ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

Slides:

Advertisements

Similar presentations

Collecting data Chapter 6. What is data? Data is raw facts and figures. In order to process data it has to be collected. The method of collecting data.

Advertisements

Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Lecture 6 User Authentication (cont)

What is a CAT?. Introduction COMPUTER ADAPTIVE TEST + performance task.

LAYOUT OF PAGE ELEMENTS September 28 th, PATTERNS Common ways to use the Layout Elements of Visual Hierarchy, Visual Flow, Grouping and Alignment,

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.

Component-specific usability testing Dr Willem-Paul Brinkman Lecturer Department of Information Systems and Computing Brunel University

George Turner Effectiveness of Biometric Security CS591 Semester Project

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Biometric Daily Time Record

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Biometrics Kyle O'Meara April 14, Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.

B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.

Restricted © Siemens AG 2013 All rights reserved.siemens.com/answers Multifactor Iris Recognition Biometric Reader.

Heuristic Evaluation “Discount” Usability Testing Adapted from material by Marti Hearst, Loren Terveen.

E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.

Multiple Password Interference in text Passwords and click based Graphical Passwords by Sonia Chiasson, Alian Forget, Elizabeth Stobert, PC van Oorschot.

3D password Umesh ECE.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Biometrics Stephen Schmidt Brian Miller Devin Reid.

Identification and Biometrics By Jay Eichler. Introduction What is biometrics? What is biometrics? Types of biometrics Types of biometrics Controversy.

User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител

Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.

Biometrics and Retina Scan Technology Lum OSMANI Alex CHERVENKOV Course: Information Security April 2008.

Power Point Project Michael Bennett CST 105Y01 ONLINE Course Editor-Paulette Gannett.

Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.

Biometric Technologies

Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson.

Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.

Final Year Project Vision based biometric authentication system By Padraic ó hIarnain.

By Diana Liwanag. Overview The problem What are biometrics? –What are the different types? Short video of a system with a fingerprinting device. Identifying.

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

Biometric Devices Biometric devices use secure identification and authentication in order for someone to use the device. These devices use automated.

Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (Short Paper) FC 2010 Toni Perković joint work with Mario Čagalj and Nitesh Saxena.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

Physical security By Ola Abd el-latif Abbass Hassan.

Unit 32 – Networked Systems Security

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.

Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC /19/2008.

Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."

Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.

An Introduction to Biometrics

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Authentication Schemes for Session Passwords using Color and Images

QlikView Connector for Informatica Powercenter An Introduction

Security Engineering.

Blockchain Helpline Number

Use Your Illusion: Secure Authentication Usable Anywhere

Dynamic Authentication of Typing Patterns

What’s New in EMUI 9.0.

Authentication Software with Intelligence

From Passwords to Public keys Chapter 4 ~ Chapter 6

Password Awareness.

Getting Started With LastPass Enterprise

Presentation transcript:

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith

ByPass Introduction User study to examine the entropy of the traditional Android authentication system Determine the security, usability, and memorability of the current grid versus more complex layouts Develop an authentication system to have stronger and more advanced unlock patterns

Experiment Goals Security Entropy: greater than the existing 3 x 3 grid Hot spots: all spots are equally likely to be used Usability Fast and easy to use without too many mistakes Use as the primary authentication Memorability Cognitive load should be minimal Easier to remember than other authentication models

Research Questions What is the optimal grid layout? What is a strong pattern password? How can we nudge users into creating stronger pattern passwords?

Additional Research Questions Are there any hot spots or common patterns that impact the entropy of the system? Is the Android pattern based authentication memorable over time? Do the situations surrounding the lockscreen balance the complexity of the patterns and usability? Does complexity increase the overall security without too much additional cost? What is the average length of the patterns? Can users be nudged to design better patterns?

Current Authentication Status PINs and text-based passwords Impractical, difficult to enter quickly, accurately Biometric, facial recognition, fingerprint scans Some can be easily replicable Simple swipe-to-unlock patterns Vulnerable to smudge attacks

Experiment Procedure First Section: Participants create patterns on the traditional Android 3 x 3 grid Participants create patterns on a 3 x 3 grid with triangles pointing in different directions Second Section: Participants create patterns on a pentagonal grid Participants create patterns on a pentagonal grid with triangles pointing in different directions Participants use the ByPass authentication app for 3 weeks, logging in once daily Two pattern password sets per section: priming in the scenarios for creating a bank password versus creating a phone-unlock password

Post-Study Questions How does the entropy change from the traditional Android authentication to the entropy from ByPass’s authentication system? Are the projected increases in complexity resistant to potential declining usability and memorability? How did the users perceive security in the scope of this authentication app? Surveys administered to address the following: Uniqueness, general security, memorability, ease of entry, length or number of connected nodes

Questions?