Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure graphical password system for high traffic public areas

Published byStuart Dickerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure graphical password system for high traffic public areas"— Presentation transcript:

1 Secure graphical password system for high traffic public areas
Bogdan Hoanca and Kenrick Mock University of Alaska Anchorage

2 Outline Shoulder surfing as security threat in information systems
Eye tracking based authentication Error rates of eye tracking hardware Error-aware eye tracking Systematic errors Random errors Conclusions March 27, 2006 Hoanca/Mock ETRA 2006

3 Shoulder surfing Stealing authentication information
Critical threat for mobile users or in public places Safest bet: assume “naked” user under constant surveillance March 27, 2006 Hoanca/Mock ETRA 2006

4 Defending against shoulder surfing
Screen filters Challenge-response schemes Physical key schemes Biometric schemes March 27, 2006 Hoanca/Mock ETRA 2006

5 Eye tracking based authentication
Use the eye tracker without on-screen feedback to select on-screen objects Ideally, transparent for the user Secure from shoulder surfing Slower than typing Still vulnerable to key logger and screen capture programs March 27, 2006 Hoanca/Mock ETRA 2006

6 Graphical Password Entry via Eye Tracking
March 27, 2006 Hoanca/Mock ETRA 2006

7 Sample authentication log
March 27, 2006 Hoanca/Mock ETRA 2006 Image size 700x482

8 High error rates due to hardware limitations
“Low error” user Mean D = 12 pixels “High error” user Mean D = 30 pixels Plots of actual gaze location as compared with intended target (red); black is the center of gravity Distances are in pixels and scale is -40…40 in both X and Y March 27, 2006 Hoanca/Mock ETRA 2006

9 Error rates of eye tracking hardware
Using the ERICA system from Eye Response Technologies Error types Systematic errors Due to head tilt Slowly varying with time Dependent on screen geometry and location Random errors Highly user dependent March 27, 2006 Hoanca/Mock ETRA 2006

10 Handling random errors
Loss of cryptographic complexity depends on how much error is acceptable Success rate (%, 0…100) vs. distance in pixels (1…1000, log scale) March 27, 2006 Hoanca/Mock ETRA 2006

11 Handling systematic errors
Red – raw data Green -- corrected Success rate (%, 0…100) vs. distance in pixels (1…1000, log scale) one user 25 sessions “low error” Average over multiple attempts or over multiple users Loss of cryptographic complexity – equivalent to one click less March 27, 2006 Hoanca/Mock ETRA 2006

12 Handling systematic errors (continued)
Success rate (%, 0…100) vs. distance in pixels (1…1000, log scale) one user 25 sessions “high error” Limited usefulness for high error users Red – raw data Green -- corrected March 27, 2006 Hoanca/Mock ETRA 2006

13 Summary Eye tracking is a promising technology for authenticating from public places with reduced danger of shoulder surfing Wide acceptance will require eye tracking technologies that are More stable and accurate Ideally, head tracking-capable and calibration-free Much lower in price March 27, 2006 Hoanca/Mock ETRA 2006

Download ppt "Secure graphical password system for high traffic public areas"

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Manufacturing Process A sequence of activities that is intended to achieve a result (Juran). Quality of Manufacturing Process depends on Entry Criteria.

1 Manufacturing Process A sequence of activities that is intended to achieve a result (Juran). Quality of Manufacturing Process depends on Entry Criteria.
Multimedia Specification Design and Production 2012 / Semester 1 / week 6 Lecturer: Dr. Nikos Gazepidis

Multimedia Specification Design and Production 2012 / Semester 1 / week 6 Lecturer: Dr. Nikos Gazepidis
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Logging and Replay of Go Game Steven Davis Elizabeth Fehrman Seth Groder.

Logging and Replay of Go Game Steven Davis Elizabeth Fehrman Seth Groder.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.

AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Authenticating with Google Glass Brandon Grey. Google Glass Input  Inputting information into google glass has been limited to either gestures or speech.

Authenticating with Google Glass Brandon Grey. Google Glass Input  Inputting information into google glass has been limited to either gestures or speech.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
L C SL C S The Untrusted Computer Problem and Camera-Based Authentication Dwaine Clarke, Blaise Gassend, Thomas Kotwal, Matt Burnside, Marten van Dijk,

L C SL C S The Untrusted Computer Problem and Camera-Based Authentication Dwaine Clarke, Blaise Gassend, Thomas Kotwal, Matt Burnside, Marten van Dijk,
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Copyright © 2006 Pearson Education, Inc. or its affiliate(s). All rights reserved.

Copyright © 2006 Pearson Education, Inc. or its affiliate(s). All rights reserved.
E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.

Similar presentations

Ads by Google