Question-based group authentication

Authors:
Ann Nosseir;Richard Connor;Karen Renaud
Affiliations:
University of Strathclyde, Glasgow, UK;University of Strathclyde, Glasgow, UK;University of Glasgow, Glasgow, UK
Venue:
OZCHI '06 Proceedings of the 18th Australia conference on Computer-Human Interaction: Design: Activities, Artefacts and Environments
Year:
2006

Citing 11
Cited 0

Cognitive passwords: the key to easy access control

Computers and Security
Supporting electronic group processes: a social perspective

SIGCPR '95 Proceedings of the 1995 ACM SIGCPR conference on Supporting teams, groups, and learning inside and outside the IS function reinventing IS
Computer security

Computer security
Users are not the enemy

Communications of the ACM
Where do web sites come from?: capturing and interacting with design history

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Fluid annotations in an open world

Proceedings of the 12th ACM conference on Hypertext and Hypermedia
Making Passwords Secure and Usable

HCI 97 Proceedings of HCI on People and Computers XII
Authentication in e-commerce

Communications of the ACM - Mobile computing opportunities and challenges
The experienced "sense" of a virtual community: characteristics and processes

ACM SIGMIS Database
Password Memorability and Security: Empirical Results

IEEE Security and Privacy
Do culture and technology interact?: overcoming technological barriers to intercultural communication in virtual communities

ACM SIGGROUP Bulletin - Special issue on virtual communities

Quantified Score

Hi-index	0.00

Visualization

Abstract

There are various situations where a distinction needs to be made between group members and outsiders. For example, to protect students in chat groups from unpleasant incidents caused by intruders; or to provide access to common domains such as computer labs. In some of these situations the implications of unauthorized access are negligible. Thus, using an expensive authentication technique, in terms of equipment and maintenance, or requiring significant effort from the user, is wasteful and unjustified. Passwords are the cheapest access control mechanism but have memorability issues. As a result, various alternatives have been proposed. These solutions are often either insecure or expensive in terms of data collection and maintenance. In this paper we present a solution that is less costly since it is built on the data produced by user-system interactions. The mechanism relies on a dynamic (and unpredictable) shared secret. We report on our investigation into differentiating between group members and outsiders by means of their group characteristics. We also present an original analytical framework to facilitate the automatic generation of questions from group characteristics. Finally, we introduce a prototype of the mechanism.