TY - GEN
T1 - Understanding Insider Attacks in Personalized Picture Password Schemes
AU - Constantinides, Argyris
AU - Belk, Marios
AU - Fidas, Christos
AU - Pitsillides, Andreas
N1 - Publisher Copyright:
© 2021, IFIP International Federation for Information Processing.
PY - 2021
Y1 - 2021
N2 - Picture passwords, which require users to complete a picture-based task to login, are increasingly being embraced by researchers as they offer a better tradeoff between security and memorability. Recent works proposed the use of personalized familiar pictures, which are bootstrapped to the users’ prior sociocultural activities and experiences. However, such personalized approaches might entail guessing vulnerabilities by people close to the user (e.g., family members, acquaintances) with whom they share common experiences within the depicted familiar sceneries. To shed light on this aspect, we conducted a controlled in-lab eye-tracking user study (n = 18) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Results revealed that insider attackers, who share common experiences with the legitimate users, can easily identify regions of their selected secrets. The extra knowledge possessed by people close to the user was also reflected on their visual behavior during the human attack phase. Such findings can drive the design of assistive security mechanisms within personalized picture password schemes.
AB - Picture passwords, which require users to complete a picture-based task to login, are increasingly being embraced by researchers as they offer a better tradeoff between security and memorability. Recent works proposed the use of personalized familiar pictures, which are bootstrapped to the users’ prior sociocultural activities and experiences. However, such personalized approaches might entail guessing vulnerabilities by people close to the user (e.g., family members, acquaintances) with whom they share common experiences within the depicted familiar sceneries. To shed light on this aspect, we conducted a controlled in-lab eye-tracking user study (n = 18) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Results revealed that insider attackers, who share common experiences with the legitimate users, can easily identify regions of their selected secrets. The extra knowledge possessed by people close to the user was also reflected on their visual behavior during the human attack phase. Such findings can drive the design of assistive security mechanisms within personalized picture password schemes.
KW - Eye-tracking
KW - Picture passwords
KW - Security
KW - User study
UR - http://www.scopus.com/inward/record.url?scp=85115254840&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-85610-6_42
DO - 10.1007/978-3-030-85610-6_42
M3 - Conference contribution
AN - SCOPUS:85115254840
SN - 9783030856090
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 722
EP - 731
BT - Human-Computer Interaction – INTERACT 2021 - 18th IFIP TC 13 International Conference, Proceedings
A2 - Ardito, Carmelo
A2 - Lanzilotti, Rosa
A2 - Malizia, Alessio
A2 - Malizia, Alessio
A2 - Petrie, Helen
A2 - Piccinno, Antonio
A2 - Desolda, Giuseppe
A2 - Inkpen, Kori
PB - Springer Science and Business Media Deutschland GmbH
T2 - 18th IFIP TC 13 International Conference on Human-Computer Interaction, INTERACT 2021
Y2 - 30 August 2021 through 3 September 2021
ER -