Use Your Illusion: Secure Authentication Usable Anywhere

Slides:



Advertisements
Similar presentations
ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
Advertisements

© 2011 Delmar, Cengage Learning Chapter 13 Preparing Graphics for the Web.
Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.
Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.
Evaluation IMD07101: Introduction to Human Computer Interaction Brian Davison 2010/11.
IP10 Monday, January 13 th Using the Blurring Effect.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
1 Authentication and access control overview. 2 Outline Definitions Authentication Factors Evaluation Examples  Focus on password problems and alternatives.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
Usability Evaluation June 8, Why do we need to do usability evaluation?
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.
Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (Short Paper) FC 2010 Toni Perković joint work with Mario Čagalj and Nitesh Saxena.
Step 1: Click Flyers while in Microsoft Publisher.
Chapter 13 Preparing Graphics for the Web. Creating Slices When you create graphics for the web, you will need to pay attention to different considerations.
Chapter 2 The Design and Problem-Solving Process.
3D Password.
Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.
DISCOVERING YOURSELF What if… Why How What Chapter 1
Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0
Word Problems and Approach
Investigating System Requirements
Using Wikis to Facilitate Collaborative Research Projects
Properties of water paper PowerPoint presentation
Self-Reports (non-experimental)
Towards Human Computable Passwords
Authentication Schemes for Session Passwords using Color and Images
The McEachern Project Mitchells Current Issues Class
Annual Evaluation (TFI 1.15 )
3.6 Fundamentals of cyber security
Session 7: Face Detection (cont.)
WEL-COME WEL-COME Roadrunner Tech Support Phone Number Roadrunner Tech Support Phone Number
Teacher Resource Idea - Paul
C ODEBREAKER Class discussion.
PROBLEM SOLVING CHECKLIST
Introducing Evaluation
Team member1 Team member2 Team member3 Team member4 November 2018
Portfolio Submission 2018 Name………………………………………………………………………
Two-Digit Addition and Subtraction
Facinghistory.org.
The Elements of Design: Shape and Line
Add some WordArt to your cover slide
Toward a Reliable Evaluation of Mixed-Initiative Systems
Project-based Learning and Learner Autonomy
MATERIALS NEEDED FOR THE PRESENTATION
Creating Images for the Web
Chapter 23 Deciding how to collect data
Engineering Design/Presentation
Clinical Research: Part 2 Quasi-Experiments
Team # Member1, Member2 Assistant
Paul Kawachi e-Learning http : / / www . open - ed . net Home
Google in YOUR Classroom
Research Methods Designing a research project: Getting started.
All About Me By: John Q. Student
Registry Design Pattern
UMS Lean Continuous Improvement
Title Random Slide Show Menu
The Book Thief Research PowerPoint Template & Instructions
Starter: 1. Suggest two more pieces of observational data that could be collected by the psychologist, one qualitative and one quantitative.    2. One.
<Application Name>
Cognitive Walkthrough
The Elements of Design: Shape and Line
Step 1: Choose your Level
Presentation transcript:

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan The reason why the title is cognitive process

Key Concept: Distortion Distorted Picture Original Picture Ask You can recognize a baby now because you know the original picture

Use Your Illusion

Graphical Authentication Passfaces Pass Points DAS (Draw-A-Secret) Déjà vu

Passfaces Faces are used as a graphical portfolio Preference could be a limitation bias Cited from “On User Choice in Graphical Password Schemes”, Darren Daivis et. al, 2004

Pass Points Use “a sequence of clicks” as a shared secret There are hot spots color Cited from “Authentication Usin Graphical Passwords: Basic Results”, Susan Wiednbeck et. al, 2004

Most Straightforward Way Choose graphical portfolio from a set of pictures

Graphical Portfolio If a user can choose whatever graphical portfolio… If system assigns portfolio randomly…

Fundamental Tradeoff Security Memorability

“Use Your Illusion” Allow users to take/choose pictures by themselves Distort the pictures Assign the distorted pictures as graphical portfolio

“Use Your Illusion” Security Memorability Allow users to take/choose pictures by themselves Distort the pictures Assign the Distorted pictures as graphical token Security Memorability

Requirements for Distortion One-way Discarding precise shapes and colors Preserving rough shapes and colors

Oil Painting Filter Choose RGB values which appears most frequently in a neighborhood

Oil Painting Filter

Distortion Level If high, difficult to guess but difficult to memorize If low, easy to memorize but easy to guess Brush size and bins are mathematical parameter

Distortion Level Security Memorability Two parameters affect distortion level If too high, not usable If too low, not secure Security Brush size and bins are mathematical parameter Memorability

Low-Fidelity Test Least distorted color Most distorted

Low-Fidelity Test animation

Low-Fidelity Test animation

Low-Fidelity Test animation

Low-Fidelity Test animation

Low-Fidelity Test animation

Low-Fidelity Test It’s a dog!! animation

Low-Fidelity Test Difficult to guess w/o knowing original picture

Low-Fidelity Test Can’t recognize a dog

Low-Fidelity Test Easy to recognize w/ knowing original picture

Low-Fidelity Test Satisfies requirements

Prototype Implemented on Nokia’s cell-phone for usability test Also implemented on the web

Prototype Demo

Usability Test 45 participants and for 1 week 54 participants and for 4 weeks

1st Usability Test 45 participants were divided into 3 groups Self-selected, Non-distorted Self-selected, distorted (Use Your Illusion) Imposed, highly-distorted

Self-selected, Non-distorted

Self-selected, Distorted

Imposed, Highly-distorted State simply

Procedure Date Task Before the 1st day Take 3 pictures The 1st day Memorize portfolio Practice Authenticate 2 days after 1 week after Fill out questionnaires

Success Rate The 1st day 2 days after 1 week after 100% (15) 93.3% Self-selected, Non-distorted 100% (15) Distorted Imposed, Highly-distorted 93.3% (14) 73.3% (11)

Authentication Time (Mean) Imposed, Highly-distorted Self-selected, Distorted Self-selected, Non-distorted

Process of Memorization Participants assign meanings to distorted pictures Assigning meanings helps memorization Mountain Sea Moai statue

2nd Usability Test 54 participants were divided into 3 groups Self-selected, Non-distorted Self-selected, Distorted Imposed, Distorted Authenticate On the 1st day 2 days after 1 week after 4 weeks after Done in Japan Minolity between

Imposed, Distorted

Success Rate The 1st day 2 days after 1 week after 4 weeks after 100% Self-selected, Non-distorted 100% (18) Distorted Imposed, 89% (16) 94% (17)

Authentication Time (Mean) Imposed, Distorted Self-selected, Distorted Later, I will think about this slide more. Self-selected, Non-distorted

Tolerance against Guessing Attack Original pictures are vulnerable Distorted pictures are more tolerant Define guessing attack Attacker is very good at getting information about a user Preference

Future Work Detailed usability test Long term test Find an optimal distortion Investigate a metric evaluating distortion level

Use Your Illusion Use distorted pictures as a portfolio As memorable as non-distorted pictures More memorable than imposed (highly-) distorted pictures Fits human memorization process More tolerant to guessing attack photo

Thank you for listening Prototype is available on http://arima.okoze.net/illusion/ Please try it! URL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.