A research collaboration between Inria (Lead: Claude Castelluccia), Ruhr-University Bochum (Lead: Markus Duermuth), and University of California Berkeley (Lead: Fatma Imamoglu) that operates at the boundaries of Neuroscience and Internet Security with the goal of improving the security and usability of user authentication on the Internet.
Most existing security systems are not user friendly and impose a strong cognitive burden on users. Such systems usually require users to adapt to machines, whereas we think that machines should be adjusted to users. There is often a trade-off between security and usability: in current applications security tends to decrease usability. A prime example for this trade-off can be observed in user authentication, which is an essential requirement for many web sites that need to secure access to stored data. Most Internet services use password-authentication based schemes for user authentication.
Password-authentication based schemes are knowledge-based, since they require users to memorize secrets, such as passwords. In password-based authentication schemes, higher security means using long, random combination of characters as passwords, which are usually very difficult to remember. In addition, users are asked to provide different passwords for different web-sites, which have their own specific policy. These trade-offs are not well understood, and password-based authentication is often unpopular among users. Despite substantial research focusing on improving the state-of-the-art, very few alternatives are in use.
This research collaboration explores a new type of knowledge-based authentication scheme that eases the high cognitive load of passwords. With MooneyAuth, which is based on implicit memory, users can reproduce an authentication secret by answering a series of questions or performing a task that affects their subconscious memory. This has the potential to offer usable, deployable, and secure user authentication. Implicit memory is effortlessly utilized for every-day activities like riding a bicycle or driving a car. These tasks do not require explicit recall of previously memorized information.
This research is a follow-up of the CLOUDY associate team
![Figure 1: Left is the modified gray-scale version of the image, right is the Mooney version of the gray-scale image [2]. Copyright for the original image by Alex Pepperhill (CC by 2.0, source: https://www.flickr.com/photos/56278705@N05/ 8854256691/in/photostream/).](http://ercim-news.ercim.eu/images/stories/EN99/castelluccia.jpg "Figure 1: Left is the modified gray-scale version of the image, right is the Mooney version of the gray-scale image [2]. Copyright for the original image by Alex Pepperhill (CC by 2.0, source: https://www.flickr.com/photos/56278705@N05/ 8854256691/in/photostream/).")
Figure 1: Left is the modified gray-scale version of the image, right is the Mooney version of the gray-scale image. Copyright for the original image by Alex Pepperhill (CC by 2.0, source: https://www.flickr.com/photos/56278705@N05/8854256691/in/photostream/).
To know more:
