On user authentication by means of video events recognition

Original Research

Abstract

Graphical password schemes have been widely analyzed in the last couple of decades. Typically such schemes are not resilient to adversaries who are able to collect a considerable amount of session transcripts, and can process them automatically in order to extract the secret. In this paper we discuss a possible enhancement to graphical passwords aiming at making infeasible to the attacker to automatically process the collected transcripts. In particular, we investigate the possibility of replacing static graphical challenges with on-the-fly edited videos. In our approach, the system challenges the user by showing her a short film containing a number of pre-defined pass-events and the user replies with the proof that she recognized such events. We present a proof-of-concept prototype, FilmPW, and discuss some issues related to event life-cycle management. Our preliminary experiments show that such an authentication mechanism is well accepted by users and achieves low error rates.

Keywords

Graphical password Authentication Human cryptography 

References

  1. Bellard F (2013) FFMPEG official web site. http://www.ffmpeg.org
  2. Bertini M, Del Bimbo A, Torniai C, Cucchiara R, Grana C (2006) Mom: multimedia ontology manager. a framework for automatic annotation and semantic retrieval of video sequences. In: Proceedings of the 14th annual ACM international conference on Multimedia, ACM, pp 787–788Google Scholar
  3. Bicakci K, Atalay N, Yuceel M, Gurbaslar H, Erdeniz B (2009) Towards Usable Solutions to Graphical Password Hotspot Problem. In: 2009 33rd Annual IEEE International Computer Software and Applications Conference, IEEE, pp 318–323Google Scholar
  4. Blonder GE (1996) Graphical passwords. Lucent Technologies Inc, Murray Hill, NJ (US), US Patent no. 5559961Google Scholar
  5. Blundo C, D’Arco P, Santis AD, Galdi C (2004) Hyppocrates: a new proactive password checker. J Syst Softw 71(1–2):163–175CrossRefGoogle Scholar
  6. Brezeale D, Cook DJ (2008) Automatic video classification: a survey of the literature. IEEE Trans Syst, Man, Cyber, Part C 38(3):416–430CrossRefGoogle Scholar
  7. Bursztein E, Martin M, Mitchell J (2011) Text-based captcha strengths and weaknesses. In: Proceedings of the 18th ACM conference on Computer and communications security, ACM, pp 125–138Google Scholar
  8. Catuogno L, Galdi C (2008) A graphical pin authentication mechanism for smart cards and low-cost devices. In: Proceedings of the 2nd Workshop on Information Security Theory and Practices (WISTP 08) Sevilla (Spain), May 13–16, Springer-Verlag, Lecture Notes in Computer Science, vol 5019Google Scholar
  9. Catuogno L, Galdi C (2010) On the security of a two-factor authentication scheme. In: Proceedings of the 4th Workshop on Information Security Theory and Practices (WISTP 2010) Passau (Germany), April 12–14, 2010, Springer, Lecture Notes in Computer Science, vol 6033Google Scholar
  10. Catuogno L, Galdi C (2013) Towards the design of a film-based graphical password scheme. In: Information Science and Technology (ICIST), 2013 International Conference on, IEEE, pp 388–393Google Scholar
  11. Catuogno L, Galdi C (2014) Analysis of a two-factor graphical password scheme. Intern J Inform Sec pp 1–17. doi:10.1007/s10207-014-0228-y
  12. Ciaramella A, D’Arco P, De Santis A, Galdi C, Tagliaferri R (2006) Neural network techniques for proactive password checking. IEEE Trans Dependable Secure Compu 3(4):327–339CrossRefGoogle Scholar
  13. De Angeli A, Coventry L, Johnson G, Renaud K (2005) Is a picture really worth a thousand words? exploring the feasibility of graphical authentication systems. Intern J Human-comp Stud 63(1):128–152CrossRefGoogle Scholar
  14. De Luca A, Denzel M, Hussmann H (2009) Look into my eyes!: can you guess my password? In: Proceedings of the 5th Symposium on Usable Privacy and Security, ACM, p 7Google Scholar
  15. Dhamija R, Perring A (2000) Dèjá vu: a user study using images for authentication. In: IX USENIX UNIX Security Symposium, Denver, Colorado (USA)Google Scholar
  16. Gao H, Liu X (2009) A new graphical password scheme against spyware by using captcha. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15–17, 2009, ACM, ACM International Conference Proceeding SeriesGoogle Scholar
  17. Gibson M, Renaud K, Conrad M, Maple C (2009) Musipass: authenticating me softly with my song. In: Proceedings of the 2009 workshop on New security paradigms workshop, ACM, pp 85–100Google Scholar
  18. Golle P (2008) Machine learning attacks against the asirra captcha. In: Proceedings of the 15th ACM conference on Computer and communications security, ACM, pp 535–542Google Scholar
  19. Golle P, Wagner D (2007) Cryptanalysis of a cognitive authentication scheme (extended abstract). In: IEEE Symposium on Security and Privacy, IEEE Comp Soc, pp 66–70Google Scholar
  20. Gomes L (2006) Will all of us get our 15 minutes on a youtube video? The Wall Street Journal online, August 30, 2006Google Scholar
  21. Grady CL, Mcintosh AR, Rajah MN, Craik FIM (1998) Neural correlates of the episodic encoding of pictures and words. Proc Natl Acad Sci USA 95:2703–2708CrossRefGoogle Scholar
  22. Haller NM (1994) The S/KEY one-time password system. In: Proceedings of the Symposium on Network and Distributed System Security, pp 151–157Google Scholar
  23. Harada A, Isarida T, Mizuno T, Nishigaki M (2006) A user authentication system using schema of visual memory. In: Biologically Inspired Approaches to Advanced Information Technology: Second International Workshop, Bioadit 2006, Osaka, Japan 26–27, 2006, Proceedings, Springer, Lecture Notes in Computer Science, vol 3853, pp 338–345Google Scholar
  24. Hayashi E, Dhamija R, Christin N, Perrig A (2008) Use your illusion: Secure authentication usable anywhere. Proceedings of the 4th symposium on Usable privacy and security. ACM New York, NY, USA, pp 35–45CrossRefGoogle Scholar
  25. Hitchcock A (1955) To catch a thief. http://www.imdb.com/title/tt0048728/
  26. Hopper NJ, Blum M (2001) Secure Human Identification Protocols. In: ASIACRYPT 2001, Springer, Lecture Notes in Computer Science, vol 2248, pp 52–66Google Scholar
  27. Hoque E, Hoeber O, Strong G, Gong M (2013) Combining conceptual query expansion and visual search results exploration for web image retrieval. J Amb Intell Human Compu 4(3):389–400, http://www.scopus.com/inward/record.url?eid=2-s2.0-84878537451&partnerID=40&md5=a14779b5761ae42396369f31fec49759, cited By (since 1996)2
  28. Jameel H, Shaikh R, Lee H, Lee S (2006) Human identification through image evaluation using secret predicates. Lect Notes Comp Sci 4377:67CrossRefMathSciNetGoogle Scholar
  29. Jensen W, Gavrila S, Korolev V, Ayers R, Swanstrom R (2003) Picture password: a visual login technique for mobile devices. In: National Institute of Standards and Technologies Interagency Report, vol NISTIR 7030Google Scholar
  30. Jermyn I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: Proceedings of the 8th USENIX security Symposium, Washington Google Scholar
  31. Jones MJ, Viola P (2001) Robust real-time object detection. In: Workshop on Statistical and Computational Theories of Vision, vol 266Google Scholar
  32. Ko T (2008) A survey on behavior analysis in video surveillance for homeland security applications. In: AIPR, IEEE Comp Soc, pp 1–8Google Scholar
  33. Kumar M, Garfinkel T, Boneh D, Winograd T (2007) Reducing shoulder-surfing by using gaze-based password entry. In: Symposium On Usable Privacy and Security (SOUPS)Google Scholar
  34. Lanat A, Valenza G, Scilingo E (2013) Eye gaze patterns in emotional pictures. J Ambi Intell Human Compu 4(6):705–715CrossRefGoogle Scholar
  35. Lavee G, Rivlin E, Rudzsky M (2009) Understanding video events: A survey of methods for automatic interpretation of semantic occurrences in video.IEEE Trans Syst, Man, Cybern, Part C 39(5):489–504CrossRefGoogle Scholar
  36. Li S, Shah S, Khan M, Khayam S, Sadeghi A, Schmitz R (2010) Breaking e-banking CAPTCHAs. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACM, pp 171–180Google Scholar
  37. Maetz Y, Onno S, Heen O (2009) Recall-a-story, a story-telling graphical password system. In: Proceedings of the 5th Symposium on Usable Privacy and Security, ACM, p 27Google Scholar
  38. Matsumoto T (1996) Human-computer cryptography: An attempt. In: ACM Conference on Computer and Communications Security, pp 68–75Google Scholar
  39. McDonald DL, Atkinson RJ, Metz C (1995) One time passwords in everything (OPIE): Experiences with building and using stronger authentication. In: Fifth USENIX UNIX Security Symposium, Salt Lake City, Utah (USA)Google Scholar
  40. Merler M, Huang B, Xie L, Hua G, Natsev A (2012) Semantic model vectors for complex video event recognition. IIEEE Trans Multimed 14(1):88–101CrossRefGoogle Scholar
  41. Real User Coorp (1998) Pass faces. http://www.realuser.com
  42. Roth V, Richter K, Freidinger R (2004) A pin-entry method resilient against shoulder surfing. CCS ’04: Proceedings of the 11th ACM conference on Computer and communications security. ACM Press, New York, NY, USA, pp 236–245CrossRefGoogle Scholar
  43. Ryoo MS, Chen CC, Aggarwal JK, Roy-Chowdhury A (2010) An overview of contest on semantic description of human activities (sdha) 2010. In: Proceedings of the 20th International conference on Recognizing patterns in signals, speech, images, and videos, Springer-Verlag, Berlin, Heidelberg, ICPR’10, pp 270–285, http://dl.acm.org/citation.cfm?id=1939170.1939208
  44. Salehi-Abari A, Thorpe J, van Oorschot P (2008) On purely automated attacks and click-based graphical passwords. Proceedings of the 2008 Annual Computer Security Applications Conference. IEEE Computer Society, Washington, DC, USA, pp 111–120CrossRefGoogle Scholar
  45. Sasamoto H, Christin N, Hayashi E (2008) Undercover: authentication usable in front of prying eyes. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, pp 183–192Google Scholar
  46. Snoek CGM, Worring M (2005) Multimodal video indexing: A review of the state-of-the-art. Multimed Tools Appl 25(1):5–35. doi:10.1023/B:MTAP.0000046380.27575.a5 CrossRefGoogle Scholar
  47. Sobrado L, Birget JC (2002) Graphical password. “The Rutgers Scholar, an electronic Bulletin for undergraduate research” 4Google Scholar
  48. Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: Proceedings of 21st Annual Computer Security Application Conference (ACSAC 2005) december 5–9, Tucson AZ (US), pp 463–472Google Scholar
  49. The Blender Foundation (2013) Blender official web site. http://www.blender.org
  50. Thorpe J, van Oorschot P (2007) Human-seeded attacks and exploiting hot-spots in graphical passwords. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium table of contents, USENIX Association Berkeley, CA, USAGoogle Scholar
  51. Tompkins DAD, Hoos HH (2004) UBCSAT: An implementation and experimentation environment for SLS algorithms for SAT and MAX-SAT. In: Proceedings of the Seventh International Conference on Theory and Applications of Satisfiability Testing (SAT 2004), pp 37–46Google Scholar
  52. Weinshall D (2006) Cognitive authentication schemes safe against spyware (short paper). In: IEEE Symposium on Security and Privacy, IEEE Computer Society, pp 295–300Google Scholar
  53. Wiedenbeck S, Waters J, Birget J, Brodskiy A, Memon N (2005) PassPoints: Design and longitudinal evaluation of a graphical password system. Intern J Human-Comp Stud 63(1–2):102–127CrossRefGoogle Scholar
  54. Wiedenbeck S, Waters J, Sobrado L, Birget JC (2006) Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of Advanced Visual Interfaces AVI 2006, Venice ITALYGoogle Scholar
  55. Worring M, Snoek CG, De Rooij O, Nguyen G, Smeulders A (2007) The mediamill semantic video search engine. In: Acoustics, Speech and Signal Processing, 2007. ICASSP 2007. IEEE International Conference on, IEEE, vol 4, pp IV-1213Google Scholar
  56. Yan J, El Ahmad AS (2008) A low-cost attack on a microsoft captcha. In: Proceedings of the 15th ACM conference on Computer and communications security, ACM, pp 543–554Google Scholar
  57. YouTube LLC (2013) Youtube fact sheet. http://www.youtube.com/t/fact_sheet

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Dipartimento di InformaticaUniversitá degli Studi di SalernoFiscianoItaly
  2. 2.Dipartimento di Ingegneria Elettrica e Tecnologie dell’InformazioneUniversitá degli Studi di Napoli “Federico II”NapoliItaly

Personalised recommendations