Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Usability analysis of authentication techniques

This document will be divided into two main parts. The first one will be the classification of the authentication techniques. We will search the main electronic databases for papers related to authentication techniques. We will then summarize the related papers and show what classifications they use for the authentication techniques. After all of the documents have been read and summarized we will analyse them and group the authentication techniques into the classifications found. For the second part of the document we will focus on the study of usability attributes in the authentication techniques. This to know how authentications techniques compare to one another based on their usability attributes. We will search the main electronic databases for papers related to the usability attributes of authentication techniques based on the usability definition of ISO/IEC 25010 (SQuaRE) and its attributes. We will then summarize the related papers and show what authentication methods they describe and which usability attributes they measure. After all of the documents have been read and summarized we will analyse them depending on their usability attribute. At the end we will elaborate those results to show which authentication techniques have better usability in terms of a specific usability attribute. This will help practitioners who are interested in using authentication methods but want or need to focus on a specific usability attribute. They will be able to use this as a guide to help them chose the best option that fits their purpose

Graphical One-Time Password (GOTPass): A usability evaluation

Journal has two ISSNs: 1939-3555 (Print), 1939-3547 (Online)Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfing, replay, and keylogger attacks (Gupta, Sahni, Sabbu, Varma, & Gangashetty, 2012) One-Time Passwords (OTPs) aim to overcome such problems (Gupta et al., 2012); however, most implemented OTP techniques require special hardware, which not only adds cost, but there are also issues regarding its availability (Brostoff, Inglesant, & Sasse, 2010). In contrast, the use of graphical passwords is an alternative authentication mechanism designed to aid memorability and ease of use, often forming part of a multifactor authentication process. This article is complementary to the earlier work that introduced and evaluated the security of the new hybrid user-authentication approach: Graphical One-Time Password (GOTPass) (Alsaiari et al., 2015). The scheme aims to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. The article presents the results of an empirical user study that investigates the usability features of the proposed approach, as well as pretest and posttest questionnaires. The experiment was conducted during three separate sessions, which took place over five weeks, to measure the efficiency, effectiveness, memorability, and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5s

Extending the Touchscreen Pattern Lock Mechanism with Duplicated and Temporal Codes

We investigate improvements to authentication on mobile touchscreen phones and present a novel extension to the widely used touchscreen pattern lock mechanism. Our solution allows including nodes in the grid multiple times, which enhances the resilience to smudge and other forms of attack. For example, for a smudge pattern covering 7 nodes, our approach increases the amount of possible lock patterns by a factor of 15 times. Our concept was implemented and evaluated in a laboratory user test (n = 36). The test participants found the usability of the proposed concept to be equal to that of the baseline pattern lock mechanism but considered it more secure. Our solution is fully backwards-compatible with the current baseline pattern lock mechanism, hence enabling easy adoption whilst providing higher security at a comparable level of usability

Investigating the Third Dimension for Authentication in Immersive Virtual Reality and in the Real World

Immersive Virtual Reality (IVR) is a growing 3D environment, where social and commercial applications will require user authentication. Similarly, smart homes in the real world (RW), offer an opportunity to authenticate in the third dimension. For both environments, there is a gap in understanding which elements of the third dimension can be leveraged to improve usability and security of authentication. In particular, investigating transferability of findings between these environments would help towards understanding how rapid prototyping of authentication concepts can be achieved in this context. We identify key elements from prior research that are promising for authentication in the third dimension. Based on these, we propose a concept in which users' authenticate by selecting a series of 3D objects in a room using a pointer. We created a virtual 3D replica of a real world room, which we leverage to evaluate and compare the factors that impact the usability and security of authentication in IVR and RW. In particular, we investigate the influence of randomized user and object positions, in a series of user studies (N=48). We also evaluate shoulder surfing by real world bystanders for IVR (N=75). Our results show that 3D passwords within our concept are resistant against shoulder surfing attacks. Interactions are faster in RW compared to IVR, yet workload is comparable