Leveraging Personal Knowledge for Robust Authentication Systems - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Leveraging Personal Knowledge for Robust Authentication Systems

Description:

What was the name of your first school?' This sort of security has appeared on: Gmail, Yahoo! Mail, Hotmail, AOL, Facebook... Secret Questions Online ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 10
Provided by: anitra
Category:

less

Transcript and Presenter's Notes

Title: Leveraging Personal Knowledge for Robust Authentication Systems


1
Leveraging Personal Knowledge for Robust
Authentication Systems
  • Mentor Danfeng Yao
  • Anitra Babic
  • Chestnut Hill College
  • Computer Science Department

2
Background
  • A secret question is the question that will
    often times be asked as a secondary
    authentication question
  • Examples include
  • What is your pers name?
  • What is your favorite song?
  • What was the name of your first school?
  • This sort of security has appeared on
  • Gmail, Yahoo! Mail, Hotmail, AOL, Facebook

3
Secret Questions Online
4
Negative Results of Secret Questions
  • A Microsoft study found that currently
    implemented secret questions are far from
    foolproof
  • Focused on top four email providers secret
    questions
  • 17 of a users friends could guess the answer on
    first try
  • 13 could do it within 5 tries
  • 13 are statically guessable
  • The study focused on making secret questions
    easier to remember for the user
  • Have proposed a multiple questions, printing out
    user answers, among other methods to help users
    remember

Schechter, S, Brush, A. J., Egelman, S
(2008). It's No Secret Measuring the security
and reliability of authentication via 'secret'
questions. 1-16.
5
Goals
  • A more challenging approach to authentication
    through the use of the users personal knowledge
  • To create a series of questions to identify the
    user from an invisible/bot intruder or malicious
    user
  • Bot - a compromised machine which acts
    autonomously
  • To identify human users from bots by utilizing
    human interaction with their machines
  • To use the findings from previous studies to
    create improved secret questions

6
Characterization Study on Individuals Web Usage
Patterns
  • A statistical and temporal analysis on 500 users
    4-month long HTTP port 80 trace at Rutgers was
    preformed
  • Found that Users tend to visit the same IPs

Xiong, H, Yao, D (2008). Towards Personalized
Security Analysis of Individual Usage Patterns
in Organizational Wireless Networks .
7
Users Traffic Recognition Ability
  • Experiment methodology
  • While a users surfing, inject arbitrary traffic
  • Ask user to classify traffic as own or bot
  • 7 users, 10-minute sessions
  • Findings
  • easily detected by users
  • 40 false positive rate - tend to classify
    unknown URLs as malicious
  • 91 false positives are due to third-party
    content

Xiong, H, Yao, D (2008). Towards Personalized
Security Analysis of Individual Usage Patterns
in Organizational Wireless Networks .
8
Approach
  • We plan on developing questions that are based
    off of user activities
  • Network Activities
  • Browsing History, Emails
  • Physical Events
  • Planned Meetings, Calendar Items
  • Conceptual Opinions
  • Opinions as derived from emails, still conceptual
  • These questions will be generated and then
    replace the less secure secret questions

9
Process
  • Plan to develop a novel approach to secret
    questions because the areas we are focusing on
  • Are dynamic, personal, and have less
    vulnerabilities
  • Plan
  • Develop Questions
  • Find out the security of them through a user
    study
  • Solicit Help from SurveyMonkey
  • Use a Parallel Attack Model
Write a Comment
User Comments (0)
About PowerShow.com