Paper Info
Title
Building robust authentication systems with activity-based personal questions
Abstract
A recent study found that the widely-used secret questions for Web authentication can easily be guessed. The study focused on making secret questions easier to remember for the user and harder to break by others. Our approach is authentication through the use of an individual's personal and dynamic Internet activities. We hypothesize that frequently-changing secret questions will be hard for attackers to guess. We propose three major categories of questions that are based off of user activities: network activities (e.g., browsing history, emails); physical events e.g., planned meetings, calendar items); conceptual opinions (e.g., opinions as derived from browsing, emails). Our preliminary results are encouraging and show that this new direction is promising. To improve the usability, in particular nonintrusiveness, of such a dynamic secret-question system, we also describe a concrete client-server architecture and security model for automating our authentication systems through utilizing existing artificial intelligent techniques.
Year
DOI
Venue
2009
10.1145/1655062.1655067
SafeConfig
Keywords
Field
DocType
dynamic secret-question system,browsing history,robust authentication system,user activity,web authentication,recent study,activity-based personal question,dynamic internet activity,authentication system,widely-used secret question,secret question,calendar item,authentication,opinion,usability,client server architecture,security,artificial intelligent,activity,active network,security model
World Wide Web,Architecture,Internet privacy,Authentication,Computer science,Computer security,Usability,Multi-factor authentication,Computer security model,Web authentication,The Internet
Conference
Citations 
PageRank 
References 
9
0.56
5
Authors
4
Name
Order
Citations
PageRank
Anitra Babic190.56
Huijun Xiong2966.60
Danfeng Yao396574.85
Liviu Iftode42112148.14