Many conventional methods exist to authenticate a user, including text-based systems and graphical systems. While text-based authentication is secure, it is difficult for users to remember very robust passwords. Conversely, while graphical-based passwords that require selection of a "correct" image against "incorrect" (or distractor) ones have proven easier to remember, they are vulnerable to an attacker exploiting direct access to the selection (shoulder-surfing) or prior knowledge about the user. In this work, we propose a novel authentication method that combines both graphical-based and text-based features that seeks to mitigate these risks. Our system, Visual Question Authentication Protocol (VQAP) offers enhanced security by introducing (1) a question about a registered image as a cue for a text-based password, (2) a novel machine-learning based classifier for selecting distractor images that are related (or relevant) to the given question, and (3) multiple authentication scenarios, some of which present incorrect information that only the true user should be able to identify. We present experiments for our classifier that validate our ability to separate relevant and irrelevant images suitably for authentication purposes, given a question.
Visual Question Authentication Protocol (VQAP)
Nappi, Michele;
2018-01-01
Abstract
Many conventional methods exist to authenticate a user, including text-based systems and graphical systems. While text-based authentication is secure, it is difficult for users to remember very robust passwords. Conversely, while graphical-based passwords that require selection of a "correct" image against "incorrect" (or distractor) ones have proven easier to remember, they are vulnerable to an attacker exploiting direct access to the selection (shoulder-surfing) or prior knowledge about the user. In this work, we propose a novel authentication method that combines both graphical-based and text-based features that seeks to mitigate these risks. Our system, Visual Question Authentication Protocol (VQAP) offers enhanced security by introducing (1) a question about a registered image as a cue for a text-based password, (2) a novel machine-learning based classifier for selecting distractor images that are related (or relevant) to the given question, and (3) multiple authentication scenarios, some of which present incorrect information that only the true user should be able to identify. We present experiments for our classifier that validate our ability to separate relevant and irrelevant images suitably for authentication purposes, given a question.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
