infinite alphabet passwords
DESCRIPTION
Marcia Gibson University of Bedfordshire Oct, 2007. Infinite Alphabet Passwords. Overview. Background: Why bother? Infinite Alphabet Password Systems Research question Infinite Alphabets? Evaluation Findings and conclusion Further work. Why think about new designs for authentication?. - PowerPoint PPT PresentationTRANSCRIPT
Infinite Alphabet Passwords
Marcia Gibson
University of BedfordshireOct, 2007
Overview
• Background: Why bother?
• Infinite Alphabet Password Systems
• Research question
• Infinite Alphabets?
• Evaluation
• Findings and conclusion
• Further work
Why think about new designs for
authentication?
• No “perfect” solution to authentication.• Well known trade off between security and
usability/accessibility.
• Organisations have to weigh up pros and cons. Which can sometimes mean take up of biometric and token based systems difficult to warrant, especially when remote authentication is needed.
Current deficit
The result is that we needauthentication systems:
• That can be set up and used quickly and easily over networks (especially the internet).
• That are secure and easy to use (i.e. address as much as possible the security-usability/accessibility trade off, not the case with traditional passwords).
What is an Infinite Alphabet Password System
(IAPS)?
• A conceptual model for knowledge based authentication techniques, inspired by research carried out into image based passwords.
• Defined as a password system where there is “practically no limitation on the number of letters that a software system can use as passwords”.
What is meant by “infinite” in this context?
• Original concept of an IAP scheme was purely theoretical
• In practice, the alphabets that are implemented are virtually infinite, This is because of the limited resources in time and space inherent to any computer system.
• A practical bound is the data width i.e. the number of bits that can be used to represent a distinct alphabet letter as well as the capability of the system on which the alphabet is generated to handle strings of a certain bit length.
IAPS – Design rationale
• Opportunity to utilise our inherent ability for recognition (or cued recall)
• Equal(ish?) chance of selection of any given set of symbols (when designed optimally)
• Individualisation of password alphabet
• Large size of password alphabet
• Non media centric, allows us to focus on optimal system design without becoming too bogged down with alphabet letter issues.
Research question:
““Is it feasible that one day infinite alphabet Is it feasible that one day infinite alphabet passwords might gain mass acceptance as a passwords might gain mass acceptance as a mainstream authentication mechanism?”mainstream authentication mechanism?”
Method of inquiry:
1) Identification of the systems to be assessed.2) Identification of contexts of use.3) Identification of key aspects that affect the
success of each system in each context of use.
Suitability of candidate alphabets for use in
IAPS• Evaluated against two top level goals:
– (virtually) Infinite in nature.– Implementable (technology exists to dynamically
generate from seed and present to user).
• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells
Suitability of candidate alphabets for use in
IAPS• Evaluated against two top level goals:
– (virtually) Infinite in nature.– Implementable (technology exists to dynamically
generate from seed and present to user).
• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells
Infinite number perceivable, less are differentiable between.Infinite number perceivable, less are differentiable between.Large enough for IAPS (i.e. for practical purposes).Large enough for IAPS (i.e. for practical purposes).
Existing systems for generation dynamically from seedExisting systems for generation dynamically from seedinclude Bauer’s (www.random-art.org) random art include Bauer’s (www.random-art.org) random art
algorithm and Conrad’s CGCA System algorithm and Conrad’s CGCA System (www.perisic.com/art395)(www.perisic.com/art395)
Suitability of candidate alphabets for use in
IAPS• Evaluated against two top level goals:
– (virtually) Infinite in nature.– Implementable (technology exists to dynamically
generate from seed and present to user).
• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells
An infinite number of sounds or sound compositions An infinite number of sounds or sound compositions can be perceived, differentiation may be a problem as can be perceived, differentiation may be a problem as
with images.with images.
Dynamic generation from seed is possible, an example Dynamic generation from seed is possible, an example of a sound generation system is discussed in Conrad, of a sound generation system is discussed in Conrad,
French & Gibson (2006)French & Gibson (2006)
Suitability of candidate alphabets for use in
IAPS• Evaluated against two top level goals:
– (virtually) Infinite in nature.– Implementable (technology exists to dynamically
generate from seed and present to user).
• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells
Deliverable by water soluble chemicals introduced to the Deliverable by water soluble chemicals introduced to the tongue. Not generatable dynamically from seed as it is nottongue. Not generatable dynamically from seed as it is notknown how a chemical will taste (or if it will taste) based onknown how a chemical will taste (or if it will taste) based on
its physical structure.its physical structure.
BCI technology isn’t advanced enough to generate BCI technology isn’t advanced enough to generate particular sensations especially two or more combined. particular sensations especially two or more combined.
Research is focused on output e.g. Duncan, D.E. (2005); Research is focused on output e.g. Duncan, D.E. (2005); Haynes, J.D. et al (2007)Haynes, J.D. et al (2007)
Suitability of candidate alphabets for use in
IAPS• Evaluated against two top level goals:
– (virtually) Infinite in nature.– Implementable (technology exists to dynamically
generate from seed and present to user).
• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells
Large number of textures can be perceived and could Large number of textures can be perceived and could possibly be generatable from seed.possibly be generatable from seed.
The hardware does not exist to present to the user in large The hardware does not exist to present to the user in large enough numbers to be used in IAP systems. BCI is notenough numbers to be used in IAP systems. BCI is not
mature enough.mature enough.
Suitability of candidate alphabets for use in
IAPS• Evaluated against two top level goals:
– (virtually) Infinite in nature.– Implementable (technology exists to dynamically
generate from seed and present to user).
• Alphabets that underwent the evaluation:– Images– Sounds– Tastes– Touch– Smells
Large number of smells can be perceived.Large number of smells can be perceived.
Not generatable from random seed as it is difficult to knowNot generatable from random seed as it is difficult to know(given scent producing hardware) how scents will combine, (given scent producing hardware) how scents will combine,
especially as some smells could be distressing for someespecially as some smells could be distressing for someusers (Kaye, J., 2004).users (Kaye, J., 2004).
Password element selection and presentation
modes(1/3)• Holistic selection (HIAP): The user selects a
whole password element (letter) or elements to log in.
Password element selection and presentation
modes(2/3)• Manipulation (MIAP): The user manipulates an
element or a number of elements in a particular manner and/or to satisfy a particular end state in order to log in.
Password element selection and presentation
modes(3/3)• Partial selection (PIAP): The user selects an
aggregate part of an element or elements in order to log in.
Resulting IAP systems
By combining the alphabet types that can be used with the principle interface types, 6 IAP systems are identified for further investigation:
ImageBasedHIAP
SoundBasedHIAP
ImageBasedPIAP
SoundBasedPIAP
ImageBasedMIAP
SoundBasedMIAP
Identifying contexts of use
The requirements for authentication systems vary with contexts of use. It would not be possible (or sensible)
given time constraints to evaluate all.
Six abstract contexts of use identified and a minimum requirement value for security and
usability/accessibility was assigned to each:
For local and remote access: High secure, low usable/accessible. High secure, low usable/accessible.
(e.g. banking workstation)(e.g. banking workstation) Moderately secure, moderately usable/accessible.Moderately secure, moderately usable/accessible.
(e.g. e-commerce website)(e.g. e-commerce website) Low secure, high usable/accessible.Low secure, high usable/accessible.
(e.g. ordering a film from a cable/satellite provider)(e.g. ordering a film from a cable/satellite provider)
Evaluation of likely level of mass end user
acceptanceThe evaluation was composed of two parts:
1. Point by point evaluation against a number of issues found to be important when evaluating efficacy of authentication systems.
1. Adjustment of the results to take into account the importance of each point in each use context and the visibility of each system i.e. “the level of exposure either first hand or from somewhere else a user is likely to have of an authentication system”.
Example of evaluation considerations
Total of twenty “rules” for consideration inevaluation: 11 security, 9 usability/accessibility,derived from literature review.
Example security consideration:“Cannot be communicated or otherwise transferredfrom authentic user to others”.
Example usability/accessibility consideration:“System should not require specialised devices tofunction, enabling accessibility”.
Applying the point scoring system
• Points were allocated to each of the twenty assessment criteria for each use context.
• 100 possible points were available in both security and usability/accessibility categories.
• The 6 IAPS as well as biometric, token based and text based systems were then evaluated and a percentage of marks awarded for each point.
• This resulted in a total security and usability/ accessibility rating for each system.
Estimating visibility
• If a user has never heard about or experienced a system (i.e. had no exposure) it is not possible for them to choose to use it.
• As well as the overall level of visibility an authentication system has to a user also the quality of the visibility (i.e. whether they user hear/experience positive or negative things) is important.
• Also important is the avenue of communication, a user will likely perceive some avenues to be more reputable than others. In this research media, personal trialling and word of mouth are used.
Putting it all
together:
Putting it all
together:
Initial values for VQ in communication layer were
set as follows:
0 for both positive & negative in IAP systems.
30 negative and 70 positive in biometric systems.
10 negative and 90 positivein token based systems.
90 negative and 10 positivein text based systems.
Putting it all
together:
It can be expected that most users are likely to value
personal trialling as the highest valued form of
visibility, word of mouth as the second most valued form of visibility and the
media as the lowest valued form of visibility in light of this values were set as follows:
Trialling VV = 50%Word of mouth VV = 30%
Media VV = 20%
If an IAP system never reaches the perceived
efficacy of its competitor systems then that system
will never gain mass exposure (through all
avenues) as it is unlikelyto be implemented andtherefore available for
trialling.
Putting it all
together:
Local access Results (1st iteration)
High Security, Low Usability/Accessibility
0102030405060708090
100
System category
+ V
isib
ility
Moderate Secure, Moderate Access/Usable
0102030405060708090
100
SHIAP
SMIA
P
SPIAP
IHIA
PIP
IAP
IMIA
P
TEXT
TOKEN
BIOM
ETRIC
System category
+ V
isib
ilit
y
Security Usability / Accessibility
High Usable/Accessible, Low secure.
0102030405060708090
100
SHIAP
SMIA
P
SPIAP
IHIA
PIP
IAP
IMIA
PTEXT
TOKEN
BIOM
ETRIC
System category
+ V
isib
ilit
y
Moderate Security, Moderate Usability/Accessibility
High Usability/Accessibility, Low Security
+ V
isib
ility
+ V
isib
ility
+ V
isib
ility
Remote access Results (1st iteration)
High security/Low usability/accessibility
0102030405060708090
100
System category
+ V
isib
ility
moderately secure, moderately accessible/usable
0102030405060708090
100
System category
+ V
isib
ilit
y
Security Usability / Accessibility
High usable/Accessible, low secure
0102030405060708090
100
System category
+ V
isib
ilit
y
+ V
isib
ility
+ V
isib
ility
+ V
isib
ility
Moderate Security, Moderate Usability/Accessibility
High Security, Low Usability/Accessibility
High Usability/Accessibility, Low Security
Overall findings• IAPS designs were found to be better in terms of
usability/accessibility and security than text-based and biometric systems when evaluated against this set of requirements.
• HIAP systems were the most successful in the evaluation where they almost matched or approximately matched the performance of token based systems.
• The visible efficacy of IAPS in their current form are unlikely to meet that of competitor systems. However with further refinement and improvement this may be possible.
Further research
Improvements to IAPS that would make them more likely to gain acceptance are:
• In image based IAPS: Research into prohibiting shoulder surfing attacks (interface design).
• In sound based IAPS: Research into making passwords more memorable as well as easier and faster to learn, setup and use. (interface design, training methods and alphabet design).
More accurate gauging of the affect of visibility on system uptake
Ways to implement a true IAP system over a distributed population of users.
ReferencesBLONDER, G., 1996. Graphical Passwords, US Patent 5559961, Lucent
Technologies Inc., Murray Hill, NJ, August 30, 1996.
CONRAD, M., FRENCH, T., GIBSON, M., 2006. A Pragmatic and Musically Pleasing Production System for Sonic Events, Tenth International Conference on Information Visualisation (IV'06), 630-635.
DUNCAN, D.E., 2005. Implanting Hope, Technology Review: MIT’s Magazine of Innovation, March 2005.
HAYNES, JD. et al 2007. Reading hidden intentions in the human brain, Current Biology. 20;17(4), 323-8.
KAYE, J., 2004. Making scents: aromatic output for HCI, Interactions of the ACM, 10 (1), 48-61.
MUNRO, K., 2006. Biometrics: attack of the clones. Infosecurity Today, January/February 2006. Elsevier, (Ed) Brian McKenna. ISSN: 1742-6847.
RENAUD, K., AND DE ANGELI, A., 2004. My password is here! An investigation into visuo-spatial authentication mechanisms, Interacting with Computers, 16, 1017–1041.
Thank you for listening
• Any questions?