Social Authentication: Harder Than It Looks

Kim, Hyoungshick; Tang, John; Anderson, Ross

doi:10.1007/978-3-642-32946-3_1

Cited by 21 publications

(19 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first to analyze SA and discuss potential vulnerabilities were Kim et al [16], who presented a formal quantification of the risks that threaten SA. A key observation is that tightly connected communities exhibit higher risks.…”

Section: Related Workmentioning

confidence: 99%

“…Researchers, however, have analyzed [16] its weaknesses, and demonstrated [20] that the existing system is vulnerable to attacks that employ face recognition software. We further demonstrate that SA is vulnerable to an attack that previous work has overlooked; the adversary first builds a collection of the photos uploaded by the victim and his online friends.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Faces in the Distorting Mirror

Polakis

Ilia

Maggi

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

In an effort to hinder attackers from compromising user accounts, Facebook launched a form of two-factor authentication called social authentication (SA), where users are required to identify photos of their friends to complete a log-in attempt. Recent research, however, demonstrated that attackers can bypass the mechanism by employing face recognition software. Here we demonstrate an alternative attack that employs image comparison techniques to identify the SA photos within an offline collection of the users' photos.In this paper, we revisit the concept of SA and design a system with a novel photo selection and transformation process, which generates challenges that are robust against these attacks. The intuition behind our photo selection is to use photos that fail software-based face recognition, while remaining recognizable to humans who are familiar with the depicted people. The photo transformation process creates challenges in the form of photo collages, where faces are transformed so as to render image matching techniques ineffective. We experimentally confirm the robustness of our approach against three template matching algorithms that solve 0.4% of the challenges, while requiring four orders of magnitude more processing effort.. Furthermore, when the transformations are applied, face detection software fails to detect even a single face. Our user studies confirm that users are able to identify their friends in over 99% of the photos with faces unrecognizable by software, and can solve over 94% of the challenges with transformed photos.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Faces in the Distorting Mirror

Polakis

Ilia

Maggi

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…This mechanism controlled the third party application from preventing the private information of the user profile. Other related work has analyzed both privacy risks associated with information disclosure in social networks, and developed initial mechanisms to protect against some involuntary information disclosure and proposed a framework for deriving a "privacy score" to inform the user of the potential risks to their privacy created by their activities and activities with other users within the social network [7].However the previous research areas concentrated on friends grouping policy to enable different privacy setting to provide, which data should be accessed by which group of users and similarly work carried out to prevent the third party application from accessing the user data from the profile. A new framework was developed to give more security to the data available on user profile.…”

Section: Related Workmentioning

confidence: 99%

Prevention of Losing User Account by Enhancing Security Module: A Facebook Case

Joe¹,

Ramakrishnan²,

Shaji³

2013

JETWI

View full text Add to dashboard Cite

The blooming development of internet technologies, lead to the growth of Online Social Networks (OSNs) day by day. There are many Online Social Networks (OSNs) came on internet but still very few could get the attraction of the users forever. The most attracted and world level leading Online Social Networks (OSNs) is Facebook, Twitter, and Google Plus and so on. All these Online Social Networks (OSNs) allow its users to create profiles and share any information on their profile, which could be viewed by other users of the same network user. These Social Networks allow users to form friendship with other people and make them to get connected in an easiest way. The major advantages of these Online Social Networks (OSNs) are getting connected with friends (wherever they are in the world), thoughts and ideas can be shared on online and feedback could be obtained as soon as possible. Every user of Social Networking sites will have many more confidential and private data on their account. However the Security and Quality of Service (QoS) are the major constraints must be always maintained in all the social networks. Most of the Online Social Networks (OSNs) provides security to the data available on the user account and provides good Quality of Service (Qos). Obviously the security constraint must be maintained not only the data available on user account but also must be maintained to the user account completely, which ultimately improves the efficiency of Quality of Service (Qos). In this paper, we evaluate and propose a new model to enhance the security for improving quality of service in online social networks.

show abstract

“…First, the Syrian case illustrates that the use of authentication techniques that depend upon "who you know," also called social authentication, must be evaluated in terms of possible risks to dissidents (Kim, Tang, and Anderson 2012). For example, Facebook considered a protocol that required that you indicate the faces that you recognize to recover a lost password.…”

Section: Syriamentioning

confidence: 99%