Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.

Slides:



Advertisements
Similar presentations
ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
Advertisements

© 2011 Delmar, Cengage Learning Chapter 13 Preparing Graphics for the Web.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3d ..
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.
Authentication. Definitions Identification - a claim about identity Identification - a claim about identity –Who or what I am (global or local) Authentication.
Part 4: Evaluation Chapter 20: Why evaluate? Chapter 21: Deciding on what to evaluate: the strategy Chapter 22: Planning who, what, where, and when Chapter.
Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Introduction to Alice Basics : What is Alice? Object Oriented Definitions What Does it Look Like? Where Can I Use it?
Human Computable Passwords
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Visualization and graphics research group CIPIC January 21, 2003Multiresolution (ECS 289L) - Winter Surface Simplification Using Quadric Error Metrics.
Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!
Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.
Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and.
E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,
Password Management PA Turnpike Commission
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
1 Authentication and access control overview. 2 Outline Definitions Authentication Factors Evaluation Examples  Focus on password problems and alternatives.
Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 1 Local Authentication for mobile devices Andreas Heiner.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.
Lecture 11: Strong Passwords
IMAGINATION: A Robust Image-based CAPTCHA Generation System Ritendra Datta, Jia Li, and James Z. Wang The Pennsylvania State University – University Park.
Visual Authentication Mechanisms. Rationale “Human memory for images is better than for words” Human memory for faces in particular is extremely good.
Jacobsen, D. M. EDER Computer Based Learning II Jan 17 – 2 nd Seminar Web Portfolio Course Project Discussion / Collaboration / Lab 40% 60%
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.
Prototyping What prototyping is The benefits of prototyping Low-fidelity and high-fidelity prototypes, and the advantages of each How to build paper prototypes.
P rofessional D evelopment P ortfolio An Introduction to the.
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID Daniel Smith.
Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
SEC835 Security in Databases and Web applications Presentation.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Authentication and access control.
Chapter 27 Variations and more complex evaluations.
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (Short Paper) FC 2010 Toni Perković joint work with Mario Čagalj and Nitesh Saxena.
Breaking Undercover: Exploiting Design Flaws and
For this course please make your website address your first initial, last name. If this is unavailable, try your first initial, middle initial, last name.
Chapter 13 Preparing Graphics for the Web. Creating Slices When you create graphics for the web, you will need to pay attention to different considerations.
Introduction Authentication Schemes Functionalities Required 3D Password selection and Input Virtual Environment Design Guidelines Applications Security.
Homework #2 J. H. Wang Oct. 31, 2012.
Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,
AP 2D Design Portfolio Breadth #4
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
CAPTCHA AS GRAPHICAL PASSWORDS—A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS ASHWINI B.
3D Password.
PASSWORD tYPOS and How to Correct Them Securely R. Chatterjee, A. Athalye, D. Akhawe, A. Juels, T. Ristenpart To typo is human; to tolerate, divine.
Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.
SANDEEP MEHTA (ECE, IV Year). CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel.
Cultural Aspects of Authentication Ron Poet. Graphical Passwords  Use image rather than text.  A picture is worth 1000 words.  Complex image easier.
Towards Human Computable Passwords
Authentication Schemes for Session Passwords using Color and Images
3.6 Fundamentals of cyber security
Registration of Arcot Soft Token in Client Connection
PRESENTATION FOR WEB LOGIN
Use Your Illusion: Secure Authentication Usable Anywhere
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
REU Summer Research in Computer Security
Team # Member1, Member2 Assistant
Cognitive Walkthrough
Step 1: Choose your Level
Presentation transcript:

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan

Key Concept: Distortion You can recognize a baby now because you know the original picture Distorted PictureOriginal Picture

Use Your Illusion

Graphical Authentication Passfaces Pass Points DAS (Draw-A-Secret) Déjà vu

Passfaces Faces are used as a graphical portfolio Preference could be a limitation Cited from “ On User Choice in Graphical Password Schemes ”, Darren Daivis et. al, 2004

Pass Points Use “a sequence of clicks” as a shared secret There are hot spots Cited from “ Authentication Usin Graphical Passwords: Basic Results ”, Susan Wiednbeck et. al, 2004

Most Straightforward Way Choose graphical portfolio from a set of pictures

Graphical Portfolio If a user can choose whatever graphical portfolio… If system assigns portfolio randomly…

Fundamental Tradeoff Security Memorability

“ Use Your Illusion ” 1.Allow users to take/choose pictures by themselves 2.Distort the pictures 3.Assign the distorted pictures as graphical portfolio

“ Use Your Illusion ” 1.Allow users to take/choose pictures by themselves 2.Distort the pictures 3.Assign the Distorted pictures as graphical token Security Memorability

Requirements for Distortion One-way Discarding precise shapes and colors Preserving rough shapes and colors

Oil Painting Filter Choose RGB values which appears most frequently in a neighborhood

Oil Painting Filter

Distortion Level If high, difficult to guess but difficult to memorize If low, easy to memorize but easy to guess

Distortion Level Two parameters affect distortion level –If too high, not usable –If too low, not secure Security Memorability

Low-Fidelity Test Most distorted Least distorted

Low-Fidelity Test

It’s a dog!!

Low-Fidelity Test Difficult to guess w/o knowing original picture

Low-Fidelity Test Can’t recognize a dog

Low-Fidelity Test Easy to recognize w/ knowing original picture

Low-Fidelity Test Satisfies requirements

Prototype Implemented on Nokia’s cell-phone for usability test Also implemented on the web

Prototype Demo

Usability Test 45 participants and for 1 week 54 participants and for 4 weeks

1 st Usability Test 45 participants were divided into 3 groups –Self-selected, Non-distorted –Self-selected, distorted (Use Your Illusion) –Imposed, highly-distorted

Self-selected, Non-distorted

Self-selected, Distorted

Imposed, Highly-distorted

Procedure DateTask Before the 1st dayTake 3 pictures The 1st dayMemorize portfolio Practice Authenticate 2 days afterAuthenticate 1 week afterAuthenticate Fill out questionnaires

Success Rate The 1 st day 2 days after 1 week after Self-selected, Non-distorted 100% (15) 100% (15) 100% (15) Self-selected, Distorted 100% (15) 100% (15) 100% (15) Imposed, Highly-distorted 93.3% (14) 73.3% (11) 73.3% (11)

Authentication Time (Mean) Imposed, Highly-distorted Self-selected, Distorted Self-selected, Non-distorted

Process of Memorization Participants assign meanings to distorted pictures Assigning meanings helps memorization MountainSeaMoai statue

2 nd Usability Test 54 participants were divided into 3 groups –Self-selected, Non-distorted –Self-selected, Distorted –Imposed, Distorted Authenticate –On the 1 st day –2 days after –1 week after –4 weeks after

Imposed, Distorted

Success Rate The 1 st day 2 days after 1 week after 4 weeks after Self-selected, Non-distorted 100% (18) 100% (18) 100% (18) 100% (18) Self-selected, Distorted 100% (18) 100% (18) 100% (18) 100% (18) Imposed, Distorted 100% (18) 89% (16) 94% (17) 89% (16)

Authentication Time (Mean) Imposed, Distorted Self-selected, Distorted Self-selected, Non-distorted

Tolerance against Guessing Attack Original pictures are vulnerable Distorted pictures are more tolerant

Future Work Detailed usability test Long term test Find an optimal distortion Investigate a metric evaluating distortion level

Use Your Illusion Use distorted pictures as a portfolio As memorable as non-distorted pictures More memorable than imposed (highly-) distorted pictures Fits human memorization process More tolerant to guessing attack

Thank you for listening Prototype is available on Please try it!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.