TY - GEN
T1 - AuthZit
T2 - 29th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2024
AU - Han, Joon Kuy
AU - Wong, Dennis
AU - Fu, Zhoulai
AU - Kang, Byungkon
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Designing a fallback authentication that is both memorable and strong poses a challenging task due to the need for authentication secrets to remain secure and easily recallable without frequent reinforcement. This could be especially prevalent for cloud computing security and resiliency. Inspired by the robust visual-spatial memory and associative memory of individuals, we introduce AuthZit, a novel system. AuthZit encodes authentication secrets as paths implementing a fault-tolerant algorithm through a 3D map of real-life places, navigated in both first person and 2D bird’s-eye perspective, coupled with a loci-tag (textual secret) associated with the location. Two experiments were conducted to iteratively design and evaluate AuthZit. First, it was observed that visual-spatial secrets are most memorable when navigated through a combination of 3D first-person and 2D bird’s-eye view perspectives. Second, we evaluated AuthZit against security questions and Android’s 9-dot pattern lock across three dimensions: memorability, security, and speed. AuthZit’s complexity-controlled secrets were significantly more memorable after three months, more resilient to shoulder surfing, and close adversaries.
AB - Designing a fallback authentication that is both memorable and strong poses a challenging task due to the need for authentication secrets to remain secure and easily recallable without frequent reinforcement. This could be especially prevalent for cloud computing security and resiliency. Inspired by the robust visual-spatial memory and associative memory of individuals, we introduce AuthZit, a novel system. AuthZit encodes authentication secrets as paths implementing a fault-tolerant algorithm through a 3D map of real-life places, navigated in both first person and 2D bird’s-eye perspective, coupled with a loci-tag (textual secret) associated with the location. Two experiments were conducted to iteratively design and evaluate AuthZit. First, it was observed that visual-spatial secrets are most memorable when navigated through a combination of 3D first-person and 2D bird’s-eye view perspectives. Second, we evaluated AuthZit against security questions and Android’s 9-dot pattern lock across three dimensions: memorability, security, and speed. AuthZit’s complexity-controlled secrets were significantly more memorable after three months, more resilient to shoulder surfing, and close adversaries.
UR - http://www.scopus.com/inward/record.url?scp=85218046951&partnerID=8YFLogxK
U2 - 10.1109/PRDC63035.2024.00025
DO - 10.1109/PRDC63035.2024.00025
M3 - Conference contribution
AN - SCOPUS:85218046951
T3 - Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
SP - 120
EP - 130
BT - Proceedings - 2024 IEEE 29th Pacific Rim International Symposium on Dependable Computing, PRDC 2024
PB - IEEE Computer Society
Y2 - 13 November 2024 through 15 November 2024
ER -