%0 Conference Proceedings
%T Understanding Insider Attacks in Personalized Picture Password Schemes
%+ Cognitive UX GmbH
%+ University of Cyprus [Nicosia] (UCY)
%+ University of Patras
%A Constantinides, Argyris
%A Belk, Marios
%A Fidas, Christos
%A Pitsillides, Andreas
%Z Part 8: Usable Security
%< avec comité de lecture
%@ 978-3-030-85609-0
%( Lecture Notes in Computer Science
%B 18th IFIP Conference on Human-Computer Interaction (INTERACT)
%C Bari, Italy
%Y Carmelo Ardito
%Y Rosa Lanzilotti
%Y Alessio Malizia
%Y Helen Petrie
%Y Antonio Piccinno
%Y Giuseppe Desolda
%Y Kori Inkpen
%I Springer International Publishing
%3 Human-Computer Interaction – INTERACT 2021
%V LNCS-12935
%N Part IV
%P 722-731
%8 2021-08-30
%D 2021
%R 10.1007/978-3-030-85610-6_42
%K Picture passwords
%K Security
%K Eye-tracking
%K User study
%Z Computer Science [cs]Conference papers
%X Picture passwords, which require users to complete a picture-based task to login, are increasingly being embraced by researchers as they offer a better tradeoff between security and memorability. Recent works proposed the use of personalized familiar pictures, which are bootstrapped to the users’ prior sociocultural activities and experiences. However, such personalized approaches might entail guessing vulnerabilities by people close to the user (e.g., family members, acquaintances) with whom they share common experiences within the depicted familiar sceneries. To shed light on this aspect, we conducted a controlled in-lab eye-tracking user study (n = 18) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Results revealed that insider attackers, who share common experiences with the legitimate users, can easily identify regions of their selected secrets. The extra knowledge possessed by people close to the user was also reflected on their visual behavior during the human attack phase. Such findings can drive the design of assistive security mechanisms within personalized picture password schemes.
%G English
%Z TC 13
%2 https://inria.hal.science/hal-04215515/document
%2 https://inria.hal.science/hal-04215515/file/520518_1_En_42_Chapter.pdf
%L hal-04215515
%U https://inria.hal.science/hal-04215515
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC13
%~ IFIP-INTERACT
%~ IFIP-LNCS-12935