Systems and models for secure fallback authentication

dc.contributor.advisorThorpe, Julie
dc.contributor.authorAddas, Alaadin
dc.date.accessioned2019-01-11T14:58:56Z
dc.date.accessioned2022-03-25T18:38:24Z
dc.date.available2019-01-11T14:58:56Z
dc.date.available2022-03-25T18:38:24Z
dc.date.issued2018-12-01
dc.degree.disciplineComputer Science
dc.degree.levelMaster of Science (MSc)
dc.description.abstractFallback authentication (FA) techniques such as security questions, Email resets, and SMS resets have significant security flaws that easily undermine the primary method of authentication. Security questions have been shown to be often guessable. Email resets assume a secure channel of communication and pose the threat of the avalanche effect; where one compromised email account can compromise a series of other accounts. SMS resets also assume a secure channel of communication and are vulnerable to attacks on telecommunications protocols. Additionally, all of these FA techniques are vulnerable to the known adversary. The known adversary is any individual with elevated knowledge of a potential victim, or elevated access to a potential victim's devices that uses these privileges with malicious intent, undermining the most commonly used FA techniques. An authentication system is only as strong as its weakest link; in many cases this is the FA technique used. As a result of that, we explore one new and one altered FA system: GeoPassHints a geographic authentication system paired with a secret note, as well as GeoSQ, an autobiographical authentication scheme that relies on location data to generate questions. We also propose three models to quantify the known adversary in order to establish an improved measurement tool for security research. We test GeoSQ and GeoPassHints for usability, security, and deployability through a user study with paired participants (n=34). We also evaluate the models for the purpose of measuring vulnerabilities to the known adversary by correlating the scores obtained in each model to the successful guesses that our participant pairs made.en
dc.description.sponsorshipUniversity of Ontario Institute of Technologyen
dc.identifier.urihttps://hdl.handle.net/10155/1004
dc.language.isoenen
dc.subjectGeographic authenticationen
dc.subjectFallback authenticationen
dc.subjectAutobiographical authenticationen
dc.subjectKnown adversaryen
dc.titleSystems and models for secure fallback authenticationen
dc.typeThesisen
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Ontario Institute of Technology
thesis.degree.nameMaster of Science (MSc)

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Addas_Alaadin.pdf
Size:
3.02 MB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.61 KB
Format:
Plain Text
Description: