DynaHand: Observation-resistant recognition-based web authentication

Authentication in a Web environment is severely constrained by a minimal expectation of an infrastructure made up of software, hardware, and operator expertise. The traditional mechanism, passwords, is outliving its usefulness in the Web arena. This article presents results from a field test of a graphical authentication system called DynaHand, which utilizes biometrics, i.e. human handwriting recognition, in a graphical authentication mechanism. We also present a tool that supports the analysis of errors evidenced during the authentication process, making it possible to classify failed attempts as either due to genuine user error or failed intrusions. In the case of the former, the tool helps to reduce the occurrence of such genuine errors by identifying distractor images that could potentially cause confusion due to their similarity to target images.

[1]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[2]  Sacha Brostoff,et al.  “Ten strikes and you're out”: Increasing the number of login attempts can improve password usability , 2003 .

[3]  Rafael C. González,et al.  Digital image processing using MATLAB , 2006 .

[4]  Karen Renaud,et al.  A process for supporting risk-aware web authentication mechanism choice , 2007, Reliab. Eng. Syst. Saf..

[5]  R. Gray,et al.  Vector quantization , 1984, IEEE ASSP Magazine.

[6]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[7]  Ronald A. Rensink,et al.  On the Failure to Detect Changes in Scenes Across Brief Interruptions , 2000 .

[8]  Antonella De Angeli,et al.  VIP: a visual approach to user authentication , 2002, AVI '02.

[9]  A. Zimmer,et al.  Do we see what makes our script characteristic — or do we only feel it? Modes of sensory control in handwriting , 1982, Psychological research.

[10]  Jean-Luc Velay,et al.  Visual presentation of single letters activates a premotor area involved in writing , 2003, NeuroImage.

[11]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[12]  Remigiusz J. Rak,et al.  Vector Quantisation , 1998, Fundam. Informaticae.

[13]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[14]  Sung-Hyuk Cha,et al.  Individuality of handwriting: a validation study , 2001, Proceedings of Sixth International Conference on Document Analysis and Recognition.

[15]  Karen Renaud A Visuo-Biometric Authentication Mechanism for Older Users , 2005, BCS HCI.

[16]  W. Preyer Zur Psychologie des Schreibens , 1929 .

[17]  Antonella De Angeli,et al.  My password is here! An investigation into visuo-spatial authentication mechanisms , 2004, Interact. Comput..

[18]  K. Seki,et al.  The efficacy of kinesthetic reading treatment for pure alexia , 1995, Neuropsychologia.

[19]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[20]  Josef G. Heckmann,et al.  Recognition of familiar handwriting in stroke and dementia , 2001, Neurology.