Authentication technologies for the blind or visually impaired

Current research on "Usable Security" is still in its infancy and usable security solutions are often designed without paying attention to human disabilities. This paper aims to help fill this void in the realm of blind computer users. More specifically, we discuss research challenges we are faced with and the directions we can take towards developing authentication technologies suitable for the blind or visually impaired. Our focus is on two technologies: user authentication, i.e., how a blind user can securely authenticate to a device (remote or otherwise) and device authentication, i.e., how a blind user can securely establish private and authenticated communication between two wireless devices. We hope that our work would inspire other researchers to design security solutions keeping in mind not only human abilities but also their disabilities.

[1]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[2]  Serge Vaudenay,et al.  SAS-Based Authenticated Key Agreement , 2006, Public Key Cryptography.

[3]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[4]  Nitesh Saxena,et al.  Pairing Devices with Good Quality Output Interfaces , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[5]  Daphna Weinshall,et al.  Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  D H Ashmead,et al.  Spatial Hearing in Children with Visual Disabilities , 1998, Perception.

[7]  E. Uzun,et al.  BEDA : Button-Enabled Device Association , 2007 .

[8]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[9]  Nicolas Christin,et al.  Undercover: authentication usable in front of prying eyes , 2008, CHI.

[10]  Claudio Soriente,et al.  BEDA: Button-Enabled Device Pairing , 2007, IACR Cryptol. ePrint Arch..

[11]  Nitesh Saxena,et al.  Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns , 2008, ACNS.

[12]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[13]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[14]  David A. Wagner,et al.  Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract) , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Gene Tsudik,et al.  Button-enabled Device Association , 2007 .

[16]  Ravi Kuber,et al.  Authentication Using Tactile Feedback , 2006 .

[17]  Sven Laur,et al.  Efficient Mutual Data Authentication Using Manually Authenticated Strings , 2006, CANS.

[18]  Nitesh Saxena,et al.  Shoulder-Surfing Safe Login in a Partially Observable Attacker Model , 2010, Financial Cryptography.

[19]  Ariel Rabkin,et al.  Personal knowledge questions for fallback authentication: security questions in the era of Facebook , 2008, SOUPS '08.

[20]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[21]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[22]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[23]  Dawn Song,et al.  Hash Visualization: a New Technique to improve Real-World Security , 1999 .

[24]  T. Perkovic,et al.  SSSL: Shoulder Surfing Safe Login , 2009, SoftCOM 2009 - 17th International Conference on Software, Telecommunications & Computer Networks.

[25]  N. Asokan,et al.  Secure device pairing based on a visual channel , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[26]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.

[27]  Nitesh Saxena,et al.  Universal device pairing using an auxiliary device , 2008, SOUPS '08.