Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and."— Presentation transcript:

1 Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and Information Sciences FirstName.SecondName@cis.strath.ac.uk

2 Goal of the Study Is to assess the feasibility of distinguishing the two groups Person & Impostor

3 Introduction On the Internet, there is an uneasy tension between the security and usability of authentication mechanisms

4 How we are authenticated? Authentication Scheme Stajano, 2002. three-part classification is "something you know" (e.g. password); "something you hold" (e.g. device holding digital certificate), "who you are" (e.g. biometric assessment) Each of these has well-known problems; passwords are written down, guessable, or forgotten; devices are lost or stolen, and biometric assays alienate users.

5 Context Human Mobility e.g. internet coffee Authentication Characteristics Mobile Lightweight Low in cost " something you know"

6 Passwords are not without Human Problems Yan and his colleagues 2004 in Cambridge University Computer Laboratory There are trade offs between good non-guessable passwords and the limitations of the human memory. It is hard for users to remember random passwords, but others are guessable; although passwords provide users with mobility, they can be stolen, guessed, or cracked.

7 Our Solution Light weight Memorable Mobile Low in cost

8 Electronic Personal History. 1.The personal history.it is not given. 2.It has a characteristic that it is very large so nobody can remember except the person him self. But what are good authentication questions?

9 Solutions “ Related Work ” Question Based Facts and Opinion Cognitive Passwords –Question Based Zviran 1990 Challenge Response Questions Cartwright 2004 Recognition-Based, rather than Recall-Based Opinion Image Portfolios Dhamija and Perring 2002 Passfaces Brostoff and Sasse 2000

10 Question Based-Model

11 Two Pilot Studies Population in both experiments includes the people who have and use electronic calendar either in palm format or Microsoft format Experiment One a. Sample size (Six calendar data of the staff) b. No. of Questions (5) Randomly selected c. Kind of questions (true/ false)

12 First Experiment Results Surprising results 1.The person can’t remember his calendar 2.Others scored better that the person him self in a few questions.

13 Sensitivity and Specificity Not the personIs the person First Test 0.50.53 (Sensitivity) (True Positive) Correct answer ‘ Positive’ 0.5 (Specificity) (True Negative) 0.47Wrong answer ‘Negative’ 11

14 Human Memory Long-term memory is divided into episodic, procedural and semantic memory. In our research, we have focused on the long-term memory and in particular the episodic memory which some researchers define it as autobiographical memory. Baddeley, A. 1997

15 Parameter ( Human Memory ) Psychology Parameters Recent Repetitive Pleasant Experiments Parameters Easy Difficult

16 Second Experiment a. Sample size (9 calendar data of the staff) b. No. of Questions (8) c. Kind of questions (6 true/ false) (Recent, Repetitive, Pleasant) & (2 Multiple Choice) for each (Easy and Difficult)

17 Sensitivity and Specificity Second Test Answer GenuineImpostor Correct0.71 ±0.190.57 Wrong0.290.43 ±0.10 Total11

18 Sensitivity and Specificity Multiple- Choice Questions Answer GenuineImpostor Correct0.75 ±0.250.78 Wrong0.250.22 ±0.18 Total 11

19 ROC Curve Q1 Pleasant Easy Q2 Pleasant Difficult Q3 Recent Easy, Q4 Recent Difficult Q5 Repeat EasyQ6 Repeated Difficult, Q7 Multiple-ChoiceQ8 Multiple Choice VariablesAUC Q10.777 Q20.545 Q31 Q40.464 Q50.75 Q60.696 Q70.75 Q80.75

20 Conclusions The pilot study showed feasibility of this novel idea. Surprising results that person can’t remember his calendar The recent, repetitive, pleasant question types are better remembered and these types need further investigations in a bigger experiment. In the reality, information will not be shared usually population is random people which gives the idea more creditability.

21 Future Work Implementation Model Additional Information

22 Trusted Third Party (TTP) Mitchell, 2004 summarized authentication stages for SSO or certificate into two major : A.the initial authentication stage B.authentication at instant time stage

23 TTP

24 Question Based-Model Question /Answer Authentication Electronic Personal History e.g. pay-pal on e-bay

25 Future Work

26 The research can go further and use other electronic data such as data stored on mobile phone (E911) legislation, GPS, PC, government or organizations database and, in the future with the smart environment application, there will a huge amount of stored electronic personal data. This large bulk of information can provide better security and, at the same time, will provide users with mobility because it is memorable. more investigation is required to gain more confidence in the results

27 Thank you

Download ppt "Internet Authentication Based on Personal History – A Feasibility Test Ann Nosseir, Richard Connor, Mark Dunlop University of Strathclyde Computer and."

Similar presentations

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
Copyright © 2010, 2007, 2004 Pearson Education, Inc. Chapter 11 Understanding Randomness.

Copyright © 2010, 2007, 2004 Pearson Education, Inc. Chapter 11 Understanding Randomness.
Chapter 4 – Reliability Observed Scores and True Scores Error

Chapter 4 – Reliability Observed Scores and True Scores Error
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Test Taking Skills & Strategies

Test Taking Skills & Strategies
Chapter 9 Creating and Maintaining Database Presented by Zhiming Liu Instructor: Dr. Bebis.

Chapter 9 Creating and Maintaining Database Presented by Zhiming Liu Instructor: Dr. Bebis.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Biometrics & Security Tutorial 7. 1 (a) Please compare two different kinds of biometrics technologies: Retina and Iris. (P8:2-3)

Biometrics & Security Tutorial 7. 1 (a) Please compare two different kinds of biometrics technologies: Retina and Iris. (P8:2-3)
Introduction to Databases

Introduction to Databases
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.

Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
WELCOME TO THE SEMINAR ON Money Pad, The Future Wallet

WELCOME TO THE SEMINAR ON Money Pad, The Future Wallet
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)
DigiCa$h: Money of the Future? or an Electronic Disaster? By: EDWARD ARTECHE MARLON EVANGELISTA.

DigiCa$h: Money of the Future? or an Electronic Disaster? By: EDWARD ARTECHE MARLON EVANGELISTA.
BY CHEN YEAH TECK Image-Based Authentication for Mobile Phones: Performance and User Opinions Source: Slippery Brick (2006)

BY CHEN YEAH TECK Image-Based Authentication for Mobile Phones: Performance and User Opinions Source: Slippery Brick (2006)

Similar presentations

Ads by Google