Jeremiah Blocki - Purdue University
Students: Spring 2022, unless noted otherwise, sessions will be virtual on Zoom.
Usable and Secure Human Authentication
Oct 19, 2016Download: MP4 Video Size: 246.9MB
Watch on YouTube
AbstractA typical computer user today manages passwords for many different online accounts. Users struggle with this task ---often forgetting their passwords or adopting insecure practices, such as using the same passwords for multiple accounts and selecting weak passwords. Before we can design good password management schemes it is necessary to address a fundamental question: How can we quantify the usability or security of a password management scheme? In this talk we will introduce quantitative usability and security models. Notably, our user model, which is based on research on human memory about spaced rehearsal, allows us to analyze the usability of a large family of password management schemes while experimentally validating only the common user model underlying all of them. We argue that these quantitative models can guide the development of usable and secure password management schemes. In support of our argument we present Shared Cues, a simple password management scheme in which the user can generate many strong passwords after memorizing a few randomly generated stories. Our password management schemes are precisely specified and publishable: the security proofs hold even if the adversary knows the scheme and has extensive background knowledge about the user (hobbies, birthdate, etc.).
This talk is based on joint work with Manuel Blum and Anupam Datta
About the Speaker
At a high level Professor Blocki describes himself as "a theoretical computer scientist who is interested in applying fundamental ideas from computer science to address practical problems in usable privacy and security." He is especially interested in developing usable authentication protocols for humans. Are there easy ways for humans to create and remember multiple strong passwords? Can we design secure cryptographic protocols that are so simple that can be run by a human? Jeremiah has also developed algorithms for conducting privacy preserving data analysis in several different application settings including social networks and password data. Prior to joining Purdue Jeremiah completed his PhD on Usable Human Authentication at Carnegie Mellon University under the supervision of his advisors Manuel Blum and Anupam Datta. He also spent a year at Microsoft Research New England as a postdoc.