1 / 27

Internet Authentication Based on Personal History – A Feasibility Test

Internet Authentication Based on Personal History – A Feasibility Test. Ann Nosseir , Richard Connor, Mark Dunlop University of Strathclyde Computer and Information Sciences FirstName.SecondName@cis.strath.ac.uk. Goal of the Study.

licia
Download Presentation

Internet Authentication Based on Personal History – A Feasibility Test

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir , Richard Connor, Mark Dunlop University of Strathclyde Computer and Information Sciences FirstName.SecondName@cis.strath.ac.uk

  2. Goal of the Study Is to assess the feasibility of distinguishing the two groups Person & Impostor

  3. Introduction • On the Internet, there is an uneasy tension between the security and usability of authentication mechanisms

  4. How we are authenticated? Authentication Scheme Stajano, 2002. three-part classification is • "something you know" (e.g. password); • "something you hold" (e.g. device holding digital certificate), • "who you are" (e.g. biometric assessment) Each of these has well-known problems; passwords are written down, guessable, or forgotten; devices are lost or stolen, and biometric assays alienate users.

  5. Context Human Mobility e.g. internet coffee Authentication Characteristics • Mobile • Lightweight • Low in cost "something you know"

  6. Passwords are not without Human Problems Yan and his colleagues 2004 in Cambridge University Computer Laboratory • There are trade offs between good non-guessable passwords and the limitations of the human memory. • It is hard for users to remember random passwords, but others are guessable; although passwords provide users with mobility, they can be stolen,guessed, or cracked.

  7. Our Solution Light weight Memorable Low in cost Mobile

  8. Electronic Personal History. 1.The personal history.it is not given. 2.It has a characteristic that it is very large so nobody can remember except the person him self. But what are good authentication questions?

  9. Solutions “Related Work” Question Based Facts and Opinion • Cognitive Passwords –Question BasedZviran 1990 • Challenge Response QuestionsCartwright 2004 Recognition-Based, rather than Recall-Based Opinion • Image PortfoliosDhamija and Perring 2002 • Passfaces Brostoff and Sasse 2000

  10. Question Based-Model

  11. Two Pilot Studies Population in both experiments includes the people who have and use electronic calendar either in palm format or Microsoft format Experiment One a. Sample size (Six calendar data of the staff) b. No. of Questions (5) Randomly selected c. Kind of questions (true/ false)

  12. First Experiment Results Surprising results 1.The person can’t remember his calendar 2.Others scored better that the person him self in a few questions.

  13. Sensitivity and Specificity

  14. Human Memory • Long-term memory is divided into episodic, procedural and semantic memory. In our research, we have focused on the long-term memory and in particular the episodic memory which some researchers define it asautobiographical memory. Baddeley, A. 1997

  15. Parameter (Human Memory) Psychology Parameters • Recent • Repetitive • Pleasant Experiments Parameters • Easy • Difficult

  16. Second Experiment a. Sample size (9 calendar data of the staff) b. No. of Questions (8) c. Kind of questions (6 true/ false) (Recent, Repetitive, Pleasant) & (2 Multiple Choice) for each (Easy and Difficult)

  17. Sensitivity and Specificity

  18. Sensitivity and Specificity

  19. ROC Curve Q1 Pleasant Easy Q2 Pleasant Difficult Q3 Recent Easy, Q4 Recent Difficult Q5 Repeat Easy Q6 Repeated Difficult, Q7 Multiple-Choice Q8 Multiple Choice

  20. Conclusions • The pilot study showed feasibility of this novel idea. • Surprising results that person can’t remember his calendar • The recent, repetitive, pleasant question types are better remembered and these types need further investigations in a bigger experiment. • In the reality, information will not be shared usually population is random people which gives the idea more creditability.

  21. Future Work • Implementation Model • Additional Information

  22. Mitchell, 2004 summarized authentication stages for SSO or certificate intotwo major : the initial authentication stage authentication at instant time stage Trusted Third Party (TTP)

  23. TTP

  24. Electronic Personal History Question Based-Model e.g. pay-pal on e-bay Question /Answer Authentication

  25. Future Work

  26. Future Work • The research can go further and use other electronic data such as data stored on mobile phone (E911) legislation, GPS, PC, government or organizations database and, in the future with the smart environment application, there will a huge amount of stored electronic personal data. This large bulk of information can provide better security and, at the same time, will provide users with mobility because it is memorable. • more investigation is required to gain more confidence in the results

  27. Thank you

More Related