This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Photographic Authentication through Untrusted Terminals
January-March 2003 (vol. 2 no. 1)
pp. 30-36
Trevor Pering, Intel Research
Murali Sundar, Intel Research
John Light, Intel Research
Roy Want, Intel Research

Photographic authentication is a technique for logging into untrusted public Internet access terminals. It leverages a person?s ability to recognize personal photographs by asking users to identify their own personal photographs from a set of randomized images. By changing the specific images shown on each login attempt, this technique is resilient to replay attacks, which are when an "overheard" login sequence is replayed verbatim to unscrupulously gain access to a system. A prototype implementation and corresponding user-tests show that not only are participants extremely adept at quickly and accurately recognizing their own photographs, but attackers can?t reliably determine which photographs are "correct" even when given samples of a user's photographs.

Index Terms:
Insecure authentication, digital photography, graphical passwords, public terminals
Citation:
Trevor Pering, Murali Sundar, John Light, Roy Want, "Photographic Authentication through Untrusted Terminals," IEEE Pervasive Computing, vol. 2, no. 1, pp. 30-36, Jan.-March 2003, doi:10.1109/MPRV.2003.1186723
Usage of this product signifies your acceptance of the Terms of Use.