research-article

Public Access

Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secret Knocks

Authors:

Chris Harrison,

Jason I. HongAuthors Info & Claims

CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems

Pages 3764 - 3774

https://doi.org/10.1145/3025453.3025991

Published: 02 May 2017 Publication History

Abstract

Small, local groups who share protected resources (e.g., families, work teams, student organizations) have unmet authentication needs. For these groups, existing authentication strategies either create unnecessary social divisions (e.g., biometrics), do not identify individuals (e.g., shared passwords), do not equitably distribute security responsibility (e.g., individual passwords), or make it difficult to share or revoke access (e.g., physical keys). To explore an alternative, we designed Thumprint: inclusive group authentication with a shared secret knock. All group members share one secret knock, but individual expressions of the secret are discernible. We evaluated the usability and security of our concept through two user studies with 30 participants. Our results suggest that (1) individuals who enter the same shared thumprint are distinguishable from one another, (2) that people can enter thumprints consistently over time, and (3) that thumprints are resilient to casual adversaries.

Supplementary Material

MP4 File (p3764-das.mp4)

Download
179.98 MB

References

[1]

Lujo Bauer, Lorrie LF Cranor, RW Robert W Reeder, Michael K MK Reiter, and Kami Vaniea. 2007. Comparing access-control technologies: A study of keys and smartphones. Carnegie Mellon University CyLab Tech Report 07-005. Retrieved from http://repository.cmu.edu/cylab/46/

[2]

Mike Bond. 2005. The Dining Freemasons (Security Protocols for Secret Societies). In Security Protocols. Springer Berlin Heidelberg, 258--265.

[3]

Joseph Bonneau, Cormac Herley, Paul C Van Oorschot, and Frank Stajano. 2012. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. Symposium on Security and Privacy (S&P'12), IEEE, 553--567. http://doi.org/10.1109/SP.2012.44

Digital Library

[4]

Anders Brandt. 2011. Noise and Vibration Analysis: Signal Analysis and Experimental Procedures. John Wiley & Sons.

[5]

A J Bernheim Brush. 2012. It's Used by Us: Family Friendly Access Control. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Workshop on Technology for Today's Family.

[6]

L.F. Cranor and S. Garinkel. 2005. Security and Usability: Designing Secure Systems that People Can Use. O'Reilly Media.

[7]

Sauvik Das, LaToya Green, Beatrice Perez, Michael Murphy, and Adrian Perrig. 2010. Detecting User Activities Using the Accelerometer on Android Smartphones. Carnegie Mellon University.

[8]

Sauvik Das, Hyun Jin Kim, Laura A. Dabbish, and Jason I. Hong. 2014. The Effect of Social Influence on Security Sensitivity. Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS'14).

[9]

Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2014. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14), ACM Press, 739--749. http://doi.org/10.1145/2660267.2660271

Digital Library

[10]

Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2015. The Role of Social Influence in Security Feature Adoption. Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15), ACM Press, 1416--1426. http://doi.org/10.1145/2675133.2675225

Digital Library

[11]

Serge Egelman, A.J. Bernheim Brush, and Kori M. Inkpen. 2008. Family accounts. Proceedings of the ACM 2008 conference on Computer supported cooperative work (CSCW '08), ACM Press, 669. http://doi.org/10.1145/1460563.1460666

Digital Library

[12]

Usama M. Fayyad and Keki B. Irani. 1993. MultiInterval Discretization of Continuos-Valued Attributes for Classification Learning. Proc. International Joint Conference on Uncertainty in AI, 1022--1027. Retrieved from http://trsnew.jpl.nasa.gov/dspace/handle/2014/35171

[13]

Shirley Gaw, Edward W Felten, and Patricia Fernandez-Kelly. 2006. Secrecy, flagging, and paranoia. Proceedings of the SIGCHI conference on Human Factors in computing systems (CHI '06), ACM Press, 591--600. http://doi.org/10.1145/1124772.1124862

Digital Library

[14]

Eric Gilbert. 2015. Open Book. Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15), ACM Press, 477--486. http://doi.org/10.1145/2702123.2702295

Digital Library

[15]

Mayank Goel, Jacob Wobbrock, and Shwetak Patel. 2012. GripSense. Proceedings of the 25th annual ACM symposium on User interface software and technology (UIST '12), ACM Press, 545--554. http://doi.org/10.1145/2380116.2380184

Digital Library

[16]

Mark A. Hall. 1999. Correlation-based Feature Selection for Machine Learning. University of Waikato. http://doi.org/10.1080/01422419908228843

[17]

Eiji Hayashi, Sauvik Das, Shahriyar Amini, Jason Hong, and Ian Oakley. 2013. CASA: A Framework for Context-Aware Scalable Authentication. Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS'13).

Digital Library

[18]

Cormac Herley and P van Oorschot. 2009. Passwords: If We're So Smart, Why Are We Still Using Them? Proceedings of the 13th International Conference on Financial Cryptography and Data Security (FC'09). http://doi.org/10.1007/978--3--642-03549--4_14

[19]

Seong Seob Hwang, Sungzoon Cho, and Sunghoon Park. 2009. Keystroke dynamics-based authentication for mobile devices. Computers and Security 28, 1--2: 85--93. http://doi.org/10.1016/j.cose.2008.10.002

Digital Library

[20]

Steven J. Karau and Kipling D. Williams. 1993. Social Loafing: A Meta-Analytic Review and Theoretical Integration. Interpersonal Relations and Group Processes 65, 4: 681--706. http://doi.org/10.1037/00223514.65.4.681

[21]

Amy K Karlson, A.J. Bernheim Brush, and Stuart Schechter. 2009. Can i borrow your phone? Proceedings of the 27th international conference on Human factors in computing systems (CHI 09), ACM Press, 1647--1650. http://doi.org/10.1145/1518701.1518953

Digital Library

[22]

Brendan Kiley. 2005. Secret Knocks and Passwords. The Stranger. Retrieved January 5, 2017 from http://www.thestranger.com/seattle/secret-knocks-andpasswords/Content?oid=25434

[23]

Ross Koppel, Sean Smith, Jim Blythe, and Vijay Kothari. 2015. Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient? Studies in Health Technology and Informatics 208: 215--220. http://doi.org/10.3233/9781--61499--488--6--215

[24]

Bibb Latané, Kipling Williams, and Stephen Harkins. 1979. Many hands make light the work: The causes and consequences of social loafing. Journal of Personality and Social Psychology 37, 6: 822--832. http://doi.org/10.1037/0022--3514.37.6.822

[25]

Felix Xiaozhu Lin, Daniel Ashbrook, and Sean White. 2011. RhythmLink: Securely Pairing I/O-Constrained Devices by Tapping Felix. Proceedings of the 24th annual ACM symposium on User interface software and technology (UIST '11), ACM Press, 263--271. http://doi.org/10.1145/2047196.2047231

Digital Library

[26]

Michelle L Mazurek, Brandon Salmon, Richard Shay, et al. 2010. Access control for home data sharing: Attitudes, needs, and practices. Proceedings of the 28th international conference on Human factors in computing systems (CHI '10), ACM Press, 645--654. http://doi.org/10.1145/1753326.1753421

Digital Library

[27]

Fabian Monrose and Aviel D. Rubin. 2000. Keystroke dynamics as a biometric for authentication. Future Generation Computer Systems 16, 4: 351--359. http://doi.org/10.1016/S0167-739X(99)00059-X

Digital Library

[28]

Deborah A. Prentice, Dale T. Miller, and Jenifer R. Lightdale. 1994. Asymmetries in attachments to groups and to their members: Distinguishing between common-identity and common-bond groups. Personality and Social Psychology Bulletin (PSPB) 20, 5: 484--493.

[29]

Frank Rieger. 2013. Chaos Computer Club breaks Apple TouchID. Retrieved January 5, 2017 from https://www.ccc.de/en/updates/2013/ccc-breaks-appletouchid

[30]

Peter J. Rousseeuw. 1987. Silhouettes: A graphical aid to the interpretation and validation of cluster analysis. Journal of Computational and Applied Mathematics 20, C: 53--65. http://doi.org/10.1016/03770427(87)90125-7

[31]

Bruce Schneier. 2000. Secret & Lies: Digital Security in a Networked World. John Wiley & Sons.

Digital Library

[32]

Supriya Singh, Anuja Cabraal, Catherine Demosthenous, Gunela Astbrink, and Michele Furlong. 2007. Password sharing. Proceedings of the SIGCHI conference on Human factors in computing systems (CHI '07), ACM Press, 895--904. http://doi.org/10.1145/1240624.1240759

Digital Library

[33]

Michael Toomim, Xianhang Zhang, James Fogarty, and James A Landay. 2008. Access control by testing for shared knowledge. Proceeding of the Twenty-sixth annual CHI conference on Human factors in computing systems (CHI '08), ACM Press, 193--196. http://doi.org/10.1145/1357054.1357086

Digital Library

[34]

Gérard Vincent. 1991. A history of secrets? In A History of Private Life: Riddles of Identity in Modern Times. 145--281.

[35]

Stanley Wasserman and Katherine Faust. 1994. Social network analysis: Methods and applications. Cambridge University Press.

[36]

Jacob Otto Wobbrock. 2009. TapSongs. Proceedings of the 22nd annual ACM symposium on User interface software and technology (UIST '09), ACM Press, 93--96. http://doi.org/10.1145/1622176.1622194

Digital Library

[37]

Shibboleth. Wikipedia. Retrieved January 5, 2017 from https://en.wikipedia.org/wiki/Shibboleth

Cited By

Jiang HJi PZhang TCao HLiu D(2024)Two-Factor Authentication for Keyless Entry System via Finger-Induced VibrationsIEEE Transactions on Mobile Computing10.1109/TMC.2024.336833123:10(9708-9720)Online publication date: Oct-2024
https://doi.org/10.1109/TMC.2024.3368331
Cao HLiu DJiang HCai CZheng TLui JLuo J(2024)HandKey: Knocking-Triggered Robust Vibration Signature for Keyless UnlockingIEEE Transactions on Mobile Computing10.1109/TMC.2022.321686823:1(520-534)Online publication date: Jan-2024
https://doi.org/10.1109/TMC.2022.3216868
Song YZhang YCai ZSu Z(2024)Touch Authentication for Sharing Context Using Within-Group Similarity StructureIEEE Internet of Things Journal10.1109/JIOT.2024.340232311:17(28281-28296)Online publication date: 1-Sep-2024
https://doi.org/10.1109/JIOT.2024.3402323
Show More Cited By

Index Terms

Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secret Knocks
1. Human-centered computing

Recommendations

A non-interactive deniable authentication scheme based on designated verifier proofs

A deniable authentication protocol enables a receiver to identify the source of the given messages but unable to prove to a third party the identity of the sender. In recent years, several non-interactive deniable authentication schemes have been ...
A new signature scheme without random oracles

Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Design and evaluation of a shoulder-surfing resistant graphical password scheme
AVI '06: Proceedings of the working conference on Advanced visual interfaces

When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems

May 2017

7138 pages

ISBN:9781450346559

DOI:10.1145/3025453

General Chairs:
Gloria Mark
University of California Irvine
,
Susan Fussell
Cornell University
,
Program Chairs:
Cliff Lampe
University of Michigan
,
m.c. schraefel
University of Southampton
,
Juan Pablo Hourcade
University of Iowa
,
Caroline Appert
Université Paris-Sud
,
Daniel Wigdor
University of Toronto

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Honorable Mention

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Conference

CHI '17

Sponsor:

SIGCHI

CHI '17: CHI Conference on Human Factors in Computing Systems

May 6 - 11, 2017

Colorado, Denver, USA

Acceptance Rates

CHI '17 Paper Acceptance Rate 600 of 2,400 submissions, 25%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
775
Total Downloads

Downloads (Last 12 months)90
Downloads (Last 6 weeks)14

Reflects downloads up to 19 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jiang HJi PZhang TCao HLiu D(2024)Two-Factor Authentication for Keyless Entry System via Finger-Induced VibrationsIEEE Transactions on Mobile Computing10.1109/TMC.2024.336833123:10(9708-9720)Online publication date: Oct-2024
https://doi.org/10.1109/TMC.2024.3368331
Cao HLiu DJiang HCai CZheng TLui JLuo J(2024)HandKey: Knocking-Triggered Robust Vibration Signature for Keyless UnlockingIEEE Transactions on Mobile Computing10.1109/TMC.2022.321686823:1(520-534)Online publication date: Jan-2024
https://doi.org/10.1109/TMC.2022.3216868
Song YZhang YCai ZSu Z(2024)Touch Authentication for Sharing Context Using Within-Group Similarity StructureIEEE Internet of Things Journal10.1109/JIOT.2024.340232311:17(28281-28296)Online publication date: 1-Sep-2024
https://doi.org/10.1109/JIOT.2024.3402323
Distler VFassl MHabib HKrombholz KLenzini GLallemand CKoenig VCranor L(2023)Empirical Research Methods in Usable Privacy and SecurityHuman Factors in Privacy Research10.1007/978-3-031-28643-8_3(29-53)Online publication date: 10-Mar-2023
https://doi.org/10.1007/978-3-031-28643-8_3
Noh HAhn CChae SKu YSim J(2022)Multichannel Acoustic Spectroscopy of the Human Body for Inviolable Biometric AuthenticationBiosensors10.3390/bios1209070012:9(700)Online publication date: 31-Aug-2022
https://doi.org/10.3390/bios12090700
Patrick ABurris ADas SNoah N(2022)Understanding User Perspective in a University Setting to Improve Biometric Authentication AdoptionProceedings of the 9th Mexican International Conference on Human-Computer Interaction10.1145/3565494.3565498(1-10)Online publication date: 16-Nov-2022
https://dl.acm.org/doi/10.1145/3565494.3565498
Wu YEdwards WDas S(2022)SoK: Social Cybersecurity2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833757(1863-1879)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833757
Han JKang BWong D(2021)HWAuth: Handwriting-Based Socially-Inclusive AuthenticationSIGGRAPH Asia 2021 Posters10.1145/3476124.3488638(1-2)Online publication date: 14-Dec-2021
https://dl.acm.org/doi/10.1145/3476124.3488638
Do YSingh SLi ZCraig SWelch PShi CStarner TAbowd GDas S(2021)Bit Whisperer: Enabling Ad-hoc, Short-range, Walk-Up-and-Share Data Transmissions via Surface-restricted AcousticsThe 34th Annual ACM Symposium on User Interface Software and Technology10.1145/3472749.3477980(1345-1357)Online publication date: 10-Oct-2021
https://dl.acm.org/doi/10.1145/3472749.3477980
Distler VFassl MHabib HKrombholz KLenzini GLallemand CCranor LKoenig V(2021)A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security ResearchACM Transactions on Computer-Human Interaction10.1145/346984528:6(1-50)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3469845
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents