Towards usable end-user authentication

Posted on:2015-09-29

Degree:Ph.D

Type:Dissertation

University:Marquette University

Candidate:Tanviruzzaman, Mohammad

Full Text:PDF

GTID:1478390017994675

Subject:Computer Science

Abstract/Summary:

Authentication is the process of validating the identity of an entity, e.g., a person, a machine, etc.; the entity usually provides a proof of identity in order to be authenticated. When the entity --- to be authenticated --- is a human, the authentication process is called end-user authentication. Making an end-user authentication usable entails making it easy for a human to obtain, manage, and input the proof of identity in a secure manner. In machine-to-machine authentication, both ends have comparable memory and computational power to securely carry out the authentication process using cryptographic primitives and protocols. On the contrary, as a human has limited memory and computational power, in end-user authentication, cryptography is of little use. Although password based end-user authentication has many well-known security and usability problems, it is the de facto standard. Almost half a century of research effort has produced a multitude of end-user authentication methods more sophisticated than passwords; yet, none has come close to replacing passwords.;In this dissertation, taking advantage of the built-in sensing capability of smartphones, we propose an end-user authentication framework for smartphones --- called ePet --- which does not require any active participation from the user most of the times; thus the proposed framework is highly usable. Using data collected from subjects, we validate a part of the authentication framework for the Android platform. For web authentication, in this dissertation, we propose a novel password creation interface, which helps a user remember a newly created password with more confidence --- by allowing her to perform various memory tasks built upon her new password. Declarative and motor memory help the user remember and efficiently input a password. From a within-subjects study we show that declarative memory is sufficient for passwords; motor memory mostly facilitate the input process and thus the memory tasks have been designed to help cement the declarative memory for a newly created password. This dissertation concludes with an evaluation of the increased usability of the proposed interface through a between-subjects study.

Keywords/Search Tags:

Authentication, Password, Usable, Process, Memory

Related items

1	Research On The Mobile Stock Authentication Based On Password
2	Authentication for humans: The design and evaluation of usable security systems
3	A New Password Authentication With Fingprint Protecting Credential
4	Based Password Authentication Key Agreement Protocol
5	Studies On Password Authentication And Quantum Unequal-operation Authentication Protocols
6	Cryptography Password Authentication And Secure Communications Program Design Studies
7	Research On New One-time Password Authentication Mechanism
8	A Research And Improvement For A Remote Authentication Protocol Based On Password
9	A Designing And Implementation Of One-Time Password Authentication Scheme
10	Authentication: Password-based Protocols And Applications