usenix - D j` Vu: A User Study ea Using Images for...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija rachna@sims.berkeley.edu Adrian Perrig perrig@cs.berkeley.edu SIMS / CS, University of California Berkeley Abstract Current secure systems suffer because they neglect the importance of human factors in security. We address a fundamental weakness of knowledge-based authenti- cation schemes, which is the human limitation to re- member secure passwords. Our approach to improve the security of these systems relies on recognition-based , rather than recall-based authentication. We examine the requirements of a recognition-based authentication sys- tem and propose D´ej`a Vu, which authenticates a user through her ability to recognize previously seen images. D´ej`a Vu is more reliable and easier to use than tradi- tional recall-based schemes, which require the user to precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from choosing weak passwords and makes it difficult to write down or share passwords with others. We develop a prototype of D´ej`a Vu and conduct a user study that compares it to traditional password and PIN authentication. Our user study shows that 90% of all participants succeeded in the authentication tests using D´ej`a Vu while only about 70% succeeded using pass- words and PINS. Our findings indicate that D´ej`a Vu has potential applications, especially where text input is hard (e.g., PDAs or ATMs), or in situations where passwords are infrequently used (e.g., web site passwords). Keywords: Human factors in security, hash visual- ization, user authentication through image recognition, recognition-based authentication. This publication was supported in part by Contract Number 102590-98-C-3513 from the United States Postal Service. The con- tents of this publication are solely the responsibility of the author and do not necessarily reflect the official views of the United States Postal Service. 1 Introduction User authentication is a central component of currently deployed security infrastructures. We distinguish three main techniques for user authentication: Knowledge- based systems , token-based systems , and systems based on biometrics . In today’s security systems, knowledge-based schemes are predominantly used for user authentication. Al- though biometrics can be useful for user identification, one problem with these systems is the difficult tradeoff between impostor pass rate and false alarm rate [DP89]. In addition, many biometric systems require specialized devices, and some can be unpleasant to use. Most token-based authentication systems also use knowledge-based authentication to prevent imperson- ation through theft or loss of the token. An example is ATM authentication, which requires a combination of a token (a bank card) and secret knowledge (a PIN). For these reasons, knowledge-based techniques are cur-
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 14

usenix - D j` Vu: A User Study ea Using Images for...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online