d ej a vu a user study using images for authentication
Skip this Video
Download Presentation
D´ej`a Vu: A User Study Using Images for Authentication

Loading in 2 Seconds...

play fullscreen
1 / 14

D´ej`a Vu: A User Study Using Images for Authentication - PowerPoint PPT Presentation

  • Uploaded on

D´ej`a Vu: A User Study Using Images for Authentication. Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎. Outline. Introdution Password-Based Authentication D´ej`a Vu System Architecture Sample Applications User Study Conclution. Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'D´ej`a Vu: A User Study Using Images for Authentication' - moesha

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
d ej a vu a user study using images for authentication

D´ej`a Vu: A User StudyUsing Images for Authentication

Rachna Dhamija,Adrian PerrigSIMS / CS, University of California Berkeley


  • Introdution
  • Password-Based Authentication
  • D´ej`a Vu
  • System Architecture
  • Sample Applications
  • User Study
  • Conclution
  • User authentication is a central component of currently deployed security infrastructure.
    • Knowledge-based
    • Token-based
    • Biometrics
  • Human’s vast memory for picture.
  • Recognition-based authentication in D´ej`a Vu system.
shortcomings of password based authentication
Shortcomings of Password-Based Authentication
  • Relies on precise recall of the secret information.
  • Security problem
    • 15% users picked passwords shorter or equal to three characters.
    • 85% passwords can be easily broken by using dictionary.
    • Users often employ similar passwords for different purposes.
  • Current Solutions
    • Aim to identify weak passwords.
    • Establish rules to guide user to follow.
d ej a vu
D´ej`a Vu
  • Three requirements
    • Not rely on precise recall.
    • Prevent users from choosing weak passwords.
    • Difficult to write passwords down or share to others.
  • System Architecture
    • Based on the observation that people have an excellent memory for images.
    • Three phases:
      • Portfolio Creation Phase
      • Training Phase
      • Authentication Phase
portfolio creation phase
Portfolio Creation Phase
  • System based on photographs or random art.
  • Not store images pixel-by-pixel in random art.
training and authentication phase
Training and Authentication Phase
  • Training phase
    • To improve the memorability of the portfolio images.
    • Need to occur in a secure environment.
  • Authentication phase
    • Server only needs to store the seed.
    • If user correctly identifies all portfolio images from challenges set (portfolio and decoy images), then she authenticated.
    • Portfolio can be to split among multiple servers to increase security.
attacks and countermeasures
Attacks and Countermeasures
  • Brute-force attack
    • Challenge set consisting of n images.
    • Portfolio consisting of m images.
    • Probability
  • Educated Guess Attack
    • Random art makes it hard to predict.
    • Hand select images to ensure that no weak images are used.
attacks and countermeasures1
Attacks and Countermeasures
  • Observer Attack
    • The position of the portfolio images with in the challenge set is randomized.
    • The method for the image selection is hidden.
    • The portfolio images can be slightly changed in each authentication.
  • Intersection Attack
    • Use same challenge set
    • Split up into multiple stages
    • Tighten the bound on un successful logins before the account is blocked
sample applications
Sample Applications
  • Customer Authentication at ATM
    • Avoiding write PIN on the ATM card.
    • Portfolio selection and training can be don in a secure environment at the bank.
    • A one-time PIN to bootstrap the system.
  • Web Authentication
    • Users often use the same username and password for the different purpose
    • Users often forget their passwords
    • D´ej`a Vu is well suited, because the recovery rate is lower than using passwords.
user study
User Study
  • Task Completion Time and Error Rate.
  • This system has the advantage that the authentication task is more reliable, easier and fun to use.
  • Prevent users from choosing weak passwords and write passwords down.
  • Has potential applications ,especially where text input is hare like PDAs or ATMs.
  • The authentication schemes take advantage of innate human abilities.
random art
Random Art
  • A proposed hash visualization algorithm.
  • The basic idea is to use a binary string s as a seed for a random number generator.
  • Random Art is an algorithm such that given a bit-string as input, it will generate a function F:[-1,1]2->[-1,1]3,which defines an image.
  • F maps each pixel (x,y) to a RGB value (r,g,b) which is a triple of intensities for the red, green and blue values, respectively.