SLIDE 1
User Authentication for Emerging Interfaces Nasir Memon Tandon - - PowerPoint PPT Presentation
User Authentication for Emerging Interfaces Nasir Memon Tandon - - PowerPoint PPT Presentation
User Authentication for Emerging Interfaces Nasir Memon Tandon School of Engineering New York University Identity Identity and Authentication What is identity? A computers representation of an unique entity (principal). What is
SLIDE 2
SLIDE 3
Identity and Authentication
- What is identity?
– A computer’s representation of an unique entity (principal).
- What is authentication?
– Binding principal to system’s internal representation of identity.
- Why do we need identity?
– Accountability – Access control
SLIDE 4
Authenticating Computers and Humans
SLIDE 5
SLIDE 6
SOMETHING YOU ARE - Biometrics
SLIDE 7
Shoulder surfing or Insiders Usability
SLIDE 8
What You Know
SLIDE 9
Guessing Passwords
SLIDE 10
RAINBOW TABLES ??
SLIDE 11
Recent Leaks
SLIDE 12
Password policies
SLIDE 13
Password are hard to replace
SLIDE 14
Why?? Usability
- Memorywise Effortless
- Scalable for users
- Nothing-to-Carry
- Physically-Effortless
- Easy-to-Learn
- Efficient-to-Use
- Infrequent-Errors
- Easy-Recovery-from-Loss
14 Bonneau, Herley, Oorschot and Stajano
SLIDE 15
Why?? Security
- Resilient-to-Physical-Observation
- Resilient-to-Targeted-Impersonation
- Resilient-to-Throttled-Guessing
- Resilient-to-Unthrottled-Guessing
- Resilient-to-Internal-Observation
- Resilient-to-Leaks-from-Other-Verifiers
- Resilient-to-Phishing
- Resilient-to-Theft
- No-Trusted-Third-Party
- Requiring-Explicit-Consent
- Unlinkable
15
SLIDE 16
Why?? Deployability
- Accessible
- Negligible-Cost-per-User
- Server compatible
- Browser compatible
- Mature
16
SLIDE 17
But it is not due to lack of trying …
SLIDE 18
Google’s attempt …
SLIDE 19
And academics and startups …
SLIDE 20
Game Changer? - Emerging Interfaces
SLIDE 21
Emerging Interfaces
SLIDE 22
Emerging Interfaces
SLIDE 23
Emerging Interfaces
SLIDE 24
Game Changer - Mobility
SLIDE 25
Continuous Authentication
SLIDE 26
Different Approaches
SLIDE 27
Evaluation - Security
- Random Guessing
- False positives
- Shoulder surfing
- Insider threat
- Replay attack
SLIDE 28
Evaluation - Usability
- Memorability
- True positives
- Efficiency
- Satisfaction
- Universality
SLIDE 29
Touch interface
SLIDE 30
Android Pattern Lock – Recall Based
SLIDE 31
Windows 8 Picture Password
SLIDE 32
Single Finger Touch – Online Signatures
SLIDE 33
- What is this about?
9/30/2016 33
Single Finger Touch – Draw-a-PIN
SLIDE 34
Touch motion
SLIDE 35
Multi-touch gestures
SLIDE 36
Camera interface
SLIDE 37
Face Recognition
SLIDE 38
Authentication with body gestures
Access point Database
𝑍 𝑊 𝑎 Similar?
Slide courtesy of Konrad and Easwar
SLIDE 39
Hand Gestures
SLIDE 40
SSIP 2009
Eye Gaze
40
SLIDE 41
Camera and Private Display
SLIDE 42
Motion Sensor
SLIDE 43
Motion Sensors
SLIDE 44
Leap Motion Gestures
SLIDE 45
Leap Motion Sensor
SLIDE 46
Waving a device
SLIDE 47
Head Banger!
SLIDE 48
Electroencephalograph - EEG
- Brain has continuous
electrical activity that can be recorded
- Pairs of electrodes
attached to scalp form distinct channels
- Weak signal ~millivolts is
sent thru amplifier
- Continuous output
recorded via galvanometer.
SLIDE 49
NeuroSky Mindset
SLIDE 50
Summary
SLIDE 51
Summary
SLIDE 52
Summary
SLIDE 53
Also - Fingerprint Sensors
SLIDE 54
Partial Fingerprints
SLIDE 55
Master Prints
SLIDE 56