Vision based curve reconstruction algorithms and their application to graphical password

Curve reconstruction is the problem of approximating a curve or multiple curves from a point cloud. Curve reconstruction problem has received numerous attention over the last few decades due to its significant application in geometric modeling. In this thesis, based on the relationship between human vision and curve reconstruction, two Gestalt laws have been identified for the curve reconstruction: the law of proximity indicating that our vision tends to perceptually group near objects together and the law of continuation pointing out that objects following a consistent continuous direction are perceptually grouped together. Two algorithms have been proposed to implement these two laws in curve reconstruction. This first algorithm, DISCUR, connects points based on the law of proximity. The second algorithm, VICUR, considers both laws. The algorithms have been compared to the main curve reconstruction algorithms available in the literature. Another contribution of this thesis is a new application of curve reconstruction in the field of cryptography. In the thesis, a new graphical password scheme is introduced. The proposed scheme requires users to create their secret by selecting individual points or by connecting points into curves from a given set of points. It is reasonable to assume that the users will connect points into curves that look natural to their vision so that they can recall easily. Consequently, the password may be a part of the reconstructed results of the human-vision based curve reconstruction algorithms and the attacker can use these results to crack the password. We present the application of curve reconstruction algorithm in the evaluation of our graphical password scheme

GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices

We propose a multimodal scheme, GazeTouchPass, that combines gaze and touch for shoulder-surfing resistant user authentication on mobile devices. GazeTouchPass allows passwords with multiple switches between input modalities during authentication. This requires attackers to simultaneously observe the device screen and the user's eyes to find the password. We evaluate the security and usability of GazeTouchPass in two user studies. Our findings show that GazeTouchPass is usable and significantly more secure than single-modal authentication against basic and even advanced shoulder-surfing attacks

Interpretable Probabilistic Password Strength Meters via Deep Learning

Probabilistic password strength meters have been proved to be the most accurate tools to measure password strength. Unfortunately, by construction, they are limited to solely produce an opaque security estimation that fails to fully support the user during the password composition. In the present work, we move the first steps towards cracking the intelligibility barrier of this compelling class of meters. We show that probabilistic password meters inherently own the capability of describing the latent relation occurring between password strength and password structure. In our approach, the security contribution of each character composing a password is disentangled and used to provide explicit fine-grained feedback for the user. Furthermore, unlike existing heuristic constructions, our method is free from any human bias, and, more importantly, its feedback has a clear probabilistic interpretation. In our contribution: (1) we formulate the theoretical foundations of interpretable probabilistic password strength meters; (2) we describe how they can be implemented via an efficient and lightweight deep learning framework suitable for client-side operability.Comment: An abridged version of this paper appears in the proceedings of the 25th European Symposium on Research in Computer Security (ESORICS) 202