user authentication for
play

User Authentication for Emerging Interfaces Nasir Memon Tandon - PowerPoint PPT Presentation

May 11, 2023 •114 likes •675 views

User Authentication for Emerging Interfaces Nasir Memon Tandon School of Engineering New York University Identity Identity and Authentication What is identity? A computers representation of an unique entity (principal). What is

  1. User Authentication for Emerging Interfaces Nasir Memon Tandon School of Engineering New York University

  2. Identity

  3. Identity and Authentication • What is identity? – A computer’s representation of an unique entity (principal). • What is authentication? – Binding principal to system ’ s internal representation of identity. • Why do we need identity? – Accountability – Access control

  4. Authenticating Computers and Humans

  6. SOMETHING YOU ARE - Biometrics

  7. Shoulder surfing or Insiders Usability

  8. What You Know

  9. Guessing Passwords

  10. RAINBOW TABLES ??

  11. Recent Leaks

  12. Password policies

  13. Password are hard to replace

  14. Why?? Usability  Memorywise Effortless  Scalable for users  Nothing-to-Carry  Physically-Effortless  Easy-to-Learn  Efficient-to-Use  Infrequent-Errors  Easy-Recovery-from-Loss Bonneau, Herley, Oorschot and Stajano 14

  15. Why?? Security  Resilient-to-Physical-Observation  Resilient-to-Targeted-Impersonation  Resilient-to-Throttled-Guessing  Resilient-to-Unthrottled-Guessing  Resilient-to-Internal-Observation  Resilient-to-Leaks-from-Other-Verifiers  Resilient-to-Phishing  Resilient-to-Theft  No-Trusted-Third-Party  Requiring-Explicit-Consent  Unlinkable 15

  16. Why?? Deployability  Accessible  Negligible-Cost-per-User  Server compatible  Browser compatible  Mature 16

  17. But it is not due to lack of trying …

  18. Google’s attempt …

  19. And academics and startups …

  20. Game Changer? - Emerging Interfaces

  21. Emerging Interfaces

  22. Emerging Interfaces

  23. Emerging Interfaces

  24. Game Changer - Mobility

  25. Continuous Authentication

  26. Different Approaches

  27. Evaluation - Security • Random Guessing • False positives • Shoulder surfing • Insider threat • Replay attack

  28. Evaluation - Usability • Memorability • True positives • Efficiency • Satisfaction • Universality

  29. Touch interface

  30. Android Pattern Lock – Recall Based

  31. Windows 8 Picture Password

  32. Single Finger Touch – Online Signatures

  33. • What is this about? Single Finger Touch – Draw-a-PIN 9/30/2016 33

  34. Touch motion

  35. Multi-touch gestures

  36. Camera interface

  37. Face Recognition

  38. Authentication with body gestures Database Access point 𝑍 𝑊 Similar? 𝑎 Slide courtesy of Konrad and Easwar

  39. Hand Gestures

  40. Eye Gaze SSIP 2009 40

  41. Camera and Private Display

  42. Motion Sensor

  43. Motion Sensors

  44. Leap Motion Gestures

  45. Leap Motion Sensor

  46. Waving a device

  47. Head Banger!

  48. Electroencephalograph - EEG • Brain has continuous electrical activity that can be recorded • Pairs of electrodes attached to scalp form distinct channels • Weak signal ~millivolts is sent thru amplifier • Continuous output recorded via galvanometer.

  49. NeuroSky Mindset

  50. Summary

  51. Summary

  52. Summary

  53. Also - Fingerprint Sensors

  54. Partial Fingerprints

  55. Master Prints

  56. Thank you!! Questions? memon@nyu.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR CONSULTANTS www.XFactorConsultants.com User Authentication (Auth) The methods by which a web app verifies the identity of a user and limits their

334 views • 8 slides
Information Security Identification and authentication Advanced User Authentication I 2019-02-01

Information Security Identification and authentication Advanced User Authentication I 2019-02-01

Information Security Identification and authentication Advanced User Authentication I 2019-02-01 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

573 views • 32 slides
Information Security Identification and authentication Advanced User Authentication I 2018-02-02

Information Security Identification and authentication Advanced User Authentication I 2018-02-02

Information Security Identification and authentication Advanced User Authentication I 2018-02-02 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

568 views • 41 slides
Information Security Identification and authentication Advanced User Authentication I 2016-01-26

Information Security Identification and authentication Advanced User Authentication I 2016-01-26

Information Security Identification and authentication Advanced User Authentication I 2016-01-26 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

865 views • 40 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) [Accuracy vs. cost trade-off] Other USER AUTHENTICATION INKBLOT AUTHENTICATION Come up with

671 views • 20 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2016-01-29 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

683 views • 44 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2019-02-08 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

1.19k views • 102 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
Information Security Identification and authentication Advanced User Authentication III

Information Security Identification and authentication Advanced User Authentication III

Information Security Identification and authentication Advanced User Authentication III 2016-02-02 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture II within this part of the course Background Statistics Statistics in user

1.49k views • 70 slides
User authentication on the web Joseph Bonneau

User authentication on the web Joseph Bonneau

User authentication on the web Joseph Bonneau Computer Laboratory Part II Security lecture 2012 J. Bonneau (U. of Cambridge) User authentication on the web February 22, 2012 1 / 41

1.72k views • 132 slides
Information Security Identification and authentication Advanced User Authentication II and III

Information Security Identification and authentication Advanced User Authentication II and III

Information Security Identification and authentication Advanced User Authentication II and III (somewhat abbreviated ) 2018-02-09 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background

1.24k views • 106 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication After the Handshake The user navigates to the sites landing page, no client authentication required. Eventually, the user requests a

69 views • 6 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

471 views • 21 slides
Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password Validate password strength Store salted hash of the password Authentication User sends username/password Retrieve the stored salted

359 views • 20 slides
NATIONAL OUTCOMES EVALUATION : FINDINGS FROM THE SMSS AND MIS, AND PREPARING FOR THE STUDENT

NATIONAL OUTCOMES EVALUATION : FINDINGS FROM THE SMSS AND MIS, AND PREPARING FOR THE STUDENT

The Garrett Lee Smith (GLS) Suicide Prevention National Outcomes Evaluation is supported through contract no. HHSS283201200007I/HHSS28342002T (reference no. 283-12-0702) awarded to ICF International by the Center for Mental Health Services (CMHS),

717 views • 49 slides
One size does not fit all: A field experiment on the drivers of tax compliance and delivery

One size does not fit all: A field experiment on the drivers of tax compliance and delivery

One size does not fit all: A field experiment on the drivers of tax compliance and delivery methods in Rwanda Giulia Mascagni International Centre for Tax and Development (ICTD) Co-authors: Chris Nell and Nara Monkam Maputo, 6 th July 2017 G.

657 views • 42 slides
THE EMERGENCY SUPPORT SYSTEM STORY OF ONE PROJECT Tom EZNK Masaryk University The Czech

THE EMERGENCY SUPPORT SYSTEM STORY OF ONE PROJECT Tom EZNK Masaryk University The Czech

THE EMERGENCY SUPPORT SYSTEM STORY OF ONE PROJECT Tom EZNK Masaryk University The Czech Republic Business Meeting of the Commission on Cartography in Early Warning and Crisis Management 26th International Cartographic Conference, Dresden,

351 views • 17 slides
SERVICE (SMS) ECE 2525 MOBILE COMMUNICATION Monday, 25 February 2020 SAFARICOM 6-MONTH

SERVICE (SMS) ECE 2525 MOBILE COMMUNICATION Monday, 25 February 2020 SAFARICOM 6-MONTH

GSM SHORT MESSAGE SERVICE (SMS) ECE 2525 MOBILE COMMUNICATION Monday, 25 February 2020 SAFARICOM 6-MONTH REVENUE SEPTEMBER 2018 GENERAL OBSERVATIONS OTHERS 1. Voice revenue, although SMS 2% 8% declining, is still dominant. 2. Value

518 views • 9 slides
Multi-touch Authentication Using Hand Geometry and Aokun Chen Behavioral Information Related

Multi-touch Authentication Using Hand Geometry and Aokun Chen Behavioral Information Related

Multi-touch Authentication Using Hand Geometry and Aokun Chen Behavioral Information Related Work Gait Recognition Keystroke/Mouse dynamics Gesture based authentication Threat Model and Assumption The adversary may or may not

416 views • 23 slides
Authentication (Continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks

Authentication (Continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Authentication (Continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell,

739 views • 34 slides
Characteristic-Based Security Analysis of Personal Networks Andrew Paverd Department of Computer

Characteristic-Based Security Analysis of Personal Networks Andrew Paverd Department of Computer

Characteristic-Based Security Analysis of Personal Networks Andrew Paverd Department of Computer Science University of Oxford Fadi El-Moussa BT Research BT Technology, Service & Operations Ian Brown Oxford Internet Institute University

481 views • 15 slides
The Future of Markets is the Cloud CS349F: Technology for Financial Systems October 12, 2020

The Future of Markets is the Cloud CS349F: Technology for Financial Systems October 12, 2020

The Future of Markets is the Cloud CS349F: Technology for Financial Systems October 12, 2020 TECHNOLOGY TRENDS SHAPING FINANCIAL SERVICES Innovations Advancing The Landscape CLOUD SERVICES STREAMING / DATA LAKES BLOCKCHAIN INTERNET OF THINGS

2.54k views • 18 slides

More recommend