Abstract
Graphical password schemes have been widely analyzed in the last couple of decades. Typically such schemes are not resilient to adversaries who are able to collect a considerable amount of session transcripts, and can process them automatically in order to extract the secret. In this paper we discuss a possible enhancement to graphical passwords aiming at making infeasible to the attacker to automatically process the collected transcripts. In particular, we investigate the possibility of replacing static graphical challenges with on-the-fly edited videos. In our approach, the system challenges the user by showing her a short film containing a number of pre-defined pass-events and the user replies with the proof that she recognized such events. We present a proof-of-concept prototype, FilmPW, and discuss some issues related to event life-cycle management. Our preliminary experiments show that such an authentication mechanism is well accepted by users and achieves low error rates.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bellard F (2013) FFMPEG official web site. http://www.ffmpeg.org
Bertini M, Del Bimbo A, Torniai C, Cucchiara R, Grana C (2006) Mom: multimedia ontology manager. a framework for automatic annotation and semantic retrieval of video sequences. In: Proceedings of the 14th annual ACM international conference on Multimedia, ACM, pp 787–788
Bicakci K, Atalay N, Yuceel M, Gurbaslar H, Erdeniz B (2009) Towards Usable Solutions to Graphical Password Hotspot Problem. In: 2009 33rd Annual IEEE International Computer Software and Applications Conference, IEEE, pp 318–323
Blonder GE (1996) Graphical passwords. Lucent Technologies Inc, Murray Hill, NJ (US), US Patent no. 5559961
Blundo C, D’Arco P, Santis AD, Galdi C (2004) Hyppocrates: a new proactive password checker. J Syst Softw 71(1–2):163–175
Brezeale D, Cook DJ (2008) Automatic video classification: a survey of the literature. IEEE Trans Syst, Man, Cyber, Part C 38(3):416–430
Bursztein E, Martin M, Mitchell J (2011) Text-based captcha strengths and weaknesses. In: Proceedings of the 18th ACM conference on Computer and communications security, ACM, pp 125–138
Catuogno L, Galdi C (2008) A graphical pin authentication mechanism for smart cards and low-cost devices. In: Proceedings of the 2nd Workshop on Information Security Theory and Practices (WISTP 08) Sevilla (Spain), May 13–16, Springer-Verlag, Lecture Notes in Computer Science, vol 5019
Catuogno L, Galdi C (2010) On the security of a two-factor authentication scheme. In: Proceedings of the 4th Workshop on Information Security Theory and Practices (WISTP 2010) Passau (Germany), April 12–14, 2010, Springer, Lecture Notes in Computer Science, vol 6033
Catuogno L, Galdi C (2013) Towards the design of a film-based graphical password scheme. In: Information Science and Technology (ICIST), 2013 International Conference on, IEEE, pp 388–393
Catuogno L, Galdi C (2014) Analysis of a two-factor graphical password scheme. Intern J Inform Sec pp 1–17. doi:10.1007/s10207-014-0228-y
Ciaramella A, D’Arco P, De Santis A, Galdi C, Tagliaferri R (2006) Neural network techniques for proactive password checking. IEEE Trans Dependable Secure Compu 3(4):327–339
De Angeli A, Coventry L, Johnson G, Renaud K (2005) Is a picture really worth a thousand words? exploring the feasibility of graphical authentication systems. Intern J Human-comp Stud 63(1):128–152
De Luca A, Denzel M, Hussmann H (2009) Look into my eyes!: can you guess my password? In: Proceedings of the 5th Symposium on Usable Privacy and Security, ACM, p 7
Dhamija R, Perring A (2000) Dèjá vu: a user study using images for authentication. In: IX USENIX UNIX Security Symposium, Denver, Colorado (USA)
Gao H, Liu X (2009) A new graphical password scheme against spyware by using captcha. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15–17, 2009, ACM, ACM International Conference Proceeding Series
Gibson M, Renaud K, Conrad M, Maple C (2009) Musipass: authenticating me softly with my song. In: Proceedings of the 2009 workshop on New security paradigms workshop, ACM, pp 85–100
Golle P (2008) Machine learning attacks against the asirra captcha. In: Proceedings of the 15th ACM conference on Computer and communications security, ACM, pp 535–542
Golle P, Wagner D (2007) Cryptanalysis of a cognitive authentication scheme (extended abstract). In: IEEE Symposium on Security and Privacy, IEEE Comp Soc, pp 66–70
Gomes L (2006) Will all of us get our 15 minutes on a youtube video? The Wall Street Journal online, August 30, 2006
Grady CL, Mcintosh AR, Rajah MN, Craik FIM (1998) Neural correlates of the episodic encoding of pictures and words. Proc Natl Acad Sci USA 95:2703–2708
Haller NM (1994) The S/KEY one-time password system. In: Proceedings of the Symposium on Network and Distributed System Security, pp 151–157
Harada A, Isarida T, Mizuno T, Nishigaki M (2006) A user authentication system using schema of visual memory. In: Biologically Inspired Approaches to Advanced Information Technology: Second International Workshop, Bioadit 2006, Osaka, Japan 26–27, 2006, Proceedings, Springer, Lecture Notes in Computer Science, vol 3853, pp 338–345
Hayashi E, Dhamija R, Christin N, Perrig A (2008) Use your illusion: Secure authentication usable anywhere. Proceedings of the 4th symposium on Usable privacy and security. ACM New York, NY, USA, pp 35–45
Hitchcock A (1955) To catch a thief. http://www.imdb.com/title/tt0048728/
Hopper NJ, Blum M (2001) Secure Human Identification Protocols. In: ASIACRYPT 2001, Springer, Lecture Notes in Computer Science, vol 2248, pp 52–66
Hoque E, Hoeber O, Strong G, Gong M (2013) Combining conceptual query expansion and visual search results exploration for web image retrieval. J Amb Intell Human Compu 4(3):389–400, http://www.scopus.com/inward/record.url?eid=2-s2.0-84878537451&partnerID=40&md5=a14779b5761ae42396369f31fec49759, cited By (since 1996)2
Jameel H, Shaikh R, Lee H, Lee S (2006) Human identification through image evaluation using secret predicates. Lect Notes Comp Sci 4377:67
Jensen W, Gavrila S, Korolev V, Ayers R, Swanstrom R (2003) Picture password: a visual login technique for mobile devices. In: National Institute of Standards and Technologies Interagency Report, vol NISTIR 7030
Jermyn I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: Proceedings of the 8th USENIX security Symposium, Washington
Jones MJ, Viola P (2001) Robust real-time object detection. In: Workshop on Statistical and Computational Theories of Vision, vol 266
Ko T (2008) A survey on behavior analysis in video surveillance for homeland security applications. In: AIPR, IEEE Comp Soc, pp 1–8
Kumar M, Garfinkel T, Boneh D, Winograd T (2007) Reducing shoulder-surfing by using gaze-based password entry. In: Symposium On Usable Privacy and Security (SOUPS)
Lanat A, Valenza G, Scilingo E (2013) Eye gaze patterns in emotional pictures. J Ambi Intell Human Compu 4(6):705–715
Lavee G, Rivlin E, Rudzsky M (2009) Understanding video events: A survey of methods for automatic interpretation of semantic occurrences in video.IEEE Trans Syst, Man, Cybern, Part C 39(5):489–504
Li S, Shah S, Khan M, Khayam S, Sadeghi A, Schmitz R (2010) Breaking e-banking CAPTCHAs. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACM, pp 171–180
Maetz Y, Onno S, Heen O (2009) Recall-a-story, a story-telling graphical password system. In: Proceedings of the 5th Symposium on Usable Privacy and Security, ACM, p 27
Matsumoto T (1996) Human-computer cryptography: An attempt. In: ACM Conference on Computer and Communications Security, pp 68–75
McDonald DL, Atkinson RJ, Metz C (1995) One time passwords in everything (OPIE): Experiences with building and using stronger authentication. In: Fifth USENIX UNIX Security Symposium, Salt Lake City, Utah (USA)
Merler M, Huang B, Xie L, Hua G, Natsev A (2012) Semantic model vectors for complex video event recognition. IIEEE Trans Multimed 14(1):88–101
Real User Coorp (1998) Pass faces. http://www.realuser.com
Roth V, Richter K, Freidinger R (2004) A pin-entry method resilient against shoulder surfing. CCS ’04: Proceedings of the 11th ACM conference on Computer and communications security. ACM Press, New York, NY, USA, pp 236–245
Ryoo MS, Chen CC, Aggarwal JK, Roy-Chowdhury A (2010) An overview of contest on semantic description of human activities (sdha) 2010. In: Proceedings of the 20th International conference on Recognizing patterns in signals, speech, images, and videos, Springer-Verlag, Berlin, Heidelberg, ICPR’10, pp 270–285, http://dl.acm.org/citation.cfm?id=1939170.1939208
Salehi-Abari A, Thorpe J, van Oorschot P (2008) On purely automated attacks and click-based graphical passwords. Proceedings of the 2008 Annual Computer Security Applications Conference. IEEE Computer Society, Washington, DC, USA, pp 111–120
Sasamoto H, Christin N, Hayashi E (2008) Undercover: authentication usable in front of prying eyes. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, pp 183–192
Snoek CGM, Worring M (2005) Multimodal video indexing: A review of the state-of-the-art. Multimed Tools Appl 25(1):5–35. doi:10.1023/B:MTAP.0000046380.27575.a5
Sobrado L, Birget JC (2002) Graphical password. “The Rutgers Scholar, an electronic Bulletin for undergraduate research” 4
Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: Proceedings of 21st Annual Computer Security Application Conference (ACSAC 2005) december 5–9, Tucson AZ (US), pp 463–472
The Blender Foundation (2013) Blender official web site. http://www.blender.org
Thorpe J, van Oorschot P (2007) Human-seeded attacks and exploiting hot-spots in graphical passwords. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium table of contents, USENIX Association Berkeley, CA, USA
Tompkins DAD, Hoos HH (2004) UBCSAT: An implementation and experimentation environment for SLS algorithms for SAT and MAX-SAT. In: Proceedings of the Seventh International Conference on Theory and Applications of Satisfiability Testing (SAT 2004), pp 37–46
Weinshall D (2006) Cognitive authentication schemes safe against spyware (short paper). In: IEEE Symposium on Security and Privacy, IEEE Computer Society, pp 295–300
Wiedenbeck S, Waters J, Birget J, Brodskiy A, Memon N (2005) PassPoints: Design and longitudinal evaluation of a graphical password system. Intern J Human-Comp Stud 63(1–2):102–127
Wiedenbeck S, Waters J, Sobrado L, Birget JC (2006) Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of Advanced Visual Interfaces AVI 2006, Venice ITALY
Worring M, Snoek CG, De Rooij O, Nguyen G, Smeulders A (2007) The mediamill semantic video search engine. In: Acoustics, Speech and Signal Processing, 2007. ICASSP 2007. IEEE International Conference on, IEEE, vol 4, pp IV-1213
Yan J, El Ahmad AS (2008) A low-cost attack on a microsoft captcha. In: Proceedings of the 15th ACM conference on Computer and communications security, ACM, pp 543–554
YouTube LLC (2013) Youtube fact sheet. http://www.youtube.com/t/fact_sheet
Acknowledgments
The authors wish to thank Francesco Isgró for helpful discussions on image analysis and video event recognition.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Catuogno, L., Galdi, C. On user authentication by means of video events recognition. J Ambient Intell Human Comput 5, 909–918 (2014). https://doi.org/10.1007/s12652-014-0248-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-014-0248-5