Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use Your Illusion: Secure Authentication Usable Anywhere

Published byBlanche Cole Modified over 6 years ago

Similar presentations

Presentation on theme: "Use Your Illusion: Secure Authentication Usable Anywhere"— Presentation transcript:

1 Use Your Illusion: Secure Authentication Usable Anywhere
Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan The reason why the title is cognitive process

2 Key Concept: Distortion
Distorted Picture Original Picture Ask You can recognize a baby now because you know the original picture

3 Use Your Illusion

4 Graphical Authentication
Passfaces Pass Points DAS (Draw-A-Secret) Déjà vu

5 Passfaces Faces are used as a graphical portfolio
Preference could be a limitation bias Cited from “On User Choice in Graphical Password Schemes”, Darren Daivis et. al, 2004

6 Pass Points Use “a sequence of clicks” as a shared secret
There are hot spots color Cited from “Authentication Usin Graphical Passwords: Basic Results”, Susan Wiednbeck et. al, 2004

7 Most Straightforward Way
Choose graphical portfolio from a set of pictures

8 Graphical Portfolio If a user can choose whatever graphical portfolio…
If system assigns portfolio randomly…

9 Fundamental Tradeoff Security Memorability

10 “Use Your Illusion” Allow users to take/choose pictures by themselves
Distort the pictures Assign the distorted pictures as graphical portfolio

11 “Use Your Illusion” Security Memorability
Allow users to take/choose pictures by themselves Distort the pictures Assign the Distorted pictures as graphical token Security Memorability

12 Requirements for Distortion
One-way Discarding precise shapes and colors Preserving rough shapes and colors

13 Oil Painting Filter Choose RGB values which appears most frequently in a neighborhood

14 Oil Painting Filter

15 Distortion Level If high, difficult to guess but difficult to memorize
If low, easy to memorize but easy to guess Brush size and bins are mathematical parameter

16 Distortion Level Security Memorability
Two parameters affect distortion level If too high, not usable If too low, not secure Security Brush size and bins are mathematical parameter Memorability

17 Low-Fidelity Test Least distorted color Most distorted

18 Low-Fidelity Test animation

19 Low-Fidelity Test animation

20 Low-Fidelity Test animation

21 Low-Fidelity Test animation

22 Low-Fidelity Test animation

23 Low-Fidelity Test It’s a dog!! animation

24 Low-Fidelity Test Difficult to guess w/o knowing original picture

25 Low-Fidelity Test Can’t recognize a dog

26 Low-Fidelity Test Easy to recognize w/ knowing original picture

27 Low-Fidelity Test Satisfies requirements

28 Prototype Implemented on Nokia’s cell-phone for usability test
Also implemented on the web

29 Prototype Demo

30 Usability Test 45 participants and for 1 week
54 participants and for 4 weeks

31 1st Usability Test 45 participants were divided into 3 groups
Self-selected, Non-distorted Self-selected, distorted (Use Your Illusion) Imposed, highly-distorted

32 Self-selected, Non-distorted

33 Self-selected, Distorted

34 Imposed, Highly-distorted
State simply

35 Procedure Date Task Before the 1st day Take 3 pictures The 1st day
Memorize portfolio Practice Authenticate 2 days after 1 week after Fill out questionnaires

36 Success Rate The 1st day 2 days after 1 week after 100% (15) 93.3%
Self-selected, Non-distorted 100% (15) Distorted Imposed, Highly-distorted 93.3% (14) 73.3% (11)

37 Authentication Time (Mean)
Imposed, Highly-distorted Self-selected, Distorted Self-selected, Non-distorted

38 Process of Memorization
Participants assign meanings to distorted pictures Assigning meanings helps memorization Mountain Sea Moai statue

39 2nd Usability Test 54 participants were divided into 3 groups
Self-selected, Non-distorted Self-selected, Distorted Imposed, Distorted Authenticate On the 1st day 2 days after 1 week after 4 weeks after Done in Japan Minolity between

40 Imposed, Distorted

41 Success Rate The 1st day 2 days after 1 week after 4 weeks after 100%
Self-selected, Non-distorted 100% (18) Distorted Imposed, 89% (16) 94% (17)

42 Authentication Time (Mean)
Imposed, Distorted Self-selected, Distorted Later, I will think about this slide more. Self-selected, Non-distorted

43 Tolerance against Guessing Attack
Original pictures are vulnerable Distorted pictures are more tolerant Define guessing attack Attacker is very good at getting information about a user Preference

44 Future Work Detailed usability test Long term test
Find an optimal distortion Investigate a metric evaluating distortion level

45 Use Your Illusion Use distorted pictures as a portfolio
As memorable as non-distorted pictures More memorable than imposed (highly-) distorted pictures Fits human memorization process More tolerant to guessing attack photo

46 Thank you for listening
Prototype is available on Please try it! URL

Download ppt "Use Your Illusion: Secure Authentication Usable Anywhere"

Similar presentations

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
© 2011 Delmar, Cengage Learning Chapter 13 Preparing Graphics for the Web.

© 2011 Delmar, Cengage Learning Chapter 13 Preparing Graphics for the Web.
Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.

Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.
Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.

Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.

Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.
Evaluation IMD07101: Introduction to Human Computer Interaction Brian Davison 2010/11.

Evaluation IMD07101: Introduction to Human Computer Interaction Brian Davison 2010/11.
IP10 Monday, January 13 th Using the Blurring Effect.

IP10 Monday, January 13 th Using the Blurring Effect.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
1 Authentication and access control overview. 2 Outline Definitions Authentication Factors Evaluation Examples  Focus on password problems and alternatives.

1 Authentication and access control overview. 2 Outline Definitions Authentication Factors Evaluation Examples  Focus on password problems and alternatives.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
Usability Evaluation June 8, 2011. Why do we need to do usability evaluation?

Usability Evaluation June 8, Why do we need to do usability evaluation?
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.

D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人:張淯閎.
Jawaharlal Nehru National College of Engineering, Shimoga – 577204 Department of Computer Science & Engineering Technical Seminar on, Under the guidance.

Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (Short Paper) FC 2010 Toni Perković joint work with Mario Čagalj and Nitesh Saxena.

Shoulder-Surfing Safe Login in a Partially Observable Attacker Model (Short Paper) FC 2010 Toni Perković joint work with Mario Čagalj and Nitesh Saxena.

Similar presentations

Ads by Google