TY - GEN
T1 - Towards authentication via selected extraction from electronic personal histories
AU - Nosseir, A.
AU - Terzis, Sotirios
N1 - e-isbn; 978-3-642-19802-1
PY - 2011
Y1 - 2011
N2 - Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.
AB - Authentication via selected extraction from electronic personal histories is a novel question-based authentication technique. This paper first presents a study using academic personal web site data that investigated the effect of using image-based authentication questions. By assessing the impact on both genuine users and attackers the study concluded that from an authentication point of view (a) an image-based representation of questions is beneficial; (b) a small increase in the number of distracters/options in closed questions is positive; and (c) the ability of attackers, close to genuine users, to answer correctly with high confidence, genuine users’ questions is limited. Second, the paper presents the development of a web-based prototype for automated generation of image-based authentication questions. The prototype makes clear that although possible to largely automate the generation of authentication questions, this requires significant engineering effort and further research. These results are encouraging for the feasibility of the technique.
KW - electronic personal histories
KW - authentication
KW - computer science
KW - enterprise information systems
KW - security usability
UR - http://www.scopus.com/inward/record.url?scp=84876257522&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-19802-1_39
DO - 10.1007/978-3-642-19802-1_39
M3 - Conference contribution book
SN - 9783642198014
T3 - Lecture Notes in Business Information Processing
SP - 571
EP - 586
BT - Enterprise Information Systems
A2 - Filipe, Joaquim
A2 - Cordeiro, Jose
PB - Springer
T2 - 12th International Conference, ICEIS 2010
Y2 - 8 June 2010 through 12 June 2010
ER -