High-Entropy Visual Identification for Touch Screen Devices

Filardo, Nathaniel Wesley; Ateniese, Giuseppe

doi:10.1007/978-3-642-29101-2_13

Cited by 3 publications

(3 citation statements)

References 20 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, we assume that the adversary does not have control over the authentication device while the user authenticates (e.g., by installing malware). We also assume an adversary with incomplete surveillance [19], i.e., who can physically observe the victim during authentication but cannot capture the details of the secret object.…”

Section: Adversary Modelmentioning

confidence: 99%

A Secure Mobile Authentication Alternative to Biometrics

Azimpourkivi

Topkara

Cărbunar

2017

Proceedings of the 33rd Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Biometrics are widely used for authentication in consumer devices and business se ings as they provide sufficiently strong security, instant verification and convenience for users. However, biometrics are hard to keep secret, stolen biometrics pose lifelong security risks to users as they cannot be reset and re-issued, and transactions authenticated by biometrics across different systems are linkable and traceable back to the individual identity. In addition, their cost-benefit analysis does not include personal implications to users, who are least prepared for the imminent negative outcomes, and are not o en given equally convenient alternative authentication options.We introduce ai.lock, a secret image based authentication method for mobile devices which uses an imaging sensor to reliably extract authentication credentials similar to biometrics. Despite lacking the regularities of biometric image features, we show that ai.lock consistently extracts features across authentication a empts from general user captured images, to reconstruct credentials that can match and exceed the security of biometrics (EER = 0.71%). ai.lock only stores a "hash" of the object's image. We measure the security of ai.lock against brute force a acks on more than 3.5 billion authentication instances built from more than 250,000 images of real objects, and 100,000 synthetically generated images using a generative adversarial network trained on object images. We show that the ai.lock Shannon entropy is superior to a fingerprint based authentication built into popular mobile devices.

show abstract

Section: Adversary Modelmentioning

confidence: 99%

A Secure Mobile Authentication Alternative to Biometrics

Azimpourkivi

Topkara

Cărbunar

2017

Proceedings of the 33rd Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…In the spirit of stacking a physical share onto a digital one, [4] propose an application in an alternative to mobile phone passwords, instead stacking a VC transparency onto the screen displaying the accompanying share in a (2, 2)-VCS.…”

Section: Related Workmentioning

confidence: 99%

“…When the customer attempts to log in to an online account and switches on the device, both the server and device use a secret formula, based on current time and credentials, to generate an eight-digit code the customer inputs to access the account. This is regarded as secure, as it relies on "something you have", versus knowledge alone, which due to its ethereal nature can more easily fall into the wrong hands [4]. Hence, it provides greater security.…”

Section: Real-world Applicationsmentioning

confidence: 99%

Visual Secret Sharing between Remote Participants

Buckley¹,

Nagar²,

Arumugam³

2014

IJCA

View full text Add to dashboard Cite

Visual cryptography and random grids are forms of visual secret sharing that encrypt a secret image into indecipherable shares.Decryption occurs by printing them onto transparencies and stacking, but this requires participants to be in the physical presence of each other, so this paper addresses the use of visual secret sharing between remote, incommunicado agents. To this end, a prototype application has been developed to form a subpixel matrix of a photographed share that is one half of a (2, 2) scheme. It is algorithmically "stacked" with its stored complement to decrypt the secret.The implemented algorithms are presented, as well as visual results for variations of three values of three photographic condition metrics. Although only a third of the total results proved positive, recommendations are given regarding photographic conditions to significantly improve accuracy. Furthermore, we suggest a number of applications of this technology.

show abstract

Camera Based Two Factor Authentication Through Mobile and Wearable Devices

Azimpourkivi

Topkara

Cărbunar

2017

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

We introduce Pixie, a novel, camera based two factor authentication solution for mobile and wearable devices. A quick and familiar user action of snapping a photo is sufficient for Pixie to simultaneously perform a graphical password authentication and a physical token based authentication, yet it does not require any expensive, uncommon hardware. Pixie establishes trust based on both the knowledge and possession of an arbitrary physical object readily accessible to the user, called trinket. Users choose their trinkets similar to se ing a password, and authenticate by presenting the same trinket to the camera. e fact that the object is the trinket, is secret to the user. Pixie extracts robust, novel features from trinket images, and leverages a supervised learning classifier to effectively address inconsistencies between images of the same trinket captured in different circumstances.Pixie achieved a false accept rate below 0.09% in a brute force a ack with 14.3 million authentication a empts, generated with 40,000 trinket images that we captured and collected from public datasets. We identify master images, that match multiple trinkets, and study techniques to reduce their impact.In a user study with 42 participants over 8 days in 3 sessions we found that Pixie outperforms text based passwords on memorability, speed, and user preference. Furthermore, Pixie was easily discoverable by new users and accurate under field use. Users were able to remember their trinkets 2 and 7 days a er registering them, without any practice between the 3 test dates.

show abstract

High-Entropy Visual Identification for Touch Screen Devices

Cited by 3 publications

References 20 publications

A Secure Mobile Authentication Alternative to Biometrics

A Secure Mobile Authentication Alternative to Biometrics

Visual Secret Sharing between Remote Participants

Camera Based Two Factor Authentication Through Mobile and Wearable Devices

Contact Info

Product

Resources

About