User authentication
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

User Authentication PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on
  • Presentation posted in: General

User Authentication. Image Recognition in. Rachna Dhamija Human Centered Computing Course December 6, 1999. Problem. Security systems human factors? Passwords multiple long strings. A solution. Replace text w/ images? Replace recall w/ recognition Portfolio

Download Presentation

User Authentication

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


User authentication

User Authentication

  • Image Recognition in

Rachna DhamijaHuman Centered Computing CourseDecember 6, 1999


Problem

Problem

  • Security systems

    • human factors?

  • Passwords

    • multiple long strings


A solution

A solution

  • Replace text w/ images?

  • Replace recall w/ recognition

  • Portfolio

  • “Random Art” & Real Images


Visual memory

Visual Memory

  • “Vast, almost limitless memory” for pictures [Haber]

  • Recognition

    • Fraction of a sec to remember & recognize [Intraub, Pavio & Codes]

    • 2560 photos for few seconds  90 % recognition rate [Standing, Conezio & Haber]

    • 10,000 photos  2 days, 66% recognized [Standing]

  • Recall

    • recall semantics or sketch

    • “pictures are not only recognized better but are also recalled better than words” [Standing]


Task analysis

Task Analysis

  • Target population = general computer users

    • novice/expert users

    • few passwords/multiple passwords

  • 10 (+20) people interviewed about behavior

    • 10 – 40+ instances vs. 1-7 actual passwords

    • names, phone numbers, fav movies, ~6 char

    • tools: majority wrote them down, 2 PIM

    • minimum effort, never change them

    • ability to share is a feature

    • people hate passwords

    • but prefer them to alternatives


User authentication

Security: Brute ForceAttack

4 Digit PIN = 5 out of 20 images

6 char password = 10 out of 55

BUT most passwords require < brute force!


Security analysis cont

Security Analysis (cont)

  • Benefits

    • Images easier to remember

      • less errors

      • change more frequently

      • good for infrequently used passwords?

    • Images esp Random Art is hard to describe

  • Vulnerabilities

    • “shoulder surfing” attack

    • “intersection” attack


Lo fi prototype

Lo-fi Prototype

  • Task: create portfolio & login

  • People can remember images! (4-10)

  • Photos/art – 50/50 preference & time

  • Wanted to view portfolio during creation

  • Must be simple and fast (no click through screens)

  • Horizontal layout for quick scanning


Experiment design

Create 4 “passwords”

PIN (4 digits)

Password (6 char.)

Art portfolio (5/100)

Photo portfolio (5/100)

Login

PIN

Password

Art (5/25)

Photo (5/25)

Experiment Design

  • Task order- 50% did Art first

  • Image order

  • Repeat login after 1 week!


Test measures

Test Measures

Does not include uncompleted tasks

sev1: minorsev2: major, recoverablesev3: major, unrecoverable

No unrecoverable errors made with portfolios


More results

More Results

  • Comfort Level

    • Create portfolio - @#$%

    • Login portfolio - wow

  • Text vs. images

    • Passwords/PINS faster to create/logon

    • Photos easier to remember than PINS (short term)

  • Art vs. photos

    • Photos easier to remember, schemes, more personal

    • People chose similar photos, but not art

  • Interface issues

    • Scrolling is bad, one screen, thumbnails, single-click

    • Lack of feedback

      • # picked so far, which picked??

      • how to give feedback securely?


  • User authentication

    Changes to next version

    show # selected

    1 image selected

    hide selected images

    smaller images


    Conclusions

    Conclusions

    • Potential for use

      • where text input is hard, limited observation (e.g., ATM, PDA)

      • infrequent, high availability passwords

    • Future Directions

      • Self created images

        • authenticate: recreate or recognize

    • Random Art + Text

    • Sharing & collaboration

    • Other human abilities?


    References

    References

    • Houston JP. Fundamentals of learning and memory. 4th ed. Florida: Harcourt Brace Jovanovich; 1991.

    • Ralph Norman Haber. How we remember what we see. Scientific American, 222(5):104-112, May 1970.

    • Lionel Standing. Learning 10,000 pictures. Quarterly Journal of Experimental Psychology, 25:207-222, 1973.

    • Lionel Standing, Jerry Conezio, and Ralph Norman Haber. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, 19(2):73-74, 1970.

    • Helene Intraub. Presentation rate and the representation of briefly glimpsed pictures in memory. Journal of Experimental Psychology: Human Learning and Memory, 6(1):1-12, 1980.

    • Hash Visualization: A New Technique to Improve Real-World Security, Adrian Perrig and Dawn Song, in Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CryTEC '99)


  • Login