Usable and Secure Human Authentication
Jeremiah Blocki - Purdue University
Oct 19, 2016Size: 246.9MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractA typical computer user today manages passwords for many different online accounts. Users struggle with this task ---often forgetting their passwords or adopting insecure practices, such as using the same passwords for multiple accounts and selecting weak passwords. Before we can design good password management schemes it is necessary to address a fundamental question: How can we quantify the usability or security of a password management scheme? In this talk we will introduce quantitative usability and security models. Notably, our user model, which is based on research on human memory about spaced rehearsal, allows us to analyze the usability of a large family of password management schemes while experimentally validating only the common user model underlying all of them. We argue that these quantitative models can guide the development of usable and secure password management schemes. In support of our argument we present Shared Cues, a simple password management scheme in which the user can generate many strong passwords after memorizing a few randomly generated stories. Our password management schemes are precisely specified and publishable: the security proofs hold even if the adversary knows the scheme and has extensive background knowledge about the user (hobbies, birthdate, etc.).
This talk is based on joint work with Manuel Blum and Anupam Datta
About the SpeakerAt a high level Professor Blocki describes himself as "a theoretical computer scientist who is interested in applying fundamental ideas from computer science to address practical problems in usable privacy and security." He is especially interested in developing usable authentication protocols for humans. Are there easy ways for humans to create and remember multiple strong passwords? Can we design secure cryptographic protocols that are so simple that can be run by a human? Jeremiah has also developed algorithms for conducting privacy preserving data analysis in several different application settings including social networks and password data. Prior to joining Purdue Jeremiah completed his PhD on Usable Human Authentication at Carnegie Mellon University under the supervision of his advisors Manuel Blum and Anupam Datta. He also spent a year at Microsoft Research New England as a postdoc.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.