Pass-thoughts: Authenticating with our minds

Proceedings New Security Paradigms Workshop

Volumn 2006, Issue , 2006, Pages 45-56

  Thorpe, Julie ^a   Van Oorschot, P C ^a   Somayaji, Anil ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

Authentication; Passwords

Indexed keywords

COMPUTER SYSTEMS; CONSTRAINT THEORY; INTERFACES (COMPUTER); SECURITY OF DATA; SYSTEMS ANALYSIS;

AUTHENTICATION; BRAIN-COMPUTER INTERFACE (BCI) TECHNOLOGY; PASS-THOUGHT SYSTEM; PASSWORDS;

HUMAN COMPUTER INTERACTION;

EID: 33745685825     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (65)

1. Martin Abadi, Michael Burrows, C. Kaufman, and Butler W. Lampson. Authentication and Delegation with Smart-cards. In Theoretical Aspects of Computer Software, pages 326-345, 1991.
2. M. A. Arbib, editor. The Handbook of Brain Theory and Neural Networks, pages 178-181. The MIT Press, second edition, 2003.
3. S. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 72-84, 1992.
4. N. Bierbaumer, N. Ghanayim, T. Hinterberger, I. Iversen, B. Kotchoubey, A. Kubler, J. Perelmouter, E. Taub, and H. Flor. A Spelling Device for the Paralyzed. Nature, 398:297-298, 1999.
5. N. Birbaumer, A. Kubler, N. Ghanayim, T. Hinterberger, J. Perelmouter, J. Kaiser, I. Iversen, and B. Kotchoubey. The Thought Translation Device (TTD) for Completely Paralyzed Patients, 2000.
6. J.-C. Birget, D. Hong, and N. Memon. Robust Discretization, With an Application to Graphical Passwords. Cryptology ePrint Archive, Report 2003/168, 2003. http://eprint.iacr.org/, site accessed Jan. 12, 2004.
7. M. Blum and N. J. Hopper. A Secure Human-Computer Authentication Scheme, 2000. http://www.aladdin.cs.emu.edu/papers/pdf s/y2001/manuel_blum.pdf, accessed Mar. 16, 2005.
8. S. Brostoff. Improving Password System Effectiveness. PhD thesis, University College London, 2004.
9. V. Brower. When Mind Meets Machine. EBMO Reports, 6(2):108-110, 2005.
10. CERT Coordination Center. Vulnerabilities, Incidents, and Fixes, http://www.cert.org.
11. M. D. Corner and B. D. Noble. Zero-Interaction Authentication. In International Conference on Mobile Computing and Networking, pages 1-11, 2002.
12. J. Daugman. How Iris Recognition Works. IEEE Transactions on Circuits and Systems for Video Technology, 14(1):21-30, 2004.
13. D. Davis, F. Monrose, and M.K. Reiter. On User Choice in Graphical Password Schemes. In 18th USENIX Security Symposium, 2004.
14. R. Dhamija and A. Perrig. Déjà Vu: A User Study Using Images for Authentication. In 9th USENIX Security Symposium, 2000.
15. W. Diffie, P.C. van Oorschot, and M. Weiner. Authentication and Authenticated Key Exchanges, volume 2 of Design Codes and Cryptography, pages 107-125. Kluwer Academic Publishers, 1992.
16. Y. Dodis, L. Reyzin, and A. Smith. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In Eurocrypt &004, pages 523-540, 2004.
17. E. Donchin, K. M. Spencer, and R. Wijesinghe. The Mental Prosthesis: Assessing the Speed of a P300-Based Brain-Computer Interface. IEEE Transactions on Rehabilitation Engineering, 8:174-179, 2000.
18. M. Doppelmayr, W. Klimesch, T. Pachinger, and B. Ripper. Individual Differences in Brain Dynamics: Important Implications for the Calculation of Event-Related Brain Power, 1998.
19. D. E. Duncan. Implanting Hope. Technology Review: MIT's Magazine of Innovation, 108(3):48-54, 2005.
20. T. Elbert, C. Pantev, C. Wienbruch, B. Rockstroh, and E. Taub. Increased Cortical Representation of the Fingers of the Left Hand in String Players. Science, 270:305-307, 1995.
21. Electro-cap International, Inc. Electro-Cap Price List: Electro-Cap. http://www.electro-cap.com,site accessed Aug. 27, 2005.
22. S. Granger. Social Engineering Fundamentals, Part I: Hacker Tactics, 2001. http://www.securityfocus.com/infocus/1527, site accessed Mar. 22, 2005.
23. ISI Web of Knowledge. Analysis: Brain Computer Interface Search Results, 2005.
24. D. P. Jablon. Strong Password-Only Authenticated Key Exchange. ACM SIGCOMM Computer Communication Review, 26(6):5-26, 1996.
25. A. K. Jain, P. W. Duin, and J. Mao. Statistical Pattern Recognition: A Review. IEEE Transactions on Pattern Analysis and Machine Intelligence, 22:4-37, 2000.
26. Wayne Jansen, Serban Gavrila, Vlad Korolev, Rick Ayers, and Ryan Swanstrom. Picture Password: A Visual Login Technique for Mobile Devices. National Institute of Standards and Technology Interagency Report (NISTIR) 7030, 2003. http://csrc.nist.gov/publications/nistir/nistir-7030.pdf, site accessed Mar. 22, 2004.
27. I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin. The Design and Analysis of Graphical Passwords. 8th USENIX Security Symposium, 1999.
28. A. Juels and M. Sudan. A Fuzzy Vault Scheme. In IEEE International Symposium on Information Theory, 2002.
29. M. Just and P.C. van Oorschot. Addressing the problem of undetected signature key compromise. In NDSS, 1999.
30. I. Kerr. So Trendy, So Convienient - So Dangerous to our Privacy, July 31, 2004. Vancouver Sun, available at: http://anonequity.org/en3/July31-Van_ Sun-Baja_Beach_Club.pdf.
31. D. Klein. Foiling the Cracker: A Survey of, and Improvements to, Password Security. In The 2nd USENIX Security Workshop, pages 5-14, 1990.
32. A. Kostov and M. Polak. Parallel Man-Machine Training in Development of EEC-Based Cursor Control. IEEE Transactions on Rehabilitation Engineering, 8:203-204, 2000.
33. LC Technologies Inc. Eyegaze Systems. http://www.eyegaze.com, site accessed Mar. 22, 2005.
34. H. Lei and V. Govindaraju. A Comparative Study on the Consistency of Features in On-Line Signature Verification. Pattern Recognition Letters, 26:2483-2489, 2005.
35. T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino. Impact of Artificial "Gummy" Fingers on Fingerprint Systems. In Rudolf L. van Renesse, editor, SPIE Optical Security and Counterfeit Deterrence. Techniques IV, volume 4677, pages 275-289, April 2002.
36. J. R. Millan. Adaptive Brain Interfaces. Communications of the ACM, 46(3):75-80, 2003.
37. J. R. Millan, J. Mourino, M. Franze, F. Cincotti, M. Varsta, J. Heikkonen, and F. Babiloni. A Local Neural Classifier for the Recognition of EEC Patterns Associated to Mental Tasks. IEEE Transactions on Neural Networks, 13(3):678-686, 2002.
38. F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel. Cryptographic Key Generation From Voice. In IEEE Conference on Security and Privacy, 2001.
39. F. Monrose, M. K. Reiter, and S. Wetzel. Password Hardening based on Keystroke Dynamics. International Journal of Information Security, 1(1):69-83, 2001.
40. A. Narayanan and V. Shmatikov. Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff. In 12th ACM Conference on Computer and Communications Security (to appear), 2005.
41. Neurosky. Neurosky Home Page. http://www.neurosky.com, site accessed Oct. 31, 2005.
42. M. A. L. Nicolelis and J. K. Chapin. Controlling Robots with the Mind. Scientific American, 289(4):46-53, 2002.
43. R. Palaniappan and K. V. R. Ravi. A New Method to Identify Individuals Using Signals from the Brain. In 4th International Conference on Information Communications and Signal Processing and 4th Pacific-Rim Conference on Multimedia (ICICS-PCM 2003), pages 1442-1445, 2003.
44. R.B. Paranjape, J. Mahovsky, L. Benedicenti, and Z. Koles. The Electroencephalogram as a Biometric. In The Canadian Conference on Electrical and Computer Engineering, pages 1363-1366, 2001.
45. A. Perrig and D. Song. Hash Visualization: a New Technique to Improve Real-World Security. In International Workshop on Cryptographic Techniques and E-Commerce, pages 131-138, 1999.
46. B. Pinkas and T. Sander. Securing Passwords Against Dictionary Attacks. In 9th ACM Conference on Computer and Communications Security, pages 161-170. ACM Press, 2002.
47. R. Plamondon and S. N. Srihari. On-Line and Off-Line Handwriting Recognition: A Comprehensive Survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, 22(1):63-84, 2000.
48. Real User Corporation. About Passfaces. http://www.realuser.com, site accessed May 24, 2004.
49. A. R. Roddy and J. D. Stosz. Fingerprint Features Statistical Analysis and System Performance Estimates. Proceedings of the IEEE, 85(9):1390-1421, 1996.
50. P. Ross. Mind Readers. Scientific American, 289(3):74-77, 2003.
51. V. Roth, K. Richter, and R. Freidinger. A PIN-Entry Method Resilient Against Shoulder Surfing. In Conference on Computer and Communications Security, pages 236-245, 2004.
52. Leonardo Sobrado and J.-C. Birget. Graphical Passwords. The Rutgers Scholar: An Electronic Bulletin of Undergraduate Research, Volume 4, 2002. http://rutgersscholar.rutgers.edu/volume04/sobrbirg/sobrbirg.htm, site accessed Mar. 22, 2004.
53. E. Spafford. Crisis and Aftermath (The Internet Worm). Comm. of the ACM, 32(6):678-687, 1989.
54. S. Stubblebine and P.C. van Oorschot. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. In Financial Cryptography'04 Springer-Verlag LNCS 3110, 2004.
55. G. Tally, R. Thomas, and T. Van Vleck. Anti-Phishing: Best Practices for Institutions and Consumers, March 2004. http://www.networkassociates.com/us/_tier2/products/_media/mcafee/wp\_a%ntiphishing. pdf, site accessed Mar. 22, 2005.
56. J. Thorpe and P.C. van Oorschot. Graphical Dictionaries and the Memorable Space of Graphical Passwords. In I3th USENIX Security Symposium, 2004.
57. J. Thorpe and P.C. van Oorschot. Towards Secure Design Choices for Implementing Graphical Passwords. In 20th Annual Computer Security Applications Conference, 2004.
58. T. M. Vaughan, W. J. Heetderks, L.J. Trejo, W. Z. Rymer, M. Weinrich, M. M. Moore, A. Kubler, B. H. Dobkin, N. Birbaumer, E. Donchin, E. W. Wolpaw, and J. R. Wolpaw. Brain-computer interface technology: A review of the Second International Meeting, 2003.
59. K. Warwick, M. Gasson, B. Hutt, I. Goodhew, P. Kyberd, H. Schulzrinne, and X. Wu. Thought Communication and Control: a First Step Using Radiotelegraphy. IEEE Proc. Commun., 151(3):185-189, 2004.
60. S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, and N. Memon. PassPoints: Design and Longitudinal Evaluation of a Graphical Password System. International J. of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security), 63:102-127, 2005.
61. G. M. Wilson and M. A. Sasse. From Doing to Being: Getting Closer to the User Experience. Interacting with Computers, 16:697-705, 2004.
62. J. R. Wolpaw, N. Birbaumer, D. J. McFarland, G. Pfurtscheller, and T. M. Vaughan. Brain-Computer Interfaces For Communication and Control. Clinical Neurophysiology, 113:767-791, 2002.
63. J. Yan. A Note on Proactive Password Checking. ACM New Security Paradigms Workshop, New Mexico, USA, 2001. http://citeseer.nj.nec.com/yan01note.html, site accessed Jan. 12, 2004.
64. Jianxin Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant. The Memorability and Security of Passwords - Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, 2000. http://www.ftp.cl.cam.ac.uk/ftp/users/rjal4/tr500.pdf, site accessed September 6, 2004.
65. L. Zhuang, F. Zhou, and J. D. Tygar. Keyboard Acoustic Emanations Revisited. In 12th ACM Conference on Computer and Communications Security (to appear), 2005.