Home
Search
Login
<mosaic.cnfolio.com>

Project notebook






Sir,
I read the document, "DŽej`a Vu: A User Study Using Images for Authentication", Rachna Dhamija and Adrian Perrig.
These are the some of the points i noticed as set backs and the proposed alternatives,

1. To avoid the security breach, the proposed solution in the paper is maintaining some fixed set of both porfolio images and decoy images along with the varying decoy images on each session of login.
But the problem with the approach is user will be again trained on the fixed set of decoy images which may lead to confusion. In the paper it is suggested to use multiple stage approach.
It leads to take more time. But it is not studied in the paper, what is the average time taken over studied set.
We would like to study the time taken by people in two cases, when the stages incresed and in case of single stage.
The proposed idea here is to always use the fixed set of images from different classes with slight variation in them. Over repeated usage user can easily select the portfolio image by scanning through the set.

2. It is not studied how the system can be trained to set the group password with common id. If different set of people are required to use the same password, how the training can be done.
Here we would like to study, if the password(porfolio images) is sent to others through mails how succefully they can login, and what would be the recogning ability.

3. There is one point about resending the same tag information over each time from client to server would lead to security breach. Here i would like to propose a technique to select the password based on the image content and as well as on the time stamp of the server. Every time the password information transmitted will be different. The same password will also be calculated on the server side for the authentication.

Inspite of these observations, the major draw back of this kind of authetication system is increasing the processing on both server and client side. To transmitt the fixed set of images will need higher band width. Even the memory requirements also increses on the server side.

These are the ovr all observations i could make about the project. I request your feedback and as well as the suggestions to procedd further.

kind regards,
Prdeep Reddy

some survey questions:


1. Please give us your opinion:
I can describe my pass images to my friends while looking at them.

Even when I am not looking at them, I can still describe my pass images to my friends.

Type: Strongly Disagree, Disagree, Neutral, Agree, Strongly Agree, N/A

2. To help you recognize/remember the images, did you use any of the following?


Cameras.(Mobile phone cameras for example).

Secret memos.

The print-screen button (with Paint for example).

Type: Yes No N/A

3. Ideally, I would configure P-IBAS to work with:

Type text box

4. How secure do you feel with P-IBAS (rate 1- 5 (max))

Type: radio buttons 1, 2, 3,4, 5

5. How easy do you think your identity can be stolen from P-IBAS (rate 1- 5 (max))

Type: radio buttons 1, 2, 3,4, 5

6. How comfortable and secure do you feel using P-IBAS when you are in a group and at public places (rate 1- 5 (max))

Type: radio buttons 1, 2, 3,4, 5

7. when you are in a group or in public places if you have a choice to make what would you prefer
Type: radio buttons

(A) image auth system like P-IBAS,
(B) conventional user-name password combination,
(c) none of these,
(D) i never login to critical systems either im in a group or at public places











File manager

Attachment Timestamp Size
Page revised 2010-04-19 13:29 • ©2012 University of Portsmouth • This website uses wikkawiki.org software.