1 / 46

Use Your Illusion: Secure Authentication Usable Anywhere

Use Your Illusion: Secure Authentication Usable Anywhere. Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan. Key Concept: Distortion. Original Picture. Distorted Picture. You can recognize a baby now because you know the original picture.

trula
Download Presentation

Use Your Illusion: Secure Authentication Usable Anywhere

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Use Your Illusion:Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan

  2. Key Concept: Distortion Original Picture Distorted Picture You can recognize a baby now because you know the original picture

  3. Use Your Illusion

  4. Graphical Authentication • Passfaces • Pass Points • DAS (Draw-A-Secret) • Déjà vu

  5. Passfaces • Faces are used as a graphical portfolio • Preference could be a limitation Cited from “On User Choice in Graphical Password Schemes”, Darren Daivis et. al, 2004

  6. Pass Points • Use “a sequence of clicks” as a shared secret • There are hot spots Cited from “Authentication Usin Graphical Passwords: Basic Results”, Susan Wiednbeck et. al, 2004

  7. Most Straightforward Way • Choose graphical portfolio from a set of pictures

  8. Graphical Portfolio • If a user can choose whatevergraphical portfolio… • If system assigns portfoliorandomly…

  9. Fundamental Tradeoff Security Memorability

  10. “Use Your Illusion” • Allow users to take/choose pictures by themselves • Distort the pictures • Assign the distorted pictures as graphical portfolio

  11. “Use Your Illusion” • Allow users to take/choose pictures by themselves • Distort the pictures • Assign the Distorted pictures as graphical token Security Memorability

  12. Requirements for Distortion • One-way • Discarding precise shapes and colors • Preserving rough shapes and colors

  13. Oil Painting Filter • Choose RGB values which appears most frequently in a neighborhood

  14. Oil Painting Filter

  15. Distortion Level • If high, difficult to guessbut difficult to memorize • If low, easy to memorizebut easy to guess

  16. Distortion Level • Two parameters affect distortion level • If too high, not usable • If too low, not secure Security Memorability

  17. Low-Fidelity Test Least distorted Most distorted

  18. Low-Fidelity Test

  19. Low-Fidelity Test

  20. Low-Fidelity Test

  21. Low-Fidelity Test

  22. Low-Fidelity Test

  23. Low-Fidelity Test It’s a dog!!

  24. Low-Fidelity Test Difficult to guess w/o knowing original picture

  25. Low-Fidelity Test Can’t recognize a dog

  26. Low-Fidelity Test Easy to recognize w/ knowing original picture

  27. Low-Fidelity Test Satisfies requirements

  28. Prototype • Implemented on Nokia’s cell-phone for usability test • Also implemented on the web

  29. Prototype Demo

  30. Usability Test • 45 participants and for 1 week • 54 participants and for 4 weeks

  31. 1st Usability Test • 45 participants were divided into 3 groups • Self-selected, Non-distorted • Self-selected, distorted (Use Your Illusion) • Imposed, highly-distorted

  32. Self-selected, Non-distorted

  33. Self-selected, Distorted

  34. Imposed, Highly-distorted

  35. Procedure

  36. Success Rate

  37. Authentication Time (Mean) Imposed, Highly-distorted Self-selected, Distorted Self-selected, Non-distorted

  38. Process of Memorization • Participants assign meanings to distorted pictures • Assigning meanings helps memorization Mountain Sea Moai statue

  39. 2nd Usability Test • 54 participants were divided into 3 groups • Self-selected, Non-distorted • Self-selected, Distorted • Imposed, Distorted • Authenticate • On the 1st day • 2 days after • 1 week after • 4 weeks after

  40. Imposed, Distorted

  41. Success Rate

  42. Authentication Time (Mean) Imposed, Distorted Self-selected, Distorted Self-selected, Non-distorted

  43. Tolerance against Guessing Attack • Original pictures are vulnerable • Distorted pictures are more tolerant

  44. Future Work • Detailed usability test • Long term test • Find an optimal distortion • Investigate a metric evaluating distortion level

  45. Use Your Illusion • Use distorted pictures as a portfolio • As memorable as non-distorted pictures • More memorable than imposed (highly-) distorted pictures • Fits human memorization process • More tolerant to guessing attack

  46. Thank you for listening Prototype is available on http://arima.okoze.net/illusion/ Please try it!

More Related