Security and Usability of Password Based User Authentication Systems Hatim Alsuwat Sami Alsuwat.

Slides:

Advertisements

Similar presentations

Hands-On-Line Conclusion. Question 1 Which class would you choose? Explain why. Face-to-Face because I generally like to interact with other people.

Advertisements

Human Computer Interaction Research in the MIS Discipline Diane M. Strong Worcester Polytechnic Institute HCI Panel, AMCIS 2002.

Operating Systems Operating Systems - Winter 2009 Chapter 3 – Input/Output Vrije Universiteit Amsterdam.

What is Software Design?. Systems Development Life- Cycle Planning Analysis Design Implementation Design.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Password?. Project CLASP: Common Login and Access rights across Services Plan

1 PUNCH PUNCH (Purdue University Network Computing Hubs) is a distributed network-computing infrastructure that allows geographically dispersed users to.

Software Engineering II - Topic: Software Process Metrics and Project Metrics Instructor: Dr. Jerry Gao San Jose State University

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer 2003.

IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2004.

Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Dealing with NFRs Vahid Jalali Amirkabir university of technology, Department of computer engineering and information technology, Intelligent systems laboratory,

Large-Scale Cost-sensitive Online Social Network Profile Linkage.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

SEC835 Database and Web application security Information Security Architecture.

User Modeling 1 Lecture # 7 Gabriel Spitz. Objective of Lecture Why model the user How do we build a user profile How to utilize the user profile 2 Gabriel.

Business Analysis and Essential Competencies

In the name of God :).

Overview Introduction Registration 21 st Century skills Computer Basics and the Internet Word Processing Multimedia(Powerpoint )

Through the development of advanced middleware, Grid computing has evolved to a mature technology in which scientists and researchers can leverage to gain.

What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.

Password Management Strategies for Online Accounts Shirley Gaw, Edward W. Felten Princeton University.

MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.

Information Systems Security

Lecture 4 Software Metrics

A New Time-Memory-Resource Trade-Off Method for Password Recovery Communications and Intelligence Information Security (ICCIIS), 2010 International Conference.

1 Module 4: Implementing OSPF. 2 Lessons OSPF OSPF Areas and Hierarchical Routing OSPF Operation OSPF Routing Tables Designing an OSPF Network.

Single sign-on Secure password store Mats Byfuglien.

Practical Concurrency Support for Web Service Transactions Proposal for the Degree of Master of Science in Computer Science and Engineering Emad Alsuwat.

User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.

S OUND -P ROOF : U SABLE T WO -F ACTOR A UTHENTICATION B ASED ON A MBIENT S OUND Nikolaos Karapanos, Claudio marforio, Claudio Soriente and Srdjan Capkun.

Paper Evaluation Summary. Aims of the paper Determine whether personal support played a role in the uptake of the internet. Determine if this uptake can.

G53SEC 1 Authentication and Identification Who? What? Where?

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Presented by Sharan Dhanala

Using Computer Technology in Small Business. Role of Information in Small Business Magnitude of Information Technology Magnitude of Information Technology.

Evaluation of Google Coop and Social Bookmarking at the Overseas Development Institute By Paul Matthews and Arne Wunder

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.

Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.

Brainstorm Brainstorming involves bringing a group of people together to generate many different ideas. 9 Communicate Results Design Process 2 Brainstorm.

WP5: Dynamic Analysis Presented by Pierpaolo Degano Dipartimento di Informatica Università di Pisa at the Final review of DEGAS, 6 April 2005.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Assess usability of a Web site’s information architecture: Approximate people’s information-seeking behavior (Monte Carlo simulation) Output quantitative.

Airport Ride Service LCO Project Proposal. AGENDA Operational Concepts System Requirements System and Software Architecture Lifecycle Plan Feasibility.

Human-Computable Passwords Jeremiah Blocki Manuel Blum Anupam Datta Santosh Vempala.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.

Computer Security Course Syllabus 1 Computer Security Lecturer : H.Ben Othmen.

Understanding Security Policies Lesson 3. Objectives.

Computer Technology: Your Need to Know Chapter 1 Slide 1.

SCHOLARSHIPS You wont get scholarships if you don’t apply for them…

Responsive One Page Joomla Template / Themes

Understanding Security Policies

Investigation of Instructions for Password Generation

Online Banking Security

Usable security: Problems

Successful Website Accessibility Testing

CS 522: Human-Computer Interaction Usability and HCI Topics

Human-Computable Passwords

Unit 36: Internet Server Management

Security and Usability of Password Based User Authentication Systems

Presentation transcript:

Security and Usability of Password Based User Authentication Systems Hatim Alsuwat Sami Alsuwat

Overview 2  Nowadays most services and businesses are available through the Internet.  This massive use of computer systems has resulted in two major requirements,  Usability, and  Security of passwords.  Trade-off between security and usability and security

Our Hypothesis 3  It is feasible to define a balanced solution where security and usability of password management are acceptable; thus allowing us to evaluate password security and usability of different systems.

The Proposed Research 4 Task 1: Studying current security and usability approaches and password management, Task 2: representing the relationship between security and usability of password management, and Task 3: evaluating password security with usability of different systems based on task 2. The outcome of this task can be divided into three cases as follow: Case 1: Identify usable, not secure passwords, Case 2: Identify unusable, secure passwords, and Case 3: Identify usable, secure (balanced solution) passwords.

5 Task 1: Studying current security and usability approaches and password management:  Password strength is a function that estimates the average number of attempts an attacker needs to do in order to crack the password correctly based on three factors, which are length, complexity, and unpredictability of a password.

6 Password management vs. security and usability  Weak passwords characteristics  Weak passwords practices  Strong passwords characteristics  Strong passwords practices

7 Password management vs. security and usability  The approach of reusing the same password for different systems.  The problem of is low-trust systems such as online gaming.  If the attackers compromise the user’s password for one account then all other accounts are compromised.

8 Password management vs. security and usability  Another alternative approach of choosing independent passwords for each system.  Strongest security guarantees since if an attacker compromises one of the user’s password for one account then the other accounts are not compromised.  However, there will be negative impact on the usability since most of online profiles are visited infrequently, and therefore, users are more likely to forget those passwords or bypass the security by writing those passwords down.

9 Task 2: Representing the relationship between security and usability of password management

10 Task 3: Evaluating password security with usability of different systems The outcome of this task can be divided into three cases as follow: Case 1: Identify usable, not secure password, Case 2: Identify unusable, secure password, and Case 3: Identify usable, secure (balanced solution) password.

11 Case 1: Identify usable, not secure password,

12 Case 2: Identify unusable, secure password

13 Case 3: Identify usable, secure (balanced solution) password

14 References Andrew Cheung, Terren Chong. (2008). Usability and Security. Vrije Universiteit Amsterdam. Web. Asbjørn Følstad, E. L.-C. (2012). Analysis in Practical Usability Evaluation: A Survey Study. ACM, Gathercole, Susan E. Short-term and Working Memory: A Special Issue of Memory. Hove: Psychology, Print. Hub, M., Capek, J., & Myskova, R. (2011). Relationship between security and usability – authentication case study. International Journal of Computers and Communication, 5(1), 1-8. Jaroslav Zeman, P. T. (2009). The Utilization Of Metrics Usability To Evaluate The Software Quality International Conference on Computer Technology and Development (pp ). IEEE Computer Society. Jeffrey Stylos, S. C. (n.d.). Usability Implications of Requiring Parameters in Objects’ Constructors. Jens Gerken, H.-C. J. (2011). The Concept Maps Method as a Tool to Evaluate the Usability of APIs. ACM, Markotten, U. J. (2000). Usability meets Security - The Identity-Manager as your Personal Security Assistant for the Internet. IEEE, Matthew, G., & Thomas, S. (2013). A novel multifactor authentication system ensuring usability and security. Cryptography and Security, Parmit K. Chilana, J. O. (2010). Understanding Usability Practices in Complex Domains. ACM,

15