ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Undercover: authentication usable in front of prying eyes
Full text pdf formatPdf (661 KB)
Source
Conference on Human Factors in Computing Systems archive
Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems table of contents
Florence, Italy
SESSION: Trust and Security table of contents
Pages 183-192  
Year of Publication: 2008
ISBN:978-1-60558-011-1
Authors
Hirokazu Sasamoto  Carnegie Mellon University and Sharp Corporation, Kobe, Japan
Nicolas Christin  Carnegie Mellon University, Kobe, Japan
Eiji Hayashi  Carnegie Mellon University and Mitsubishi Research, Kobe, Japan
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 32,   Downloads (12 Months): 148,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1357054.1357085
What is a DOI?

ABSTRACT

A number of recent scams and security attacks (phishing, spyware, fake terminals, ...) hinge on a crook's ability to observe user behavior. In this paper, we describe the design, implementation, and evaluation of a novel class of user authentication systems that are resilient to observation attacks.

Our proposal is the first to rely on the human ability to simultaneously process multiple sensory inputs to authenticate, and is resilient to most observation attacks. We build a prototype based on user feedback gained through low fidelity tests. We conduct a within-subjects usability study of the prototype with 38 participants, which we complement with a security analysis.

Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks. Our design and evaluation process allows us to outline design principles for observation-resilient authentication systems.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
LEGO.com Mindstorm NXT home. http://mindstorms.lego.com.
2
Ross Anderson, Why cryptosystems fail, Proceedings of the 1st ACM conference on Computer and communications security, p.215-227, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168615]
 
3
P. Blamey, R. Cowan, J. Alcantara, L. Whitford, and G. Clark. Speech perception using combinations of auditory, visual, and tactile information. J. Rehab. Res. and Dev., 26(1):15--24, 1989.
 
4
G. Calvert, C. Spence, and B. Stein, editors. The Handbook of Multisensory Processes. MIT press, 2004.
 
5
Lorrie Cranor , Simson Garfinkel, Security and Usability, O'Reilly Media, Inc., 2005
 
6
Rachna Dhamija , Adrian Perrig, Déjà Vu: a user study using images for authentication, Proceedings of the 9th conference on USENIX Security Symposium, p.4-4, August 14-17, 2000, Denver, Colorado
7
Rachna Dhamija , J. D. Tygar , Marti Hearst, Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada  [doi>10.1145/1124772.1124861]
 
8
A. Diederich, H. Colonius, D. Bockhorst, and S. Tabeling. Visual-tactile spatial interaction in saccade generation. Exp. Brain Res., 148(3):328 -- 337, 2003.
 
9
E. Gamzu and E. Ahissar. Importance of temporal cues for tactile spatial-frequency discrimination. J. Neuroscience, 21(18):7416--7427, 2001.
 
10
L. Giesen. ATM fraud: Does it warrant the expense to fight it? Banking Strategies, 82(6), 2006.
11
S Goldwasser , S Micali , C Rackoff, The knowledge complexity of interactive proof-systems, Proceedings of the seventeenth annual ACM symposium on Theory of computing, p.291-304, May 06-08, 1985, Providence, Rhode Island, United States  [doi>10.1145/22145.22178]
 
12
Philippe Golle , David Wagner, Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract), Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.66-70, May 20-23, 2007  [doi>10.1109/SP.2007.13]
 
13
E. Hayashi, N. Christin, R. Dhamija, and A. Perrig. Mental trapdoors for user authentication on small mobile devices. Tech. Rep. CMU-CyLab-07-011, Carnegie Mellon Univ., 2007.
14
Manu Kumar , Tal Garfinkel , Dan Boneh , Terry Winograd, Reducing shoulder-surfing by using gaze-based password entry, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania  [doi>10.1145/1280680.1280683]
 
15
B. Malek, M. Orozco, and A. El Saddik. Novel shoulder-surfing resistant haptic-based graphical password. In Proc. EuroHaptics'06, 2006.
 
16
S. Man, D. Hong, and M. Mathews. A shoulder-surfing resistant graphical password scheme. In Proc. Int. Conf. Sec. Mgmt., 105--111, 2003.
 
17
T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino. Impact of artificial gummy fingers on fingerprint systems. In Proc. SPIE, vol. 4677, 275--289, 2002.
18
Wendy Moncur , Grégory Leplâtre, Pictures at the ATM: exploring the usability of multiple graphical passwords, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA  [doi>10.1145/1240624.1240758]
19
Volker Roth , Kai Richter , Rene Freidinger, A PIN-entry method resilient against shoulder surfing, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030116]
 
20
T. Salthouse. The processing speed theory of adult age differences in cognition. Psych. Rev., 103(3):403--428.
 
21
Bruce Schneier, Applied cryptography (2nd ed.): protocols, algorithms, and source code in C, John Wiley & Sons, Inc., New York, NY, 1995
22
Sudhindra Shukla , Fiona Fui-Hoon Nah, Web browsing and spyware intrusion, Communications of the ACM, v.48 n.8, August 2005  [doi>10.1145/1076211.1076245]
 
23
Daphna Weinshall, Cognitive Authentication Schemes Safe Against Spyware (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.295-300, May 21-24, 2006  [doi>10.1109/SP.2006.10]
24
Susan Wiedenbeck , Jim Waters , Leonardo Sobrado , Jean-Camille Birget, Design and evaluation of a shoulder-surfing resistant graphical password scheme, Proceedings of the working conference on Advanced visual interfaces, May 23-26, 2006, Venezia, Italy  [doi>10.1145/1133265.1133303]
25
Li Zhuang , Feng Zhou , J. D. Tygar, Keyboard acoustic emanations revisited, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102169]

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Haptic I/O


General Terms:
Human Factors, Security


Keywords:
multisensory processes, security, usability

Collaborative Colleagues:
Hirokazu Sasamoto: colleagues
Nicolas Christin: colleagues
Eiji Hayashi: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player