Jacob O. Wobbrock, University of Washington
Summary
A technique for user authenticate using tapping patterns is presented.
Details
Authenticating users on tiny devices with no keyboards/screens can be implemented by a tapping pattern. Called TapSong, it is supported by music psychology and can adapt to successful logins. Due to individual tapping differences, this technique can withstand eavesdropping in 80-90% cases (false positives) and allow correct logins in ~85% cases (true positives).
Tappings are stored using a binary sensor as text-less passwords that are difficult to represent if stolen but easy to enter privately. Since exact timings vary with each entry, mean and SD at each position are stored to allow variability in user input as per Weber’s law. Matching algorithm calculates three parameters based on which authentication is performed.
Review
Of late, there have been cases where text based passwords have proven to be weak towards a determined hacker. Although no security analysis has been provided and true positive rate is still some distance away from 100%, TapSong technique is interesting & unique enough to justify further study.
Disclaimer
The work discussed above is an original work presented at UIST 2009 by the authors/affiliations indicated at the starting of this post. This post in itself was created as part of course requirement of CPSC 436.
No comments:
Post a Comment