secure graphical password system for high traffic public areas

Download Secure graphical password system for high traffic public areas

Post on 18-Jan-2016

20 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

Secure graphical password system for high traffic public areas. Bogdan Hoanca and Kenrick Mock University of Alaska Anchorage. Outline. Shoulder surfing as security threat in information systems Eye tracking based authentication Error rates of eye tracking hardware Error-aware eye tracking - PowerPoint PPT Presentation

TRANSCRIPT

  • Secure graphical password system for high traffic public areas Bogdan Hoanca and Kenrick MockUniversity of Alaska Anchorage

  • OutlineShoulder surfing as security threat in information systemsEye tracking based authenticationError rates of eye tracking hardwareError-aware eye trackingSystematic errorsRandom errorsConclusions

  • Shoulder surfingStealing authentication information

    Critical threat for mobile users or in public places

    Safest bet: assume naked user under constant surveillance

  • Defending against shoulder surfingScreen filters

    Challenge-response schemes

    Physical key schemes

    Biometric schemes

  • Eye tracking based authenticationUse the eye tracker without on-screen feedback to select on-screen objectsIdeally, transparent for the userSecure from shoulder surfingSlower than typingStill vulnerable to key logger and screen capture programs

  • Graphical Password Entry via Eye Tracking

  • Sample authentication logImage size 700x482

  • High error rates due to hardware limitationsPlots of actual gaze location as compared with intended target (red); black is the center of gravityDistances are in pixels and scale is -4040 in both X and Y

  • Error rates of eye tracking hardwareUsing the ERICA system from Eye Response TechnologiesError typesSystematic errorsDue to head tiltSlowly varying with timeDependent on screen geometry and locationRandom errorsHighly user dependent

  • Handling random errorsLoss of cryptographic complexity depends on how much error is acceptableSuccess rate (%, 0100) vs. distance in pixels (11000, log scale)

  • Handling systematic errorsAverage over multiple attempts or over multiple usersLoss of cryptographic complexity equivalent to one click less

  • Handling systematic errors (continued)Limited usefulness for high error users

    Red raw dataGreen -- corrected

  • SummaryEye tracking is a promising technology for authenticating from public places with reduced danger of shoulder surfingWide acceptance will require eye tracking technologies that areMore stable and accurateIdeally, head tracking-capable and calibration-freeMuch lower in price