330 likes | 458 Views
Marcia Gibson University of Bedfordshire Oct, 2007. Infinite Alphabet Passwords. Overview. Background: Why bother? Infinite Alphabet Password Systems Research question Infinite Alphabets? Evaluation Findings and conclusion Further work. Why think about new designs for authentication?.
E N D
Marcia Gibson University of Bedfordshire Oct, 2007 Infinite Alphabet Passwords
Overview • Background: Why bother? • Infinite Alphabet Password Systems • Research question • Infinite Alphabets? • Evaluation • Findings and conclusion • Further work
Why think about new designs for authentication? • No “perfect” solution to authentication. • Well known trade off between security and usability/accessibility. • Organisations have to weigh up pros and cons. Which can sometimes mean take up of biometric and token based systems difficult to warrant, especially when remote authentication is needed.
Current deficit • The result is that we need • authentication systems: • That can be set up and used quickly and easily over networks (especially the internet). • That are secure and easy to use (i.e. address as much as possible the security-usability/accessibility trade off, not the case with traditional passwords).
What is an Infinite Alphabet Password System (IAPS)? • A conceptual model for knowledge based authentication techniques, inspired by research carried out into image based passwords. • Defined as a password system where there is “practically no limitation on the number of letters that a software system can use as passwords”.
What is meant by “infinite” in this context? • Original concept of an IAP scheme was purely theoretical • In practice, the alphabets that are implemented are virtually infinite, This is because of the limited resources in time and space inherent to any computer system. • A practical bound is the data width i.e. the number of bits that can be used to represent a distinct alphabet letter as well as the capability of the system on which the alphabet is generated to handle strings of a certain bit length.
IAPS – Design rationale • Opportunity to utilise our inherent ability for recognition (or cued recall) • Equal(ish?) chance of selection of any given set of symbols (when designed optimally) • Individualisation of password alphabet • Large size of password alphabet • Non media centric, allows us to focus on optimal system design without becoming too bogged down with alphabet letter issues.
Research question: • “Is it feasible that one day infinite alphabet passwords might gain mass acceptance as a mainstream authentication mechanism?” Method of inquiry: • Identification of the systems to be assessed. • Identification of contexts of use. • Identification of key aspects that affect the success of each system in each context of use.
Suitability of candidate alphabets for use in IAPS • Evaluated against two top level goals: • (virtually) Infinite in nature. • Implementable (technology exists to dynamically generate from seed and present to user). • Alphabets that underwent the evaluation: • Images • Sounds • Tastes • Touch • Smells
Suitability of candidate alphabets for use in IAPS • Evaluated against two top level goals: • (virtually) Infinite in nature. • Implementable (technology exists to dynamically generate from seed and present to user). • Alphabets that underwent the evaluation: • Images • Sounds • Tastes • Touch • Smells Infinite number perceivable, less are differentiable between. Large enough for IAPS (i.e. for practical purposes). Existing systems for generation dynamically from seed include Bauer’s (www.random-art.org) random art algorithm and Conrad’s CGCA System (www.perisic.com/art395)
Suitability of candidate alphabets for use in IAPS • Evaluated against two top level goals: • (virtually) Infinite in nature. • Implementable (technology exists to dynamically generate from seed and present to user). • Alphabets that underwent the evaluation: • Images • Sounds • Tastes • Touch • Smells An infinite number of sounds or sound compositions can be perceived, differentiation may be a problem as with images. Dynamic generation from seed is possible, an example of a sound generation system is discussed in Conrad, French & Gibson (2006)
Suitability of candidate alphabets for use in IAPS • Evaluated against two top level goals: • (virtually) Infinite in nature. • Implementable (technology exists to dynamically generate from seed and present to user). • Alphabets that underwent the evaluation: • Images • Sounds • Tastes • Touch • Smells Deliverable by water soluble chemicals introduced to the tongue. Not generatable dynamically from seed as it is not known how a chemical will taste (or if it will taste) based on its physical structure. BCI technology isn’t advanced enough to generate particular sensations especially two or more combined. Research is focused on output e.g. Duncan, D.E. (2005); Haynes, J.D. et al (2007)
Suitability of candidate alphabets for use in IAPS • Evaluated against two top level goals: • (virtually) Infinite in nature. • Implementable (technology exists to dynamically generate from seed and present to user). • Alphabets that underwent the evaluation: • Images • Sounds • Tastes • Touch • Smells Large number of textures can be perceived and could possibly be generatable from seed. The hardware does not exist to present to the user in large enough numbers to be used in IAP systems. BCI is not mature enough.
Suitability of candidate alphabets for use in IAPS • Evaluated against two top level goals: • (virtually) Infinite in nature. • Implementable (technology exists to dynamically generate from seed and present to user). • Alphabets that underwent the evaluation: • Images • Sounds • Tastes • Touch • Smells Large number of smells can be perceived. Not generatable from random seed as it is difficult to know (given scent producing hardware) how scents will combine, especially as some smells could be distressing for some users (Kaye, J., 2004).
Password element selection and presentation modes(1/3) • Holistic selection (HIAP): The user selects a whole password element (letter) or elements to log in.
Password element selection and presentation modes(2/3) • Manipulation (MIAP): The user manipulates an element or a number of elements in a particular manner and/or to satisfy a particular end state in order to log in.
Password element selection and presentation modes(3/3) • Partial selection (PIAP): The user selects an aggregate part of an element or elements in order to log in.
Resulting IAP systems • By combining the alphabet types that can be used with the principle interface types, 6 IAP systems are identified for further investigation:
Identifying contexts of use • The requirements for authentication systems vary • with contexts of use. It would not be possible (or sensible) • given time constraints to evaluate all. • Six abstract contexts of use identified • and a minimum requirement value for security and usability/accessibility was assigned to each: • For local and remote access: • High secure, low usable/accessible. (e.g. banking workstation) • Moderately secure, moderately usable/accessible. (e.g. e-commerce website) • Low secure, high usable/accessible. (e.g. ordering a film from a cable/satellite provider)
Evaluation of likely level of mass end user acceptance • The evaluation was composed of two parts: • Point by point evaluation against a number of issues found to be important when evaluating efficacy of authentication systems. • Adjustment of the results to take into account the importance of each point in each use context and the visibility of each system i.e. “the level of exposure either first hand or from somewhere else a user is likely to have of an authentication system”.
Example of evaluation considerations • Total of twenty “rules” for consideration in • evaluation: 11 security, 9 usability/accessibility, • derived from literature review. Example security consideration: “Cannot be communicated or otherwise transferred from authentic user to others”. Example usability/accessibility consideration: “System should not require specialised devices to function, enabling accessibility”.
Applying the point scoring system • Points were allocated to each of the twenty assessment criteria for each use context. • 100 possible points were available in both security and usability/accessibility categories. • The 6 IAPS as well as biometric, token based and text based systems were then evaluated and a percentage of marks awarded for each point. • This resulted in a total security and usability/ accessibility rating for each system.
Estimating visibility • If a user has never heard about or experienced a system (i.e. had no exposure) it is not possible for them to choose to use it. • As well as the overall level of visibility an authentication system has to a user also the quality of the visibility (i.e. whether they user hear/experience positive or negative things) is important. • Also important is the avenue of communication, a user will likely perceive some avenues to be more reputable than others. In this research media, personal trialling and word of mouth are used.
Putting it all together: Initial values for VQ in communication layer were set as follows: 0 for both positive & negative in IAP systems. 30 negative and 70 positive in biometric systems. 10 negative and 90 positive in token based systems. 90 negative and 10 positive in text based systems.
Putting it all together: It can be expected that most users are likely to value personal trialling as the highest valued form of visibility, word of mouth as the second most valued form of visibility and the media as the lowest valued form of visibility in light of this values were set as follows: Trialling VV = 50% Word of mouth VV = 30% Media VV = 20%
Putting it all together: If an IAP system never reaches the perceived efficacy of its competitor systems then that system will never gain mass exposure (through all avenues) as it is unlikely to be implemented and therefore available for trialling.
Local access Results (1st iteration) Moderate Security, Moderate Usability/Accessibility + Visibility + Visibility High Usability/Accessibility, Low Security + Visibility Security Usability / Accessibility
Remote access Results (1st iteration) Moderate Security, Moderate Usability/Accessibility + Visibility High Security, Low Usability/Accessibility + Visibility High Usability/Accessibility, Low Security + Visibility Security Usability / Accessibility
Overall findings • IAPS designs were found to be better in terms of usability/accessibility and security than text-based and biometric systems when evaluated against this set of requirements. • HIAP systems were the most successful in the evaluation where they almost matched or approximately matched the performance of token based systems. • The visible efficacy of IAPS in their current form are unlikely to meet that of competitor systems. However with further refinement and improvement this may be possible.
Further research • Improvements to IAPS that would make them more likely to gain acceptance are: • In image based IAPS: Research into prohibiting shoulder surfing attacks (interface design). • In sound based IAPS: Research into making passwords more memorable as well as easier and faster to learn, setup and use. (interface design, training methods and alphabet design). More accurate gauging of the affect of visibility on system uptake Ways to implement a true IAP system over a distributed population of users.
References • BLONDER, G., 1996. Graphical Passwords, US Patent 5559961, Lucent Technologies Inc., Murray Hill, NJ, August 30, 1996. • CONRAD, M., FRENCH, T., GIBSON, M., 2006. A Pragmatic and Musically Pleasing Production System for Sonic Events, Tenth International Conference on Information Visualisation (IV'06), 630-635. • DUNCAN, D.E., 2005. Implanting Hope, Technology Review: MIT’s Magazine of Innovation, March 2005. • HAYNES, JD. et al 2007. Reading hidden intentions in the human brain, Current Biology. 20;17(4), 323-8. • KAYE, J., 2004. Making scents: aromatic output for HCI, Interactions of the ACM, 10 (1), 48-61. • MUNRO, K., 2006. Biometrics: attack of the clones. Infosecurity Today, January/February 2006. Elsevier, (Ed) Brian McKenna. ISSN: 1742-6847. • RENAUD, K., AND DE ANGELI, A., 2004. My password is here! An investigation into visuo-spatial authentication mechanisms, Interacting with Computers, 16, 1017–1041.
Thank you for listening • Any questions?