Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 1 Local Authentication for mobile devices Andreas Heiner.

Published byStephen Phillips Modified over 8 years ago

Similar presentations

Presentation on theme: "Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 1 Local Authentication for mobile devices Andreas Heiner."— Presentation transcript:

1 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 1 Local Authentication for mobile devices Andreas Heiner

2 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 2 Authentication Feeling secure Being secure

3 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 3 Overview Cognition and Social dimension Authentication Alphanumeric Graphical (recall) Graphical (rule) Graphical (secret) Stepping back Biometrics CAPTCHAs

4 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 4 Cognition and Social Dimension

5 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 5 Human centric Cognitive dimension Attention to one task Preventing psychological pitfalls Information filtering Observing, processing, attention span Emotions: Feeling of security Social dimension Social embedding Privacy Economy

6 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 6 Cognition / Vision Salience What pops out Search Analyze image Notification Focus v. Peripheral view Colors and motions

7 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 7 Cognition / Vision Find the painting and the mug

8 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 8 Cognition / Memory Memory Sensory Short-term Permanent Flash memory Memory different for different senses Short-term: vocal content > images Long-term: images >> vocal content Forgetting Mnemonic training Spaced repetition Is it interesting interference

9 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 9 Cognition / Psychology Positive outcome bias (wishful thinking) Illusory superiority Feel secure Lock front door, not backdoor Visible  invisible

10 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 10 Social dimension Impersonation Social pressure “Not done” “Not invited for a birthday” Who’s the real one?

11 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 11 Authentication

12 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 12 Authentication Typical (future) use Photos, Facebook PIM ((alendar, addresses) Company data E-banking, E-payment, E-government E-health (insurance companies) Design criteria What do we use it for? What is “acceptable loss”

13 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 13 Authentication Attack models Stealing / Physical force Lunchtime attack intersection attack shoulder surfing SAT attack Brute force

14 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 14 Authentication Level 1 – Minimal Assurance Little or no assurance on the asserted identity Authentication Error might at worst result in minimal inconvenience, financial loss, distress, damage to reputation no risk of harm to agency programs or public interests, release of sensitive information, civil or criminal violations or to personal safety Typical PIN-security

15 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 15 Authentication Level 2 – Low Assurance “On the balance of probabilities” there is confidence in the asserted identity Authentication Error might at worst result in minor inconvenience, financial loss, distress, damage to reputation no risk of harm to agency programs, public interests, release of sensitive information or personal safety civil or criminal violations not normally subject to agency enforcement efforts “Strong” passwords done tolerably well What is “strong”?

16 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 16 Authentication Level 3 – Substantial Assurance Transactions that are “official in nature” High confidence in the asserted identity Authentication error might at worst result in significant inconvenience, financial loss, distress, damage to reputation, harm to agency programs & public interests a significant release of sensitive information civil or criminal violations normally subject to agency enforcement efforts no risk to personal safety very strong passwords done really well What’s very strong and done really well?

17 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 17 Authentication Level 4 – High Assurance Very high confidence in the asserted identity Authentication error might result in considerable inconvenience, financial loss, distress, damage to reputation, harm to agency programs & public interests extensive release of sensitive information considerable risk of an egregious criminal act civil or criminal violations of special importance to agency enforcement efforts risk to personal safety Is that possible?

18 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 18 Authentication Text Images Draw-a-Secret Biometrics

19 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 19 Alphanumerical Passwords

20 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 20 Passwords / alphanumeric One for all… Password database Password “recovery” tool ($1399)

21 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 21 Passwords / Alpha-numeric Social engineering FCBarcelona, Liverpool Recycle and renumber ?FCBarcelona1, ?FCBarcelona2 (64%) Password checkers unpredictablePassword checkers “ Unknown ” words in dictionary Dutch -> Dutch dictionary Mnemonics !FCBarcelona strong 4 1 1 26 35

22 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 22 PIN code Social attack Birthdate of … Wear and tear Skimmers How-to 1 Brute force

23 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 23 Graphical Passwords

24 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 24 Graphical passwords Advantage Excellent image recall (1 day training, up to 2500) Recognition / Recall Cognitive (secret images + rules) Image as a secret

25 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 25 Pass faces (recall) Pass faces Locate the assigned images Brute force 1-9^(# sreens) Advantage People have good face recognition Disadvantage Machines have good face recognition Gender / race bias Relatively weak SAT

26 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 26 déjà vu (recall) Deja Vu Locate the chosen images Subset is shown Advantage Strong visual recall Good differentiator Disadvantage Always one / screen Color bias (like blue) SAT

27 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 27 Cued Click Points (recall) User selects features that lead to next image Advantage straightforward Disadvantage Salience attack 3-5^(tree depth)

28 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 28 PicturePin (recall) Key-decoy Subset System-assigned images Advantage Shoulder surfing Brute force Intersection No user bias Disadvantage # images needed? Long search time SAT Show your friends the nice photos

29 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 29 Rule-based (cognitive) Select enclosed secret images Advantage Hard for an attacker Shoulder surfing Brute force resilience Disadvantage Too many images Complexity (search) Intersection? SAT

30 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 30 Rule-based (cognitive) Find the right path Advantage Hard for an attacker Shoulder surfing Brute force resilience Disadvantage Too many images Complexity (search) Intersection? SAT

31 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 31 Draw-a-secret Brute force: 30^(occupied cells) Open issues Connected cells ? Cell ambiguities? Variable shape? Background-DAS Image suggests drawing 235 4 1 6 2 3 5 4 1

32 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 32 Draw a secret Scribble-a-Secret Qualitative-DAS

33 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 33 Human side of security Feeling secure Being secure

34 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 34 Stepping back Authentication schemes Alpha-numeric Pass faces, Déjà vu, click points, PicturePIN Rule-based Where did it go wrong? Not interesting To complex Training phase

35 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 35 Stepping back Human-centric design Memory “fun” and entertaining Usable Task flow! Peer pressure Shoulder surfing Device characteristics

36 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 36 CAPTCHA

37 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 37 CAPTCHA Text Image based Different animals (Asirra) Rotate objects Identify objects ESP-PIX, SQUIGL-PIX.ESP-PIXSQUIGL-PIX Cognition Logical sequence Stories Attacks Image recognition Artificial Intelligence

38 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 38 Biometrics

39 Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 39 Methods Fingerprint Speaker recognition Face Speaking (Face dynamics + Voice) Iris / retina, DNA Fakes and revocation BiometricEvaluation-v1.0.ppt Biometrics

Download ppt "Company Confidential © 2008 Nokia V1-Filename.ppt / YYYY-MM-DD / Initials 1 Local Authentication for mobile devices Andreas Heiner."

Similar presentations

4. CLIENT & USER NEEDS.

4. CLIENT & USER NEEDS.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.

NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Information Society Security Risks.  Attacks  Origin  Consequences RISKS...

Information Society Security Risks.  Attacks  Origin  Consequences RISKS...
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
Marjie Rodrigues 411154.

Marjie Rodrigues
Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.

Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.
Geoff Lacy. Outline  Definition  Technology  Types of biometrics Fingerprints Iris Retina Face Other ○ Voice, handwriting, DNA  As an SA.

Geoff Lacy. Outline  Definition  Technology  Types of biometrics Fingerprints Iris Retina Face Other ○ Voice, handwriting, DNA  As an SA.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.

Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.

Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

E XPLORING USABILITY EFFECTS OF INCREASING SECURITY IN CLICK - BASED GRAPHICAL PASSWORDS Elizabeth StobertElizabeth Stobert, Alain Forget, Sonia Chiasson,

Similar presentations

Ads by Google