Passwords are susceptible to observation, i.e., someone watching a user, either directly or through a hidden camera, typing his/her password can successfully impersonate the user.
An alternative to passwords that is secure against observation yet maintains usability is an important goal. The aim of this project is to develop such alternate authentication schemes.
At present our research is in two main areas.
Cognitive Authentication Schemes
Cognitive authentication schemes employ human cognitive abilities to authenticate. The server sends a challenge to the user who responds by mentally computing a function of the challenge and the password. We can think of the responses generated as dynamic passwords.
Our research in cognitive authentication schemes is further divided into two directions
Continuous and Implicit Authentication
Another alternative to passwords is to use an implicit and continuous authentication system. The system is implicit because of it can authenticate users based on the actions they would carry out anyway while using their devices. The system is continuous because it runs in the background without disturbing the user. The system only asks the user to enter password if an intrusion is detected.
Our current work shows that implicit and continuous authentication is feasible on smart glasses. Our system looks at the touch gestures (taps and swipes) on the touchpad of the smart glass to see if they match the pattern of the user or an intruder.