Skip to main content
SpringerLink
Log in

Towards Authentication via Selected Extraction from Electronic Personal Histories

  • Conference paper
Book cover Enterprise Information Systems (ICEIS 2010)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 73))

Included in the following conference series:

  • 735 Accesses

Abstract

Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Brostoff, A.: Improving password system effectiveness. Department of Computer Science, University College London UCL, Doctor of Philosophy Thesis (2004)

    Google Scholar 

  2. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password Memorability and Security: Empirical Results. IEEE Security & Privacy 5(2), 25–31 (2004)

    Article  Google Scholar 

  3. De-Angeli, A., Coutts, M., Coventry, L., Johnson, G., Cameron, D., Fischer, M.: VIP: A Visual Approach to User Authentication. In: Proc Advanced Visual Interfaces AVI, pp. 316–323. ACM Press, New York (2002)

    Google Scholar 

  4. Dhamija, R.: Hash Visualization in User Authentication. In: Proc (CHI), pp. 279–280. ACM Press, New York (2000)

    Google Scholar 

  5. Passface: Real-User PassfacesTM, http://www.passfaces.com

  6. Pering, T., Sundar, M., Light, J., Want, R.: Photographic Authentication through Untrusted Terminals. Security & Privacy 2(1), 30–36 (2003)

    Google Scholar 

  7. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In: Proc. Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM Press, New York (2005)

    Google Scholar 

  8. Zviran, M., Haga, W.: Cognitive Passwords: the Key to Easy Access Control. Computers and Security 9, 723–736 (1990)

    Article  Google Scholar 

  9. Just, M.: Designing and Evaluating Challenge Question Systems. Proc IEEE Security & Privacy: Special Issue on Security and Usability 2(5), 32–39 (2004)

    Article  Google Scholar 

  10. Harper, R., Rodden, T., Rogers, Y., Sellen, A. (eds.): Being Human: Human-Computer Interaction in the year 2020. Microsoft Research Ltd., Cambridge (2008)

    Google Scholar 

  11. Zviran, M., Haga, W.: A Comparison of Password Techniques for Multilevel Authentication Mechanisms. The Computer Journal 36(3), 227–237 (1993)

    Article  Google Scholar 

  12. Porter, S.: A Password Extension for Improved Human Factors. Computers and Security 1(1), 54–56 (1982)

    Article  Google Scholar 

  13. Smith, S.L.: Authenticating Users by Word Association. Computers & Security 6, 464–470 (1987)

    Article  Google Scholar 

  14. De-Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a Picture Really Worth a Thousand Words? Exploring the Feasibility of Graphical Authentication Systems. International Journal of Human-Computer Studies 63(2), 128–152 (2005)

    Article  Google Scholar 

  15. Takada, T., Koike, H.: Awase-E: Image-based Authentication for Mobile Phones Using User’s Favourite Images. In: Chittaro, L. (ed.) Mobile HCI 2003. LNCS, vol. 2795, pp. 347–351. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Davis, D., Monrose, F., Reiter, K.: On User Choice in Graphical Password Schemes. In: Proc 13th USENIX Security Symposium, pp. 151–164 (2004)

    Google Scholar 

  17. Dunphy, P., Heiner, A.P., Asokan, N.: A Closer Look at Recognition-based Graphical Passwords on Mobile Devices. In: Symposium on Usable Privacy and Security (SOUPS), Redmond, WA, USA (2010)

    Google Scholar 

  18. Nosseir, A., Connor, R., Dunlop, M.: Internet Authentication Based on Personal History – A Feasibility Test. In: Workshop on Customer Focused Mobile Services at WWW 2005 (2005)

    Google Scholar 

  19. Nosseir, A., Connor, R., Revie, C., Terzis, S.: Question-Based Authentication Using Context Data. In: ACM Nordic Conference on Human Computer Interaction (NordiCHI 2006), Oslo, Norway (2006)

    Google Scholar 

  20. Renaud, K., Olsen, E.: Dynahand: Observation-resistant recognition-based web authentication. IEEE Technology and Society Magazine 26(2), 22–31 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of National Planning, Salah Salem Street, Nasr City, Egypt

    Ann Nosseir

  2. British University in Egypt, El Shorouk City, Egypt

    Ann Nosseir

  3. Department of Computer and Information Sciences, University of Strathclyde, 26 Richmond Street, Glasgow, U.K.

    Sotirios Terzis

Authors
  1. Ann Nosseir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sotirios Terzis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Systems and Informatics, Polytechnic Institute of Setúbal, Rua do Vale de Chaves - Estefanilha, 2910-761, Setúbal, Portugal

    Joaquim Filipe

  2. Institute for Systems and Technologies of Information, Control and Communication Department of Systems and Informatics, Polytechnic Institute of Setúbal, Rua do Vale de Chaves - Estefanilha, 2910-761, Setúbal, Portugal

    José Cordeiro

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nosseir, A., Terzis, S. (2011). Towards Authentication via Selected Extraction from Electronic Personal Histories. In: Filipe, J., Cordeiro, J. (eds) Enterprise Information Systems. ICEIS 2010. Lecture Notes in Business Information Processing, vol 73. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19802-1_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19802-1_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19801-4

  • Online ISBN: 978-3-642-19802-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation