A STUDY IN AUTHENTICATION VIA ELECTRONIC PERSONAL HISTORY QUESTIONS
Ann Nosseir, Sotirios Terzis
2010
Abstract
Authentication via electronic personal history questions is a novel technique that aims to enhance question-based authentication. This paper presents a study that is part of a wider investigation into the feasibility of the technique. The study used academic personal web site data as a source of personal history information, and studied the effect of using an image-based representation of questions about personal history events. It followed a methodology that assessed the impact on both genuine users and attackers, and provides a deeper insight into their behaviour. From an authentication point of view, the study concluded that (a) an image-based representation of questions is certainly beneficial; (b) a small increase in the number of distracters/options used in closed questions has a positive effect; and (c) despite the closeness of the attackers their ability to answer correctly with high confidence questions about the genuine users’ personal history is limited. These results are encouraging for the feasibility of the technique.
References
- Brostoff, A., Improving password system effectiveness Department of Computer Science, University College London UCL, Doctor of Philosophy Thesis, 2004.
- Davis, D., Monrose, F. and Reiter, K., On User Choice in Graphical Password Schemes. In Proc 13th USENIX Security Symposium,(2004), 151-164.
- De-Angeli, A., Coutts, M., Coventry, L., Johnson, G., Cameron, D. and Fischer, M., VIP: A Visual Approach to User Authentication. In Proc Advanced Visual Interfaces AVI, ACM Press, (2002), 316-323.
- Dhamija, R., Hash Visualization in User Authentication. In Proc. (CHI), ACM Press, (2000), 279 - 280.
- Harper, R., Rodden, T., Rogers, Y. and Sellen, A., (Eds.), Being Human: Human-Computer Interaction in the year 2020. Cambridge, Microsoft Research Ltd., 2008.
- Just, M., Designing and Evaluating Challenge Question Systems." In Proc IEEE Security & Privacy: Special Issue on Security and Usability, 2,(5), (2004), 32- 39.
- Pering, T., Sundar, M., Light, J. and Want, R., Photographic Authentication through Untrusted Terminals, Security & Privacy, 2, (1), (2003),30-36.
- Nosseir, A., Connor, R. and Dunlop, M., Internet Authentication Based on Personal History - A Feasibility Test, Workshop on Customer Focused Mobile Services at WWW 2005, (2005).
- Nosseir, A., Connor, R., Revie, C. and Terzis, S., Question-Based Authentication Using Context Data, ACM Nordic Conference on Human Computer Interaction (NordiCHI 2006), Oslo, Norway, (2006).
- Takada, T and Koike, H., Awase-E: Image-based Authentication for Mobile Phones Using User's Favourite Images, Human-Computer Interaction with Mobile Devices and Services, 2795, (2003). 347-351.
- Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A. and Memon, N., Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In Proc. Symposium on Usable Privacy and Security (SOUPS), ACM Press, (2005), 1-12.
- Yan, J., Blackwell, A., Anderson, R. and Grant, A., Password Memorability and Security: Empirical Results, IEEE Security & Privacy, 5,(2), (2004), 25- 31.
- Zviran, M. and Haga, W., Cognitive Passwords: the Key to Easy Access Control, Computers and Security, 9, (1990),723-736.
- Zviran, M. and Haga, W., A Comparison of Password Techniques for Multilevel Authentication Mechanisms, The Computer Journal, 36,(3), (1993), 227-237.
Paper Citation
in Harvard Style
Nosseir A. and Terzis S. (2010). A STUDY IN AUTHENTICATION VIA ELECTRONIC PERSONAL HISTORY QUESTIONS . In Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 5: ICEIS, ISBN 978-989-8425-08-9, pages 63-70. DOI: 10.5220/0002908000630070
in Bibtex Style
@conference{iceis10,
author={Ann Nosseir and Sotirios Terzis},
title={A STUDY IN AUTHENTICATION VIA ELECTRONIC PERSONAL HISTORY QUESTIONS},
booktitle={Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 5: ICEIS,},
year={2010},
pages={63-70},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002908000630070},
isbn={978-989-8425-08-9},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 5: ICEIS,
TI - A STUDY IN AUTHENTICATION VIA ELECTRONIC PERSONAL HISTORY QUESTIONS
SN - 978-989-8425-08-9
AU - Nosseir A.
AU - Terzis S.
PY - 2010
SP - 63
EP - 70
DO - 10.5220/0002908000630070