当前位置: X-MOL 学术Int. J. Hum. Comput. Stud. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
From hot-spots towards experience-spots: Leveraging on users’ sociocultural experiences to enhance security in cued-recall graphical authentication
International Journal of Human-Computer Studies ( IF 5.4 ) Pub Date : 2021-02-02 , DOI: 10.1016/j.ijhcs.2021.102602
Argyris Constantinides , Christos Fidas , Marios Belk , Anna Maria Pietron , Ting Han , Andreas Pitsillides

This paper suggests a novel cued-recall-based graphical authentication method, which leverages on users’ sociocultural experiences for improving the security and memorability of selected secrets. We evaluated the suggested approach in the context of three user studies (n = 139): a) an eye-tracking study (n = 42) focusing on security in terms of resistance to brute-force attacks; b) a two-week study (n = 71) focusing on memorability and login usability; and c) a controlled in-lab user study (n = 26) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Analysis of results revealed that the suggested approach influenced visual behavior strategies of end-users, which subsequently resulted in significantly stronger passwords created on images reflecting their prior experiences than on images unfamiliar to them. Simultaneously, both reference and control groups performed similarly in terms of memorability and login efficiency and effectiveness. On the downside, the suggested approach introduces password guessing vulnerabilities in terms of allowing attackers who share common experiences with the end-users to more easily identify regions of their selected secrets. Findings point towards a new direction for delivering personalized cued-recall graphical authentication schemes that depict image semantics bootstrapped to users’ real-life experiences.



中文翻译:

从热点到体验点:利用用户的社会文化体验来增强提示调用图形身份验证的安全性

本文提出了一种新颖的基于线索召回的图形身份验证方法,该方法利用用户的社会文化经验来提高所选秘密的安全性和可记忆性。我们在三项用户研究(n  = 139)的背景下评估了建议的方法:a)一项眼动追踪研究(n  = 42),该研究着眼于针对暴力攻击的安全性方面的安全性;b)为期两周的研究(n  = 71),重点研究记忆力和登录可用性;和c)中的受控的实验室内的用户研究(Ñ = 26)着重于共享共同社会文化经验的人们中的人为攻击弱点。结果分析表明,建议的方法影响了最终用户的视觉行为策略,从而导致在反映其先前经历的图像上创建的密码比在不熟悉的图像上创建的密码明显更强。同时,参考组和对照组在记忆力,登录效率和有效性方面表现相似。不利的一面是,建议的方法引入了密码猜测漏洞,目的是使与最终用户共享常规经验的攻击者可以更轻松地识别所选秘密的区域。

更新日期:2021-02-10
down
wechat
bug