Quantifying the security of preference-based authentication

Markus Jakobsson, Liu Yang, Susanne Wetzel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Scopus citations

Abstract

We describe a technique aimed at addressing longstanding problems for password reset: security and cost. In our approach, users are authenticated using their preferences. Experiments and simulations have shown that the proposed approach is secure, fast, and easy to use. In particular, the average time for a user to complete the setup is approximately two minutes, and the authentication process takes only half that time. The false negative rate of the system is essentially 0% for our selected parameter choice. For an adversary who knows the frequency distributions of answers to the questions used, the false positive rate of the system is estimated at less than half a percent, while the false positive rate is close to 0% for an adversary without this information. Both of these estimates have a significance level of 5%.

Original languageEnglish
Title of host publicationProceedings of the 4th ACM Workshop on Digital Identity Management, DIM'08,Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages61-69
Number of pages9
DOIs
StatePublished - 2008
Event4th ACM Workshop on Digital Identity Management, DIM'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: 27 Oct 200831 Oct 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference4th ACM Workshop on Digital Identity Management, DIM'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/TerritoryUnited States
CityAlexandria, VA
Period27/10/0831/10/08

Keywords

  • Password reset
  • Preference-based authentication
  • Security question
  • Simulation

Fingerprint

Dive into the research topics of 'Quantifying the security of preference-based authentication'. Together they form a unique fingerprint.

Cite this