December 8, 2010
Title: On the Impact of Human Factors in Computer Security: Case Studies with Graphical Passwords
Abstract: Computer security and privacy problems can arise for a wide variety of reasons that often involve the interaction of people with computer applications. User authentication, the goal of which is to establish a user's identity, is particularly affected by human factors (e.g., human behaviour). This talk will review our case studies that demonstrate how human factors can influence the effective security provided by "graphical passwords", a method of user authentication that requires a user to remember one or more images (or parts of an image) in place of a word. We provide the first attacks and security analyses of two graphical password schemes (Draw-A-Secret and PassPoints), using interdisciplinary approaches based on human memory and cognitive models. Our analyses can be used to determine in which environments these authentication schemes may still provide sufficient security, and identify new recommendations and promising directions for further research in this area.
Biography: Dr. Julie Thorpe joined the Faculty of Business and Information Technology in 2010 as an Assistant Professor. She received a PhD in Computer Science (2008) from Carleton University. Her research has been featured in various media outlets including Wired magazine, Popular Science, Slashdot, BBC World News, and CBC's Ottawa Morning Show.
Dr. Thorpe has more than 8 years of experience working in the field of IT security. After completing her PhD, she also taught part-time at Carleton University, and served on the program committee for various international computer security conferences including the ACM Conference on Computer and Communications Security (ACM CCS) and the USENIX Security Symposium.
Her research interests include authentication, software security, human factors, graphical passwords, usability, biometrics, operating system security, networks, distributed computing, machine learning, image processing, and brain computer interfaces. Her current research focuses on the interaction between human factors and computer security.