infinite alphabet passwords

Infinite Alphabet Passwords

Marcia Gibson

University of BedfordshireOct, 2007

Overview

• Background: Why bother?

• Infinite Alphabet Password Systems

• Research question

• Infinite Alphabets?

• Evaluation

• Findings and conclusion

• Further work

Why think about new designs for

authentication?

• No “perfect” solution to authentication.• Well known trade off between security and

usability/accessibility.

• Organisations have to weigh up pros and cons. Which can sometimes mean take up of biometric and token based systems difficult to warrant, especially when remote authentication is needed.

Current deficit

The result is that we needauthentication systems:

• That can be set up and used quickly and easily over networks (especially the internet).

• That are secure and easy to use (i.e. address as much as possible the security-usability/accessibility trade off, not the case with traditional passwords).

What is an Infinite Alphabet Password System

(IAPS)?

• A conceptual model for knowledge based authentication techniques, inspired by research carried out into image based passwords.

• Defined as a password system where there is “practically no limitation on the number of letters that a software system can use as passwords”.

What is meant by “infinite” in this context?

• Original concept of an IAP scheme was purely theoretical

• In practice, the alphabets that are implemented are virtually infinite, This is because of the limited resources in time and space inherent to any computer system.

• A practical bound is the data width i.e. the number of bits that can be used to represent a distinct alphabet letter as well as the capability of the system on which the alphabet is generated to handle strings of a certain bit length.

IAPS – Design rationale

• Opportunity to utilise our inherent ability for recognition (or cued recall)

• Equal(ish?) chance of selection of any given set of symbols (when designed optimally)

• Individualisation of password alphabet

• Large size of password alphabet

• Non media centric, allows us to focus on optimal system design without becoming too bogged down with alphabet letter issues.

Research question:

““Is it feasible that one day infinite alphabet Is it feasible that one day infinite alphabet passwords might gain mass acceptance as a passwords might gain mass acceptance as a mainstream authentication mechanism?”mainstream authentication mechanism?”

Method of inquiry:

1) Identification of the systems to be assessed.2) Identification of contexts of use.3) Identification of key aspects that affect the

success of each system in each context of use.

Suitability of candidate alphabets for use in

IAPS• Evaluated against two top level goals:

– (virtually) Infinite in nature.– Implementable (technology exists to dynamically

generate from seed and present to user).

• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells

Suitability of candidate alphabets for use in

IAPS• Evaluated against two top level goals:

– (virtually) Infinite in nature.– Implementable (technology exists to dynamically

generate from seed and present to user).

• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells

Infinite number perceivable, less are differentiable between.Infinite number perceivable, less are differentiable between.Large enough for IAPS (i.e. for practical purposes).Large enough for IAPS (i.e. for practical purposes).

Existing systems for generation dynamically from seedExisting systems for generation dynamically from seedinclude Bauer’s (www.random-art.org) random art include Bauer’s (www.random-art.org) random art

algorithm and Conrad’s CGCA System algorithm and Conrad’s CGCA System (www.perisic.com/art395)(www.perisic.com/art395)

Suitability of candidate alphabets for use in

IAPS• Evaluated against two top level goals:

– (virtually) Infinite in nature.– Implementable (technology exists to dynamically

generate from seed and present to user).

• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells

An infinite number of sounds or sound compositions An infinite number of sounds or sound compositions can be perceived, differentiation may be a problem as can be perceived, differentiation may be a problem as

with images.with images.

Dynamic generation from seed is possible, an example Dynamic generation from seed is possible, an example of a sound generation system is discussed in Conrad, of a sound generation system is discussed in Conrad,

French & Gibson (2006)French & Gibson (2006)

Suitability of candidate alphabets for use in

IAPS• Evaluated against two top level goals:

– (virtually) Infinite in nature.– Implementable (technology exists to dynamically

generate from seed and present to user).

• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells

Deliverable by water soluble chemicals introduced to the Deliverable by water soluble chemicals introduced to the tongue. Not generatable dynamically from seed as it is nottongue. Not generatable dynamically from seed as it is notknown how a chemical will taste (or if it will taste) based onknown how a chemical will taste (or if it will taste) based on

its physical structure.its physical structure.

BCI technology isn’t advanced enough to generate BCI technology isn’t advanced enough to generate particular sensations especially two or more combined. particular sensations especially two or more combined.

Research is focused on output e.g. Duncan, D.E. (2005); Research is focused on output e.g. Duncan, D.E. (2005); Haynes, J.D. et al (2007)Haynes, J.D. et al (2007)

Suitability of candidate alphabets for use in

IAPS• Evaluated against two top level goals:

– (virtually) Infinite in nature.– Implementable (technology exists to dynamically

generate from seed and present to user).

• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells

Large number of textures can be perceived and could Large number of textures can be perceived and could possibly be generatable from seed.possibly be generatable from seed.

The hardware does not exist to present to the user in large The hardware does not exist to present to the user in large enough numbers to be used in IAP systems. BCI is notenough numbers to be used in IAP systems. BCI is not

mature enough.mature enough.

Suitability of candidate alphabets for use in

IAPS• Evaluated against two top level goals:

– (virtually) Infinite in nature.– Implementable (technology exists to dynamically

generate from seed and present to user).

• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells

Large number of smells can be perceived.Large number of smells can be perceived.

Not generatable from random seed as it is difficult to knowNot generatable from random seed as it is difficult to know(given scent producing hardware) how scents will combine, (given scent producing hardware) how scents will combine,

especially as some smells could be distressing for someespecially as some smells could be distressing for someusers (Kaye, J., 2004).users (Kaye, J., 2004).

Password element selection and presentation

modes(1/3)• Holistic selection (HIAP): The user selects a

whole password element (letter) or elements to log in.

Password element selection and presentation

modes(2/3)• Manipulation (MIAP): The user manipulates an

element or a number of elements in a particular manner and/or to satisfy a particular end state in order to log in.

Password element selection and presentation

modes(3/3)• Partial selection (PIAP): The user selects an

aggregate part of an element or elements in order to log in.

Resulting IAP systems

By combining the alphabet types that can be used with the principle interface types, 6 IAP systems are identified for further investigation:

ImageBasedHIAP

SoundBasedHIAP

ImageBasedPIAP

SoundBasedPIAP

ImageBasedMIAP

SoundBasedMIAP

Identifying contexts of use

The requirements for authentication systems vary with contexts of use. It would not be possible (or sensible)

given time constraints to evaluate all.

Six abstract contexts of use identified and a minimum requirement value for security and

usability/accessibility was assigned to each:

For local and remote access: High secure, low usable/accessible. High secure, low usable/accessible.

(e.g. banking workstation)(e.g. banking workstation) Moderately secure, moderately usable/accessible.Moderately secure, moderately usable/accessible.

(e.g. e-commerce website)(e.g. e-commerce website) Low secure, high usable/accessible.Low secure, high usable/accessible.

(e.g. ordering a film from a cable/satellite provider)(e.g. ordering a film from a cable/satellite provider)

Evaluation of likely level of mass end user

acceptanceThe evaluation was composed of two parts:

1. Point by point evaluation against a number of issues found to be important when evaluating efficacy of authentication systems.

1. Adjustment of the results to take into account the importance of each point in each use context and the visibility of each system i.e. “the level of exposure either first hand or from somewhere else a user is likely to have of an authentication system”.

Example of evaluation considerations

Total of twenty “rules” for consideration inevaluation: 11 security, 9 usability/accessibility,derived from literature review.

Example security consideration:“Cannot be communicated or otherwise transferredfrom authentic user to others”.

Example usability/accessibility consideration:“System should not require specialised devices tofunction, enabling accessibility”.

Applying the point scoring system

• Points were allocated to each of the twenty assessment criteria for each use context.

• 100 possible points were available in both security and usability/accessibility categories.

• The 6 IAPS as well as biometric, token based and text based systems were then evaluated and a percentage of marks awarded for each point.

• This resulted in a total security and usability/ accessibility rating for each system.

Estimating visibility

• If a user has never heard about or experienced a system (i.e. had no exposure) it is not possible for them to choose to use it.

• As well as the overall level of visibility an authentication system has to a user also the quality of the visibility (i.e. whether they user hear/experience positive or negative things) is important.

• Also important is the avenue of communication, a user will likely perceive some avenues to be more reputable than others. In this research media, personal trialling and word of mouth are used.

Putting it all

together:

Putting it all

together:

Initial values for VQ in communication layer were

set as follows:

0 for both positive & negative in IAP systems.

30 negative and 70 positive in biometric systems.

10 negative and 90 positivein token based systems.

90 negative and 10 positivein text based systems.

Putting it all

together:

It can be expected that most users are likely to value

personal trialling as the highest valued form of

visibility, word of mouth as the second most valued form of visibility and the

media as the lowest valued form of visibility in light of this values were set as follows:

Trialling VV = 50%Word of mouth VV = 30%

Media VV = 20%

If an IAP system never reaches the perceived

efficacy of its competitor systems then that system

will never gain mass exposure (through all

avenues) as it is unlikelyto be implemented andtherefore available for

trialling.

Putting it all

together:

Local access Results (1st iteration)

High Security, Low Usability/Accessibility

0102030405060708090

100

System category

+ V

isib

ility

Moderate Secure, Moderate Access/Usable

0102030405060708090

100

SHIAP

SMIA

P

SPIAP

IHIA

PIP

IAP

IMIA

P

TEXT

TOKEN

BIOM

ETRIC

System category

+ V

isib

ilit

y

Security Usability / Accessibility

High Usable/Accessible, Low secure.

0102030405060708090

100

SHIAP

SMIA

P

SPIAP

IHIA

PIP

IAP

IMIA

PTEXT

TOKEN

BIOM

ETRIC

System category

+ V

isib

ilit

y

Moderate Security, Moderate Usability/Accessibility

High Usability/Accessibility, Low Security

+ V

isib

ility

+ V

isib

ility

+ V

isib

ility

Remote access Results (1st iteration)

High security/Low usability/accessibility

0102030405060708090

100

System category

+ V

isib

ility

moderately secure, moderately accessible/usable

0102030405060708090

100

System category

+ V

isib

ilit

y

Security Usability / Accessibility

High usable/Accessible, low secure

0102030405060708090

100

System category

+ V

isib

ilit

y

+ V

isib

ility

+ V

isib

ility

+ V

isib

ility

Moderate Security, Moderate Usability/Accessibility

High Security, Low Usability/Accessibility

High Usability/Accessibility, Low Security

Overall findings• IAPS designs were found to be better in terms of

usability/accessibility and security than text-based and biometric systems when evaluated against this set of requirements.

• HIAP systems were the most successful in the evaluation where they almost matched or approximately matched the performance of token based systems.

• The visible efficacy of IAPS in their current form are unlikely to meet that of competitor systems. However with further refinement and improvement this may be possible.

Further research

Improvements to IAPS that would make them more likely to gain acceptance are:

• In image based IAPS: Research into prohibiting shoulder surfing attacks (interface design).

• In sound based IAPS: Research into making passwords more memorable as well as easier and faster to learn, setup and use. (interface design, training methods and alphabet design).

More accurate gauging of the affect of visibility on system uptake

Ways to implement a true IAP system over a distributed population of users.

ReferencesBLONDER, G., 1996. Graphical Passwords, US Patent 5559961, Lucent

Technologies Inc., Murray Hill, NJ, August 30, 1996.

CONRAD, M., FRENCH, T., GIBSON, M., 2006. A Pragmatic and Musically Pleasing Production System for Sonic Events, Tenth International Conference on Information Visualisation (IV'06), 630-635.

DUNCAN, D.E., 2005. Implanting Hope, Technology Review: MIT’s Magazine of Innovation, March 2005.

HAYNES, JD. et al 2007. Reading hidden intentions in the human brain, Current Biology. 20;17(4), 323-8.

KAYE, J., 2004. Making scents: aromatic output for HCI, Interactions of the ACM, 10 (1), 48-61.

MUNRO, K., 2006. Biometrics: attack of the clones. Infosecurity Today, January/February 2006. Elsevier, (Ed) Brian McKenna. ISSN: 1742-6847.

RENAUD, K., AND DE ANGELI, A., 2004. My password is here! An investigation into visuo-spatial authentication mechanisms, Interacting with Computers, 16, 1017–1041.

Thank you for listening

• Any questions?