Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
基本信息
- 批准号:RGPIN-2018-05919
- 负责人:
- 金额:$ 2.04万
- 依托单位:
- 依托单位国家:加拿大
- 项目类别:Discovery Grants Program - Individual
- 财政年份:2022
- 资助国家:加拿大
- 起止时间:2022-01-01 至 2023-12-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Text passwords remain as one of the most widespread authentication mechanisms in computer systems. The strength of a password is thus of paramount importance to security. As such, a number of password strengthening techniques have been proposed in the literature and deployed in the real world. Nevertheless, there exists a trade-off between password strength and memorability, and while password strength meters are common, according to the related literature and to the best of my knowledge, no reliable memorability meter has been published or deployed. The proposed research program will endeavour to analyze memorability of system-assigned passwords at the time of creation, by studying the brain waves generated while seeing a password for the first time. This work will lead to a password meter that can help users to choose a system-assigned password that has higher probability of being remembered, by predicting its recall chances at the time of assigning the password to a user.So far, together with my team of students, I have been able to establish that passwords can be classified based on the electroencephalogram (EEG) signals they elicit. This was found through a series of experiments that used consumer-grade brain-computer interface (BCI) devices to compare EEG differences between random and common passwords (i.e., most common passwords as exposed by popular password leaks). In light of these experiments it became evident that a password meter could be built by measuring short- and long-term password recall. For example, when the user is given a choice of two system-assigned passwords, there are statistically significant correlations between the EEG signals and the chosen password, recalling the password from short- and long-term memory, and the number of attempts to remember the password correctly.To address password usability from a different angle, the proposed research program will investigate authentication techniques that leverage implicit learning phenomena from the psychology field. Some of the most important advantages of implicitly learnt passwords are that the user is not imposed with a conscious cognitive burden, can't retrieve them at will, and therefore to a certain extent implicitly learnt passwords are coercion- and insider-attack resistant. During the past years, my research team and I have designed and tested an authentication technique based on two branches of implicit learning, namely, contextual cueing and semantic priming, which have shown promise not only in terms of accuracy but in training time compared to the most cited recent related works available in the literature. The proposed research program will continue this line of research to improve accuracy as well as training and authentication time.Over 10 highly qualified personnel will be trained in authentication with strong theoretical foundations, benefitting the research community and Canadians in general.
文本密码仍然是计算机系统中最普遍的身份验证机制之一。因此,密码的强度对安全性至关重要。因此,文献中已经提出了许多密码增强技术,并在现实世界中得到了应用。然而,密码强度和可记忆性之间存在权衡,虽然密码强度测量仪很常见,但根据相关文献和我所知,还没有发布或部署可靠的可记忆性测量仪。拟议的研究计划将通过研究第一次看到密码时产生的脑电波,努力分析系统分配的密码在创建时的可记忆性。这项工作将导致一个密码计,可以帮助用户选择一个系统分配的密码,有更高的被记住的可能性,通过预测它的回忆机会,在分配密码给用户。到目前为止,我和我的学生团队已经能够建立密码可以根据它们引发的脑电图(EEG)信号进行分类。这是通过一系列实验发现的,这些实验使用了消费级脑机接口(BCI)设备来比较随机密码和普通密码(即最常见的密码,因为流行的密码泄露而暴露)之间的脑电图差异。根据这些实验,很明显可以通过测量短期和长期密码回忆来构建密码计。例如,当用户从两个系统分配的密码中进行选择时,脑电图信号与选择的密码、从短期和长期记忆中回忆密码以及正确记住密码的尝试次数之间存在统计学上显著的相关性。为了从不同的角度解决密码可用性问题,拟议的研究计划将调查利用心理学领域内隐学习现象的身份验证技术。隐式学习密码的一些最重要的优点是用户没有有意识的认知负担,不能随意检索它们,因此在一定程度上隐式学习密码是抗强制和内部攻击的。在过去的几年里,我和我的研究团队设计并测试了一种基于内隐学习的两个分支的认证技术,即上下文线索和语义启动,与文献中最近引用最多的相关工作相比,它不仅在准确性方面而且在训练时间方面都显示出希望。拟议的研究计划将继续这方面的研究,以提高准确性以及培训和认证时间。将培训10多名具有强大理论基础的高素质认证人员,使研究界和加拿大人民受益。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
VargasMartin, Miguel其他文献
VargasMartin, Miguel的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('VargasMartin, Miguel', 18)}}的其他基金
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2021
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2020
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2019
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2018
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense
迈向用户身份验证和流量检查的新安全范式:利用隐式错误和听觉
- 批准号:
312183-2013 - 财政年份:2017
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense
迈向用户身份验证和流量检查的新安全范式:利用隐式错误和听觉
- 批准号:
312183-2013 - 财政年份:2015
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense
迈向用户身份验证和流量检查的新安全范式:利用隐式错误和听觉
- 批准号:
312183-2013 - 财政年份:2014
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense
迈向用户身份验证和流量检查的新安全范式:利用隐式错误和听觉
- 批准号:
312183-2013 - 财政年份:2013
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Network security with automatic mitigation of disruptive traffic, attack containment, and intrusion detection
通过自动缓解破坏性流量、攻击遏制和入侵检测来确保网络安全
- 批准号:
312183-2008 - 财政年份:2012
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Network security with automatic mitigation of disruptive traffic, attack containment, and intrusion detection
通过自动缓解破坏性流量、攻击遏制和入侵检测来确保网络安全
- 批准号:
312183-2008 - 财政年份:2011
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
相似国自然基金
基于ARM Pointer Authentication的操作系统内核数据保护研究
- 批准号:62002317
- 批准年份:2020
- 资助金额:24.0 万元
- 项目类别:青年科学基金项目
相似海外基金
CAREER: Towards Secure and Usable IoT Authentication Under Constraints
职业:在约束下实现安全可用的物联网身份验证
- 批准号:
2144669 - 财政年份:2022
- 资助金额:
$ 2.04万 - 项目类别:
Continuing Grant
CAREER: Towards Secure and Usable IoT Authentication Under Constraints
职业:在约束下实现安全可用的物联网身份验证
- 批准号:
2309550 - 财政年份:2022
- 资助金额:
$ 2.04万 - 项目类别:
Continuing Grant
CICI: UCSS: Towards Secure and Usable Push Notification Authentication for Collaborative Scientific Infrastructures
CICI:UCSS:为协作科学基础设施实现安全可用的推送通知身份验证
- 批准号:
2115107 - 财政年份:2021
- 资助金额:
$ 2.04万 - 项目类别:
Standard Grant
CICI: UCSS: Towards Secure and Usable Push Notification Authentication for Collaborative Scientific Infrastructures
CICI:UCSS:为协作科学基础设施实现安全可用的推送通知身份验证
- 批准号:
2139358 - 财政年份:2021
- 资助金额:
$ 2.04万 - 项目类别:
Standard Grant
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2021
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2020
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2019
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Enhancing Authentication: Towards Password Memorability Meters, and Leveraging Implicit Learning for System-Assigned Passwords
增强身份验证:走向密码记忆仪,并利用系统分配密码的隐式学习
- 批准号:
RGPIN-2018-05919 - 财政年份:2018
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense
迈向用户身份验证和流量检查的新安全范式:利用隐式错误和听觉
- 批准号:
312183-2013 - 财政年份:2017
- 资助金额:
$ 2.04万 - 项目类别:
Discovery Grants Program - Individual
TWC: Small: Collaborative: Towards Energy-Efficient Privacy-Preserving Active Authentication of Smartphone Users
TWC:小型:协作:实现智能手机用户的节能隐私保护主动身份验证
- 批准号:
1618300 - 财政年份:2016
- 资助金额:
$ 2.04万 - 项目类别:
Standard Grant