Scribd Logo
Upload

Welcome to Scribd!

  • Eiji UseYourIllusion

    Uploaded by

    Abhiram Teja Besta
    8 views46 pages
    This document proposes a graphical authentication method called "Use Your Illusion" that aims to balance usability and security. It involves users choosing their own pictures which are then distorted to create a graphical password portfolio. Two usability tests found authentication was 100% successful with distorted self-selected pictures even after 4 weeks, whereas imposed highly distorted pictures saw failure rates increase over time. The distortion helps security by making the original pictures unguessable while still being memorable for legitimate users who understand the original context. The method fits how humans naturally assign meaning to aid memorization.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document proposes a graphical authentication method called "Use Your Illusion" that aims to balance usability and security. It involves users choosing their own pictures which are then distorted to create a graphical password portfolio. Two usability tests found authentication was 100% successful with distorted self-selected pictures even after 4 weeks, whereas imposed highly distorted pictures saw failure rates increase over time. The distortion helps security by making the original pictures unguessable while still being memorable for legitimate users who understand the original context. The method fits how humans naturally assign meaning to aid memorization.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    8 views46 pages

    Eiji UseYourIllusion

    Uploaded by

    Abhiram Teja Besta
    This document proposes a graphical authentication method called "Use Your Illusion" that aims to balance usability and security. It involves users choosing their own pictures which are then distorted to create a graphical password portfolio. Two usability tests found authentication was 100% successful with distorted self-selected pictures even after 4 weeks, whereas imposed highly distorted pictures saw failure rates increase over time. The distortion helps security by making the original pictures unguessable while still being memorable for legitimate users who understand the original context. The method fits how humans naturally assign meaning to aid memorization.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 46

    Use Your Illusion:

    Secure Authentication Usable Anywhere

    Eiji Hayashi
    Nicolas Christin
    Rachna Dhamija
    Adrian Perrig
    Carnegie Mellon CyLab Japan
    Key Concept: Distortion

    Distorted Picture Original Picture

    You can recognize a baby now


    because you know the original picture
    Use Your Illusion
    Graphical Authentication

    • Passfaces
    • Pass Points
    • DAS (Draw-A-Secret)
    • Déjà vu
    Passfaces
    • Faces are used as a graphical portfolio
    • Preference could be a limitation

    Cited from “On User Choice in Graphical Password Schemes”, Darren Daivis et. al, 2004
    Pass Points
    • Use “a sequence of clicks” as a shared
    secret
    • There are hot spots

    Cited from “Authentication Usin Graphical Passwords: Basic Results”, Susan Wiednbeck et. al, 2004
    Most Straightforward Way
    • Choose graphical portfolio
    from a set of pictures
    Graphical Portfolio
    • If a user can choose whatever
    graphical portfolio…

    • If system assigns portfolio


    randomly…
    Fundamental Tradeoff
    Security

    Memorability
    “Use Your Illusion”
    1. Allow users to take/choose pictures by
    themselves
    2. Distort the pictures
    3. Assign the distorted pictures as graphical
    portfolio
    “Use Your Illusion”
    1. Allow users to take/choose pictures by
    themselves
    2. Distort the pictures
    Security
    3. Assign the Distorted pictures as graphical
    token

    Memorability
    Requirements for Distortion
    • One-way
    • Discarding precise shapes and colors
    • Preserving rough shapes and colors
    Oil Painting Filter
    • Choose RGB values which appears most
    frequently in a neighborhood

    60

    50

    40

    30

    20

    10

    0
    0 50 100 150 200 250
    Oil Painting Filter
    Distortion Level
    • If high, difficult to guess
    but difficult to memorize
    • If low, easy to memorize
    but easy to guess
    Distortion Level
    • Two parameters affect distortion level
    – If too high, not usable
    Security
    – If too low, not secure

    Memorability
    Low-Fidelity Test

    Least distorted

    Most distorted
    Low-Fidelity Test
    Low-Fidelity Test
    Low-Fidelity Test
    Low-Fidelity Test
    Low-Fidelity Test
    Low-Fidelity Test

    It’s a dog!!
    Low-Fidelity Test

    Difficult to guess
    w/o knowing original
    picture
    Low-Fidelity Test

    Can’t recognize a dog


    Low-Fidelity Test
    Easy to recognize
    w/ knowing original
    picture
    Low-Fidelity Test

    Satisfies
    requirements
    Prototype
    • Implemented on Nokia’s cell-phone for
    usability test
    • Also implemented on the web
    Prototype

    Demo
    Usability Test

    • 45 participants and for 1 week


    • 54 participants and for 4 weeks
    1 Usability Test
    st

    • 45 participants were divided into 3 groups


    – Self-selected, Non-distorted
    – Self-selected, distorted (Use Your Illusion)
    – Imposed, highly-distorted
    Self-selected, Non-distorted
    Self-selected, Distorted
    Imposed, Highly-distorted
    Procedure
    Date Task
    Before the 1st day Take 3 pictures
    The 1st day Memorize portfolio
    Practice
    Authenticate
    2 days after Authenticate
    1 week after Authenticate
    Fill out questionnaires
    Success Rate
    The 1st 2 days 1 week
    day after after

    Self-selected, 100% 100% 100%


    Non-distorted (15) (15) (15)

    Self-selected, 100% 100% 100%


    Distorted (15) (15) (15)
    Imposed, 93.3% 73.3% 73.3%
    Highly-distorted (14) (11) (11)
    Authentication Time (Mean)

    Imposed,
    Highly-distorted

    Self-selected,
    Distorted

    Self-selected,
    Non-distorted
    Process of Memorization
    • Participants assign meanings to distorted pictures
    • Assigning meanings helps memorization

    Mountain Sea Moai statue


    2 Usability Test
    nd

    • 54 participants were divided into 3 groups


    – Self-selected, Non-distorted
    – Self-selected, Distorted
    – Imposed, Distorted
    • Authenticate
    – On the 1st day
    – 2 days after
    – 1 week after
    – 4 weeks after
    Imposed, Distorted
    Success Rate
    The 1st 2 days 1 week 4 weeks
    day after after after

    Self-selected, 100% 100% 100% 100%


    Non-distorted (18) (18) (18) (18)

    Self-selected, 100% 100% 100% 100%


    Distorted (18) (18) (18) (18)

    Imposed, 100% 89% 94% 89%


    Distorted (18) (16) (17) (16)
    Authentication Time (Mean)

    Imposed,
    Self-selected, Distorted
    Distorted

    Self-selected, Non-distorted
    Tolerance against Guessing Attack
    • Original pictures are vulnerable

    • Distorted pictures are more tolerant


    Future Work
    • Detailed usability test
    • Long term test
    • Find an optimal distortion
    • Investigate a metric evaluating distortion
    level
    Use Your Illusion
    • Use distorted pictures as a portfolio
    • As memorable as non-distorted pictures
    • More memorable than imposed (highly-)
    distorted pictures
    • Fits human memorization process
    • More tolerant to guessing attack
    Thank you for listening

    Prototype is available on
    http://arima.okoze.net/illusion/
    Please try it!

    You might also like