Internet authentication based on personal history - a feasibility test
Nosseir, A. and Connor, R. and Dunlop, M.D.; Hjelm, J. and Hayrynen, A. and Wei, N. and Jana, R., eds. (2005) Internet authentication based on personal history - a feasibility test. In: Proceedings of Customer Focused Mobile Services Workshop at WWW2005. ACM Press. ISBN 1-59593-046-9
Preview |
PDF.
Filename: strathprints002754.pdf
Download (252kB)| Preview |
Abstract
On the Internet, there is an uneasy tension between the security and usability of authentication mechanisms. An easy three-part classification is: 'something you know' (e.g. password); 'something you hold' (e.g. device holding digital certificate), and 'who you are' (e.g. biometric assessment) [9]. Each of these has well-known problems; passwords are written down, guessable, or forgotten; devices are lost or stolen, and biometric assays alienate users. We have investigated a novel strategy of querying the user based on their personal history (a 'Rip van Winkle' approach.) The sum of this information is large and well-known only to the individual. The volume is too large for impostors to learn; our observation is that, in the emerging environment, it is possible to collate and automatically query such information as an authentication test. We report a proof of concept study based on the automatic generation of questions from electronic 'calendar' information. While users were, surprisingly, unable to answer randomly generated questions any better than impostors, if questions are categorized according to appropriate psychological parameters then significant results can be obtained. We thus demonstrate the potential viability of this concept.
ORCID iDs
Nosseir, A., Connor, R. ORCID: https://orcid.org/0000-0003-4734-8103 and Dunlop, M.D. ORCID: https://orcid.org/0000-0002-4593-1103; Hjelm, J., Hayrynen, A., Wei, N. and Jana, R.-
-
Item type: Book Section ID code: 2754 Dates: DateEvent2005PublishedSubjects: Science > Mathematics > Electronic computers. Computer science Department: Professional Services > Learning Services
Faculty of Science > Computer and Information SciencesDepositing user: Strathprints Administrator Date deposited: 29 Mar 2007 Last modified: 11 Nov 2024 14:31 URI: https://strathprints.strath.ac.uk/id/eprint/2754