Novel, robust and cost-effective authentication techniques for online services

This thesis contributes to the study of the usability and security of visuo-cognitive authentication techniques, particularly those relying on recognition of abstract images, an area little researched. Many usability and security problems with linguistic passwords (including traditional text-based p...

Full description

Bibliographic Details
Main Author: Norrington, Peter
Published: University of Bedfordshire 2009
Subjects:
Online Access:http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.536698
id ndltd-bl.uk-oai-ethos.bl.uk-536698
record_format oai_dc
spelling ndltd-bl.uk-oai-ethos.bl.uk-5366982015-03-20T04:26:27ZNovel, robust and cost-effective authentication techniques for online servicesNorrington, Peter2009This thesis contributes to the study of the usability and security of visuo-cognitive authentication techniques, particularly those relying on recognition of abstract images, an area little researched. Many usability and security problems with linguistic passwords (including traditional text-based passwords) have been known for decades. Research into visually-based techniques intends to overcome these by using the extensive human capacity for recognising images, and add to the range of commercially viable authentication solutions. The research employs a mixed methodology to develop several contributions to the field. A novel taxonomy of visuo-cognitive authentication techniques is presented. This is based on analysis and synthesis of existing partial taxonomies, combined with new and extensive analysis of features of existing visuo-cognitive and other techniques. The taxonomy advances consistent terminology, and coherent and productive classification (cognometric, locimetric, graphimetric and manipulometric, based respectively on recognition of, location in, drawing of and manipulation of images) and discussion of the domain. The taxonomy is extensible to other classes of cognitive authentication technique (audio-cognitive, spatio-cognitive, biometric and token-based, etc.). A revised assessment process of the usability and security of visuo-cognitive techniques is proposed (employing three major assessment categories – usability, memorability and security), based on analysis, synthesis and refinement of existing models. The revised process is then applied to the features identified in the novel taxonomy to prove the process‘s utility as a tool to clarify both the what and the why of usability and security issues. The process is also extensible to other classes of authentication technique. iii Cognitive psychology experimental methods are employed, producing new results which show with statistical significance that abstract images are harder to learn and recall than face or object images. Additionally, new experiments and a new application of the chi-squared statistic show that users‘ choices of abstract images are not necessarily random over a group, and thus, like other cognitive authentication techniques, can be attacked by probabilistic dictionaries. A new authentication prototype is designed and implemented, embodying the usability and security insights gained. Testing of this prototype shows good usability and user acceptance, although speed of use remains an issue. A new experiment shows that abstract image authentication techniques are vulnerable to phishing attacks. Further, the testing shows two new results: that abstract image visuo-cognitive techniques are usable on mobile phones; and that such phones are not, currently, necessarily a threat as part of observation attacks on visual passwords.621.382authentication : visual passwords : passwords : computer security : visuo-cognitive authentication : G920 Others in Computing SciencesUniversity of Bedfordshirehttp://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.536698http://hdl.handle.net/10547/134951Electronic Thesis or Dissertation
collection NDLTD
sources NDLTD
topic 621.382
authentication : visual passwords : passwords : computer security : visuo-cognitive authentication : G920 Others in Computing Sciences
spellingShingle 621.382
authentication : visual passwords : passwords : computer security : visuo-cognitive authentication : G920 Others in Computing Sciences
Norrington, Peter
Novel, robust and cost-effective authentication techniques for online services
description This thesis contributes to the study of the usability and security of visuo-cognitive authentication techniques, particularly those relying on recognition of abstract images, an area little researched. Many usability and security problems with linguistic passwords (including traditional text-based passwords) have been known for decades. Research into visually-based techniques intends to overcome these by using the extensive human capacity for recognising images, and add to the range of commercially viable authentication solutions. The research employs a mixed methodology to develop several contributions to the field. A novel taxonomy of visuo-cognitive authentication techniques is presented. This is based on analysis and synthesis of existing partial taxonomies, combined with new and extensive analysis of features of existing visuo-cognitive and other techniques. The taxonomy advances consistent terminology, and coherent and productive classification (cognometric, locimetric, graphimetric and manipulometric, based respectively on recognition of, location in, drawing of and manipulation of images) and discussion of the domain. The taxonomy is extensible to other classes of cognitive authentication technique (audio-cognitive, spatio-cognitive, biometric and token-based, etc.). A revised assessment process of the usability and security of visuo-cognitive techniques is proposed (employing three major assessment categories – usability, memorability and security), based on analysis, synthesis and refinement of existing models. The revised process is then applied to the features identified in the novel taxonomy to prove the process‘s utility as a tool to clarify both the what and the why of usability and security issues. The process is also extensible to other classes of authentication technique. iii Cognitive psychology experimental methods are employed, producing new results which show with statistical significance that abstract images are harder to learn and recall than face or object images. Additionally, new experiments and a new application of the chi-squared statistic show that users‘ choices of abstract images are not necessarily random over a group, and thus, like other cognitive authentication techniques, can be attacked by probabilistic dictionaries. A new authentication prototype is designed and implemented, embodying the usability and security insights gained. Testing of this prototype shows good usability and user acceptance, although speed of use remains an issue. A new experiment shows that abstract image authentication techniques are vulnerable to phishing attacks. Further, the testing shows two new results: that abstract image visuo-cognitive techniques are usable on mobile phones; and that such phones are not, currently, necessarily a threat as part of observation attacks on visual passwords.
author Norrington, Peter
author_facet Norrington, Peter
author_sort Norrington, Peter
title Novel, robust and cost-effective authentication techniques for online services
title_short Novel, robust and cost-effective authentication techniques for online services
title_full Novel, robust and cost-effective authentication techniques for online services
title_fullStr Novel, robust and cost-effective authentication techniques for online services
title_full_unstemmed Novel, robust and cost-effective authentication techniques for online services
title_sort novel, robust and cost-effective authentication techniques for online services
publisher University of Bedfordshire
publishDate 2009
url http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.536698
work_keys_str_mv AT norringtonpeter novelrobustandcosteffectiveauthenticationtechniquesforonlineservices
_version_ 1716785086879236096