Towards authentication via selected extraction from electronic personal histories

A. Nosseir, Sotirios Terzis

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.
LanguageEnglish
Title of host publicationEnterprise Information Systems
Subtitle of host publicationRevised Selected Papers of the 12th International Conference on Enterprise Information Systems
EditorsJoaquim Filipe, Jose Cordeiro
PublisherSpringer
Pages571-586
Number of pages16
ISBN (Print)9783642198014
DOIs
Publication statusPublished - 2011
Event12th International Conference, ICEIS 2010 - Funchal-Madeira, Portugal
Duration: 8 Jun 201012 Jun 2010

Publication series

NameLecture Notes in Business Information Processing
PublisherSpringer
Volume73
ISSN (Print)1865-1348
ISSN (Electronic)1865-1356

Conference

Conference12th International Conference, ICEIS 2010
CountryPortugal
CityFunchal-Madeira
Period8/06/1012/06/10

Fingerprint

Authentication
Websites

Keywords

  • electronic personal histories
  • authentication
  • computer science
  • enterprise information systems
  • security usability

Cite this

Nosseir, A., & Terzis, S. (2011). Towards authentication via selected extraction from electronic personal histories. In J. Filipe, & J. Cordeiro (Eds.), Enterprise Information Systems: Revised Selected Papers of the 12th International Conference on Enterprise Information Systems (pp. 571-586). (Lecture Notes in Business Information Processing; Vol. 73). Springer. https://doi.org/10.1007/978-3-642-19802-1_39
Nosseir, A. ; Terzis, Sotirios. / Towards authentication via selected extraction from electronic personal histories. Enterprise Information Systems: Revised Selected Papers of the 12th International Conference on Enterprise Information Systems. editor / Joaquim Filipe ; Jose Cordeiro. Springer, 2011. pp. 571-586 (Lecture Notes in Business Information Processing).
@inproceedings{baae9e88cac242f79095088a20fd3404,
title = "Towards authentication via selected extraction from electronic personal histories",
abstract = "Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.",
keywords = "electronic personal histories , authentication , computer science , enterprise information systems, security usability",
author = "A. Nosseir and Sotirios Terzis",
note = "e-isbn; 978-3-642-19802-1",
year = "2011",
doi = "10.1007/978-3-642-19802-1_39",
language = "English",
isbn = "9783642198014",
series = "Lecture Notes in Business Information Processing",
publisher = "Springer",
pages = "571--586",
editor = "Joaquim Filipe and Jose Cordeiro",
booktitle = "Enterprise Information Systems",

}

Nosseir, A & Terzis, S 2011, Towards authentication via selected extraction from electronic personal histories. in J Filipe & J Cordeiro (eds), Enterprise Information Systems: Revised Selected Papers of the 12th International Conference on Enterprise Information Systems. Lecture Notes in Business Information Processing, vol. 73, Springer, pp. 571-586, 12th International Conference, ICEIS 2010, Funchal-Madeira, Portugal, 8/06/10. https://doi.org/10.1007/978-3-642-19802-1_39

Towards authentication via selected extraction from electronic personal histories. / Nosseir, A.; Terzis, Sotirios.

Enterprise Information Systems: Revised Selected Papers of the 12th International Conference on Enterprise Information Systems. ed. / Joaquim Filipe; Jose Cordeiro. Springer, 2011. p. 571-586 (Lecture Notes in Business Information Processing; Vol. 73).

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Towards authentication via selected extraction from electronic personal histories

AU - Nosseir, A.

AU - Terzis, Sotirios

N1 - e-isbn; 978-3-642-19802-1

PY - 2011

Y1 - 2011

N2 - Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.

AB - Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.

KW - electronic personal histories

KW - authentication

KW - computer science

KW - enterprise information systems

KW - security usability

UR - http://www.scopus.com/inward/record.url?scp=84876257522&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-19802-1_39

DO - 10.1007/978-3-642-19802-1_39

M3 - Conference contribution book

SN - 9783642198014

T3 - Lecture Notes in Business Information Processing

SP - 571

EP - 586

BT - Enterprise Information Systems

A2 - Filipe, Joaquim

A2 - Cordeiro, Jose

PB - Springer

ER -

Nosseir A, Terzis S. Towards authentication via selected extraction from electronic personal histories. In Filipe J, Cordeiro J, editors, Enterprise Information Systems: Revised Selected Papers of the 12th International Conference on Enterprise Information Systems. Springer. 2011. p. 571-586. (Lecture Notes in Business Information Processing). https://doi.org/10.1007/978-3-642-19802-1_39