user authentication
Download
Skip this Video
Download Presentation
User Authentication

Loading in 2 Seconds...

play fullscreen
1 / 16

User Authentication - PowerPoint PPT Presentation


  • 124 Views
  • Uploaded on

User Authentication. Image Recognition in. Rachna Dhamija Human Centered Computing Course December 6, 1999. Problem. Security systems human factors? Passwords multiple long strings. A solution. Replace text w/ images? Replace recall w/ recognition Portfolio

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'User Authentication' - upton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
user authentication

User Authentication

  • Image Recognition in

Rachna DhamijaHuman Centered Computing CourseDecember 6, 1999

problem
Problem
  • Security systems
    • human factors?
  • Passwords
    • multiple long strings
a solution
A solution
  • Replace text w/ images?
  • Replace recall w/ recognition
  • Portfolio
  • “Random Art” & Real Images
visual memory
Visual Memory
  • “Vast, almost limitless memory” for pictures [Haber]
  • Recognition
    • Fraction of a sec to remember & recognize [Intraub, Pavio & Codes]
    • 2560 photos for few seconds  90 % recognition rate [Standing, Conezio & Haber]
    • 10,000 photos  2 days, 66% recognized [Standing]
  • Recall
    • recall semantics or sketch
    • “pictures are not only recognized better but are also recalled better than words” [Standing]
task analysis
Task Analysis
  • Target population = general computer users
    • novice/expert users
    • few passwords/multiple passwords
  • 10 (+20) people interviewed about behavior
    • 10 – 40+ instances vs. 1-7 actual passwords
    • names, phone numbers, fav movies, ~6 char
    • tools: majority wrote them down, 2 PIM
    • minimum effort, never change them
    • ability to share is a feature
    • people hate passwords
    • but prefer them to alternatives
slide6

Security: Brute ForceAttack

4 Digit PIN = 5 out of 20 images

6 char password = 10 out of 55

BUT most passwords require < brute force!

security analysis cont
Security Analysis (cont)
  • Benefits
    • Images easier to remember
      • less errors
      • change more frequently
      • good for infrequently used passwords?
    • Images esp Random Art is hard to describe
  • Vulnerabilities
    • “shoulder surfing” attack
    • “intersection” attack
lo fi prototype
Lo-fi Prototype
  • Task: create portfolio & login
  • People can remember images! (4-10)
  • Photos/art – 50/50 preference & time
  • Wanted to view portfolio during creation
  • Must be simple and fast (no click through screens)
  • Horizontal layout for quick scanning
experiment design
Create 4 “passwords”

PIN (4 digits)

Password (6 char.)

Art portfolio (5/100)

Photo portfolio (5/100)

Login

PIN

Password

Art (5/25)

Photo (5/25)

Experiment Design
  • Task order- 50% did Art first
  • Image order
  • Repeat login after 1 week!
test measures
Test Measures

Does not include uncompleted tasks

sev1: minorsev2: major, recoverablesev3: major, unrecoverable

No unrecoverable errors made with portfolios

more results
More Results
  • Comfort Level
      • Create portfolio - @#$%
      • Login portfolio - wow
  • Text vs. images
      • Passwords/PINS faster to create/logon
      • Photos easier to remember than PINS (short term)
  • Art vs. photos
      • Photos easier to remember, schemes, more personal
      • People chose similar photos, but not art
  • Interface issues
      • Scrolling is bad, one screen, thumbnails, single-click
      • Lack of feedback
        • # picked so far, which picked??
        • how to give feedback securely?
slide14

Changes to next version

show # selected

1 image selected

hide selected images

smaller images

conclusions
Conclusions
  • Potential for use
    • where text input is hard, limited observation (e.g., ATM, PDA)
    • infrequent, high availability passwords
  • Future Directions
    • Self created images
      • authenticate: recreate or recognize
  • Random Art + Text
  • Sharing & collaboration
  • Other human abilities?
references
References
  • Houston JP. Fundamentals of learning and memory. 4th ed. Florida: Harcourt Brace Jovanovich; 1991.
  • Ralph Norman Haber. How we remember what we see. Scientific American, 222(5):104-112, May 1970.
  • Lionel Standing. Learning 10,000 pictures. Quarterly Journal of Experimental Psychology, 25:207-222, 1973.
  • Lionel Standing, Jerry Conezio, and Ralph Norman Haber. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, 19(2):73-74, 1970.
  • Helene Intraub. Presentation rate and the representation of briefly glimpsed pictures in memory. Journal of Experimental Psychology: Human Learning and Memory, 6(1):1-12, 1980.
  • Hash Visualization: A New Technique to Improve Real-World Security, Adrian Perrig and Dawn Song, in Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CryTEC \'99)
ad