Question-Based Group Authentication
Date: November 2006 Publication: Proceedings of the 18th Australia conference on Computer-Human Interaction: Design: Activities, Artefacts and Environments, OZCHI '06 Page(s): 277 - 283 Publisher: ACM Source 1: http://www.dcs.gla.ac.uk/~karen/Papers/ozchi_groupA.pdf Source 2: http://www.ozchi.org/proceedings/2006/sessions/using/nosseir-p277.pdf Source 3: http://dx.doi.org/10.1145/1228175.1228223 - Subscription or payment required Abstract or Summary:
There are various situations where a distinction needs to be made between group members and outsiders. For example, to protect students in chat groups from unpleasant incidents caused by intruders; or to provide access to common domains such as computer labs. In some of these situations the implications of unauthorized access are negligible. Thus, using an expensive authentication technique, in terms of equipment and maintenance, or requiring significant effort from the user, is wasteful and unjustified. Passwords are the cheapest access control mechanism but have memorability issues. As a result, various alternatives have been proposed. These solutions are often either insecure or expensive in terms of data collection and maintenance. In this paper we present a solution that is less costly since it is built on the data produced by user-system interactions. The mechanism relies on a dynamic (and unpredictable) shared secret. We report on our investigation into differentiating between group members and outsiders by means of their group characteristics. We also present an original analytical framework to facilitate the automatic generation of questions from group characteristics. Finally, we introduce a prototype of the mechanism. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |