全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元
投递稿件

查看量下载量

相关文章

更多...
PeerJ  2015 

Facelock: familiarity-based graphical authentication

DOI: 10.7717/peerj.444

Keywords: Face recognition,Identification,Authentication,Human factors

Full-Text   Cite this paper   Add to My Lib

Abstract:

Authentication codes such as passwords and PIN numbers are widely used to control access to resources. One major drawback of these codes is that they are difficult to remember. Account holders are often faced with a choice between forgetting a code, which can be inconvenient, or writing it down, which compromises security. In two studies, we test a new knowledge-based authentication method that does not impose memory load on the user. Psychological research on face recognition has revealed an important distinction between familiar and unfamiliar face perception: When a face is familiar to the observer, it can be identified across a wide range of images. However, when the face is unfamiliar, generalisation across images is poor. This contrast can be used as the basis for a personalised ‘facelock’, in which authentication succeeds or fails based on image-invariant recognition of faces that are familiar to the account holder. In Study 1, account holders authenticated easily by detecting familiar targets among other faces (97.5% success rate), even after a one-year delay (86.1% success rate). Zero-acquaintance attackers were reduced to guessing (<1% success rate). Even personal attackers who knew the account holder well were rarely able to authenticate (6.6% success rate). In Study 2, we found that shoulder-surfing attacks by strangers could be defeated by presenting different photos of the same target faces in observed and attacked grids (1.9% success rate). Our findings suggest that the contrast between familiar and unfamiliar face recognition may be useful for developers of graphical authentication systems.

 References

[1]  Adams A, Sasse MA. 1999. Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures. Communications of the ACM 42:41-46
[2]  Anderson R. 1993. Why cryptosystems fail. In: Proceedings of the 1st ACM conference on computer and communications security. ACM. 215-227
[3]  Bengio Y. 2009. Learning deep architectures for AI. Foundations and Trends in Machine Learning 2:1-127
[4]  Biddle R, Chiasson S, Van Oorschot PC. 2012. Graphical passwords: learning from the first twelve years. ACM Computing Surveys 44:1-19
[5]  Blonder G. 1996. Graphical passwords. US Patent 5559961
[6]  Braun J. 1998. Divided attention: narrowing the gap between brain and behavior. In: Parasuraman R, ed. The attentive brain. Cambridge, MA: MIT Press. 327-351
[7]  Brostoff S, Sasse MA. 2000. Are Passfaces more usable than passwords? A field trial investigation. In: McDonald S, Waern Y, Cockton G, eds. People and computers XIV—usability or else! Proceedings of HCI 2000. 405-424
[8]  Bruce V. 1982. Changing faces. Visual and non-visual coding processing in face recognition. British Journal of Psychology 73:105-116
[9]  Bruce V, Henderson Z, Greenwood K, Hancock P, Burton AM, Miller P. 1999. Verification of face identities from images captured on video. Journal of Experimental Psychology: Applied 5:339-360
[10]  Bruce V, Henderson Z, Newman C, Burton AM. 2001. Matching identities of familiar and unfamiliar faces caught on CCTV images. Journal of Experimental Psychology: Applied 7:207-218
[11]  Bunnell J, Podd J, Henderson R, Napier R, Kennedy-Moffat J. 1997. Cognitive, associative and conventional passwords: recall and guessing rates. Computers & Security 16:629-641
[12]  Burton AM, Jenkins R. 2011. Unfamiliar face perception. In: Calder AJ, Rhodes G, Johnson MH, Haxby JV, eds. Handbook of face perception. Oxford: Oxford University Press. 287-306
[13]  Burton AM, Jenkins R, Schweinberger SR. 2011. Mental representations of familiar faces. British Journal of Psychology 102:943-958
[14]  Burton AM, Wilson S, Cowan M, Bruce V. 1999. Face recognition in poor quality video: evidence from security surveillance. Psychological Science 10:243-248
[15]  Carstens DS. 2009. Human and social aspects of password authentication. In: Gupta M, Sharman R, eds. Social and human elements of information security: emerging trends and countermeasures. Hershey, PA: Information Science Reference. 1-14
[16]  Clutterbuck R, Johnston RA. 2002. Exploring levels of face familiarity by using an indirect face-matching measure. Perception 31:985-994
[17]  Clutterbuck R, Johnston RA. 2004. Matching as an index of face familiarity. Visual Cognition 11:857-869
[18]  Clutterbuck R, Johnston RA. 2005. Demonstrating how unfamiliar faces become familiar using a face matching task. European Journal of Cognitive Psychology 17:97-116
[19]  Craik FIM, Lockhart RS. 1972. Levels of processing: a framework for memory research. Journal of Verbal Learning and Verbal Behavior 11:671-684
[20]  Datta R, Joshi D, Li J, Wang JZ. 2008. Image retrieval: ideas, influences, and trends of the new age. ACM Computing Surveys 40:1-60
[21]  Davis D, Monrose F, Reiter M. 2004. On user choice in graphical password schemes. In: 13th USENIX security symposium. 2004. 151-164
[22]  De Angeli A, Coventry L, Johnson G, Renaud K. 2005. Is a picture really worth a thousand words? On the feasibility of graphical authentication systems. International Journal of Human–Computer Studies 63:128-152
[23]  De Haan EHF, Young AW, Newcombe F. 1991. A dissociation between sense of familiarity and access to semantic information concerning familiar people. European Journal of Cognitive Psychology 3:51-67
[24]  Dhamija R, Perrig A. 2000. Déjà vu: a user study using images for authentication. In: Proceedings of USENIX security symposium 2000. 45-58
[25]  Dunphy P, Nicholson J, Oliver P. 2008. Securing passfaces for description. In: SOUPS 2008, Proceedings of the fourth symposium on usable privacy and security. 145. 24-35
[26]  Ebbinghaus H, Ruger HA (Translator), Bussenius CE (Translator). 1964. Memory: a contribution to experimental psychology. New York: Dover.
[27]  Everitt KM, Bragin T, Fogarty J, Kohno T. 2009. A comprehensive study of frequency, interference, and training of multiple graphical passwords. In: CHI Proceedings of the 27th international conference on human factors in computing systems. 889-898
[28]  Furnell S, Papadopoulos I, Dowland P. 2004. A long-term trial of alternative user authentication technologies. Information Management & Computer Security 12:178-190
[29]  Garfinkel S, Spafford G. 1996. Practical UNIX & internet security (2nd edition). Sebastopol, CA: O’Reilly & Associates.
[30]  Gehringer EF. 2002. Choosing passwords: security and human factors. In: International symposium on technology and society, 2002. 369-373
[31]  Harmon LD. 1973. The recognition of faces. Scientific American 227:71-82
[32]  Jenkins R, Burton AM. 2008. 100% accuracy in automatic face recognition. Science 319:435
[33]  Jenkins R, Burton AM. 2011. Stable face representations. Philosophical Transactions of the Royal Society B 366:1671-1683
[34]  Jenkins R, White D, Montfort X, Burton AM. 2011. Variability in photos of the same face. Cognition 121:313-323
[35]  Lacroix JPW, Postma EO, Murre JMJ. 2005. Predicting experimental similarity ratings and recognition rates for individual natural stimuli with the NIM model. In: Bara B, Barsalou L, Bucciarelli M, eds. Proceedings of the 27th annual meeting of the cognitive science society. Mahwah, NJ: Lawrence Erlbaum Associates. 1225-1230
[36]  Liu J, Harris A, Kanwisher N. 2002. Stages of processing in face perception: an MEG study. Nature Neuroscience 5:910-916
[37]  Megreya AM, Burton AM. 2006. Unfamiliar faces are not faces: evidence from a matching task. Memory and Cognition 34:865-876
[38]  Mihajlov M, Jerman-Blazic B. 2011. On designing usable and secure recognition-based graphical authentication mechanisms. Interacting with Computers 23:582-593
[39]  Miller GA. 1956. The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychological Review 63:81-97
[40]  Paivio A, Csapo K. 1973. Picture superiority in free recall: imagery or dual coding? Cognitive Psychology 5:176-206
[41]  Podd J, Bunnell J, Henderson R. 1996. Cost-effective computer security: cognitive and associative passwords. In: 6th Australian conference on computer–human interaction. IEEE. 304-305
[42]  Sasse MA, Brostoff S, Weirich D. 2001. Transforming the ‘weakest link’: a human/computer interaction approach to usable and effective security. BT Technology Journal 19:122-131
[43]  Sinha P, Balas B, Ostrovsky Y, Russell R. 2006. Face recognition by humans: 19 results all computer vision researchers should know about. Proceedings of the IEEE 94:1948-1962
[44]  Tam L, Glassman M, Vandenwauver M. 2010. The psychology of password management: a tradeoff between security and convenience. Behaviour Information Technology 29:233-244
[45]  Tari F, Ozok AA, Holden SH. 2006. A comparison of perceived and real shouldersurfing risks between alphanumeric and graphical passwords. In: Proceedings of the second symposium on usable privacy and security. ACM international conference proceedings series. 149. 56-66
[46]  Valentine T. 1998. An evaluation of the Passface personal authentication system. Technical Report.
[47]  Weinshall D, Kirkpatrick S. 2004. Passwords you’ll never forget, but can’t recall. In: Proceedings of ACM CHI 2004 conference on human factors in computing systems. 2. 1399-1402
[48]  Witty RJ, Brittain K. 2004. Automated password reset can cut IT service desk costs. Stamford, CT: Gartner, Inc..
[49]  Young AW, Hay DC, Ellis AW. 1985. The faces that launched a thousand slips: everyday difficulties and errors in recognizing people. British Journal of Psychology 76:495-523
[50]  Zviran M, Haga WJ. 1990. Cognitive passwords: the key to easy access control. Computers and Security 9:723-736
[51]  Zviran M, Haga WJ. 1993. A comparison of password techniques for multilevel authentication mechanisms. The Computer Journal 36:227-237

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133