Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan.

Published byAnastasia Clark Modified over 9 years ago

Similar presentations

Presentation on theme: "Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan."— Presentation transcript:

1 Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan

2 Key Concept: Distortion You can recognize a baby now because you know the original picture Distorted PictureOriginal Picture

3 Use Your Illusion

4 Graphical Authentication Passfaces Pass Points DAS (Draw-A-Secret) Déjà vu

5 Passfaces Faces are used as a graphical portfolio Preference could be a limitation Cited from “ On User Choice in Graphical Password Schemes ”, Darren Daivis et. al, 2004

6 Pass Points Use “a sequence of clicks” as a shared secret There are hot spots Cited from “ Authentication Usin Graphical Passwords: Basic Results ”, Susan Wiednbeck et. al, 2004

7 Most Straightforward Way Choose graphical portfolio from a set of pictures

8 Graphical Portfolio If a user can choose whatever graphical portfolio… If system assigns portfolio randomly…

9 Fundamental Tradeoff Security Memorability

10 “ Use Your Illusion ” 1.Allow users to take/choose pictures by themselves 2.Distort the pictures 3.Assign the distorted pictures as graphical portfolio

11 “ Use Your Illusion ” 1.Allow users to take/choose pictures by themselves 2.Distort the pictures 3.Assign the Distorted pictures as graphical token Security Memorability

12 Requirements for Distortion One-way Discarding precise shapes and colors Preserving rough shapes and colors

13 Oil Painting Filter Choose RGB values which appears most frequently in a neighborhood

14 Oil Painting Filter

15 Distortion Level If high, difficult to guess but difficult to memorize If low, easy to memorize but easy to guess

16 Distortion Level Two parameters affect distortion level –If too high, not usable –If too low, not secure Security Memorability

17 Low-Fidelity Test Most distorted Least distorted

18 Low-Fidelity Test

19

20

21

22

23 It’s a dog!!

24 Low-Fidelity Test Difficult to guess w/o knowing original picture

25 Low-Fidelity Test Can’t recognize a dog

26 Low-Fidelity Test Easy to recognize w/ knowing original picture

27 Low-Fidelity Test Satisfies requirements

28 Prototype Implemented on Nokia’s cell-phone for usability test Also implemented on the web

29 Prototype Demo

30 Usability Test 45 participants and for 1 week 54 participants and for 4 weeks

31 1 st Usability Test 45 participants were divided into 3 groups –Self-selected, Non-distorted –Self-selected, distorted (Use Your Illusion) –Imposed, highly-distorted

32 Self-selected, Non-distorted

33 Self-selected, Distorted

34 Imposed, Highly-distorted

35 Procedure DateTask Before the 1st dayTake 3 pictures The 1st dayMemorize portfolio Practice Authenticate 2 days afterAuthenticate 1 week afterAuthenticate Fill out questionnaires

36 Success Rate The 1 st day 2 days after 1 week after Self-selected, Non-distorted 100% (15) 100% (15) 100% (15) Self-selected, Distorted 100% (15) 100% (15) 100% (15) Imposed, Highly-distorted 93.3% (14) 73.3% (11) 73.3% (11)

37 Authentication Time (Mean) Imposed, Highly-distorted Self-selected, Distorted Self-selected, Non-distorted

38 Process of Memorization Participants assign meanings to distorted pictures Assigning meanings helps memorization MountainSeaMoai statue

39 2 nd Usability Test 54 participants were divided into 3 groups –Self-selected, Non-distorted –Self-selected, Distorted –Imposed, Distorted Authenticate –On the 1 st day –2 days after –1 week after –4 weeks after

40 Imposed, Distorted

41 Success Rate The 1 st day 2 days after 1 week after 4 weeks after Self-selected, Non-distorted 100% (18) 100% (18) 100% (18) 100% (18) Self-selected, Distorted 100% (18) 100% (18) 100% (18) 100% (18) Imposed, Distorted 100% (18) 89% (16) 94% (17) 89% (16)

42 Authentication Time (Mean) Imposed, Distorted Self-selected, Distorted Self-selected, Non-distorted

43 Tolerance against Guessing Attack Original pictures are vulnerable Distorted pictures are more tolerant

44 Future Work Detailed usability test Long term test Find an optimal distortion Investigate a metric evaluating distortion level

45 Use Your Illusion Use distorted pictures as a portfolio As memorable as non-distorted pictures More memorable than imposed (highly-) distorted pictures Fits human memorization process More tolerant to guessing attack

46 Thank you for listening Prototype is available on http://arima.okoze.net/illusion/ Please try it!

Download ppt "Use Your Illusion: Secure Authentication Usable Anywhere Eiji Hayashi Nicolas Christin Rachna Dhamija Adrian Perrig Carnegie Mellon CyLab Japan."

Similar presentations

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
© 2011 Delmar, Cengage Learning Chapter 13 Preparing Graphics for the Web.

© 2011 Delmar, Cengage Learning Chapter 13 Preparing Graphics for the Web.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang, 2008-12-9.

A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,
Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.

Trustworthy Computing in My Mind: A Case Study on Visual Password Shujun Li Visiting Student at VC Group, Microsoft Research Asia Institute of Image Processing.
3d ..

3d ..
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Authentication and access control.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.

Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.
Authentication. Definitions Identification - a claim about identity Identification - a claim about identity –Who or what I am (global or local) Authentication.

Authentication. Definitions Identification - a claim about identity Identification - a claim about identity –Who or what I am (global or local) Authentication.
Part 4: Evaluation Chapter 20: Why evaluate? Chapter 21: Deciding on what to evaluate: the strategy Chapter 22: Planning who, what, where, and when Chapter.

Part 4: Evaluation Chapter 20: Why evaluate? Chapter 21: Deciding on what to evaluate: the strategy Chapter 22: Planning who, what, where, and when Chapter.
Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.

Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.

Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Introduction to Alice Basics : What is Alice? Object Oriented Definitions What Does it Look Like? Where Can I Use it?

Introduction to Alice Basics : What is Alice? Object Oriented Definitions What Does it Look Like? Where Can I Use it?
Human Computable Passwords

Human Computable Passwords
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Visualization and graphics research group CIPIC January 21, 2003Multiresolution (ECS 289L) - Winter 20031 Surface Simplification Using Quadric Error Metrics.

Visualization and graphics research group CIPIC January 21, 2003Multiresolution (ECS 289L) - Winter Surface Simplification Using Quadric Error Metrics.
Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!

Kok-Chie Daniel Pu - MSISPM. Wow... Daniel will be presenting a lecture on Graphical Passwords !!!
Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.

Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.
Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and.

Authentication Deniable Authentication Protection Against Dictionary Attacks Isidora Petreska Dimitar Gosevski and.

Similar presentations

Ads by Google