devices2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00048(304-311)Online publication date: Aug-2019
https://doi.org/10.1109/TrustCom/BigDataSE.2019.00048
Tiwari PVelayutham TSingh GMitra B(2019)Behaviour Based Authentication: A New Login Strategy for Smartphones2019 Second International Conference on Advanced Computational and Communication Paradigms (ICACCP)10.1109/ICACCP.2019.8882897(1-7)Online publication date: Feb-2019
https://doi.org/10.1109/ICACCP.2019.8882897
Shah SKanhere S(2019)Recent Trends in User Authentication – A SurveyIEEE Access10.1109/ACCESS.2019.29324007(112505-112519)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2932400
Sarmadi SLi MChellappan S(2018)A Statistical Framework to Forecast Duration and Volume of Internet Usage Based on Pervasive Monitoring of NetFlow Logs2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)10.1109/AINA.2018.00077(480-487)Online publication date: May-2018
https://doi.org/10.1109/AINA.2018.00077
Shah SKanhere SGu TKotagiri RLiu H(2017)Wi-AuthProceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services10.1145/3144457.3144468(393-402)Online publication date: 7-Nov-2017
https://dl.acm.org/doi/10.1145/3144457.3144468
Sarmadi SLi MChellappan S(2017)On the feasibility of profiling internet users based on volume and time of usage2017 IEEE 9th Latin-American Conference on Communications (LATINCOM)10.1109/LATINCOM.2017.8240155(1-6)Online publication date: Nov-2017
https://doi.org/10.1109/LATINCOM.2017.8240155
Albayram YKhan M(2016)Evaluating smartphone-based dynamic security questions for fallback authenticationHuman-centric Computing and Information Sciences10.1186/s13673-016-0072-36:1(1-35)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1186/s13673-016-0072-3
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten