REPORT OF HUMAN COMUTER ITERACTION SUBMITTED TO: SUBMITTEDBY:DR.CUE SUKHDEEP KAUR JC458517 IntroductionSecurity ofmobile devices, computers, tablets and other devices are increasingly importantin computing environment. Now days, user communicate with their companiesthrough mobile phones regarding business plans, organize their work and progressof business. Moreover, people share their personal information via internet bytheir smart phones. In these cases, the security of mobile devices is veryimportant. I have searched two articles which gives information about securityof mobile devices.There is needto protect access to devices that can enabling ubiquitous access to sensitive information.
sometimes,authentication schemes prove cons to shoulder-sur?ng attacks, where a bystanderobserves a user while authenticating. Then it becomes easy for a attacker to get the hold of the device and tries toauthenticate and access sensitive data. Modern researches and modern proposed schemes that are more resistant to observations.But in most cases, attacking state of the art schemes involves observing onlyone entity that is phone going to preparation for an attack.First articleis usability and security of text passwords on mobile devices. The second oneis multimodal authentication using gaze and touch on mobile devices. Thesearticles explained how passwords needs to be used secure our devices fromattacks.
The first article suggests the ways to ease password entry on mobiledevices. In second article, they purpose multimodal scheme using Gaze touchpass means attackers needs screen touch and user’s eyes to find out thepassword.BackgroundIn thebackground, discussed about the passwords policies on traditional devices. Ithas been found that the passwords length was to short and not contain moresymbols, upper case letters and numeric characters. The studies explain thatusers enter password on mobile devices very slowly that may cause of errors andinfluence password security. Some researches found that alternate keywords onkeyboard may increase the time of entering password. In the past studies, it isexamined that how password composition policies affect password strength andusability on laptops. But in last few years electronics devices havesignificantly changed based upon software and hardware.
The devices that wereusing just for calling and sending, are now using for email, web surfing,social networking and banking. So, these devices require authentication forsecure information in any form.ComparisonIn firstarticle, there is used two type of study to find best methods to create passwordand using on mobile devices and traditional devices such as desktops, tablets,etc.In firstonline study, users create their password according to the password policies.Then they enter to the second step. In this step they need to do one survey whichincludes some questions like their age should be above 18 years. Forverification purpose, users change their password as requirement of their emailprovider and they need to verify which device they are using such as mobilephone.
Users can not procced rest of work until verification is not done.After check, membersor users given eleven conditions. On the basis, of these conditions, users caneither proceed with portable devices or can be requested to use computers, pc. Aftercompletion these conditions users invited to enter their recently changedpassword to remember it.
After finishing of two days, users got email with alink to continue the study. Members asked to enter their secret password whichwas created by them in step one. If they do not remember their password, thenthey can select “forgot password” option to recover their password and getrecovery email. After use their secret password they complete this survey andgather data related the procedure, general password behavior.Password isthe secret key of users. There are some strategies to set the password. Here,is some policies with different conditions-Basic 20- noless than 20 words in length3class8- 8characters must in this policy with three character classes.
3class12-words must be no less than 12 words and contain no less than three characterclasses.2word16-words should not be less than 16 characters. It provesthat, two policies require more words such as 20,16 more accurate and securethan policy includes 8 words.the differentdevices playing important role in creating password and re-entry password. Whatdevices users are used when they make new passwords and when re-enter passwordlater on different device. In some cases user do not want to use password lateron other devices. For example- mobile to mobile(MM), traditional to mobile(TM),traditional to traditional(TT).
Mobile to mobile means user use password onmobile devices. Mobile to traditional identifies user use password on mobilelater can use on computer. Traditional to traditional that is used password oncomputers or pc’s.
. Users reported main problems of using password on mobilephones. 52% participants make distance from using password on mobile devices.23% users changed their password because of problems facing previously and 20%have passwords that they particularly used on mobile devices. In spite of this,users detailed that they both make and enter password on mobile phones onregular basis. 82% users announced that they make more than one password oncell phones.
37% revealed making more than three passwords on mobile phones.75% of members report entering password on many time with some enteringpassword more often. However, 55% of participants using mobile devices forbanking which proves that these passwords have high values.
It was not able to explore each combination in condition matric in afull factorial design. Here, just selected eleven conditions that esteemed mostsignificant to giving answers for some questions. 3class8MM, 3 class 8TT, 3 class12MM, 3 class 12TT, 2 word 16 MM, 2 word 16TT. These three condition setsenable to straightforwardly analyze passwords on traditional devices with thoseon made on mobile devices. Basic 20 MM, 3 word 20MM together with the past MMconditions, these enable us to examine the impacts of length and multifacetednature in the portable settings. In combination with 2 word 16MM and 2 word16TT, this is enables to additionally look at the impact of changing the kindof pattern utilize for making and entering passwords.They concentrate on the 2 word 16 arrangement since itwas as of late prescribed for customary designs.
2word16-autotools-MM,2word16-noticeable MM. In mix with 2word16MM and 2word16TT, these enable us toadditionally explore contrasts in watchword ease of use and security caused byshifting info techniques. They collect 2word16 as the secret word strategy forthis examination since we speculated that, as a word-based condition, it wouldgenerally most profitable from automatic text re entry tools.Measuring usability- they measured a variety of observedand perceived usability metrics for each condition.Times to create- the time elapsed between loading thepassword creation web page and submitting a password. This was estimated on theuser’s machine to ignore measuring network latency. Time more than two standarddeviation over the mean were excluded.
Creation attempts, re-entry attempts and reason forfailures-the user need to confirm password in various attempts and also shouldbe enter correct password during a period.Problems facing during password entry- self announcedconcurrence with the announcement that “I thought it was hard to enter thepassword I made on this device on a five point likert scale.Duplicating- during the re entry in part second, users copyand paste password on browsers password entry field.Number of cancellation- the quantity of characters whichuser erased during the password creation process.
Secret key storage-password storing with the users itself.For instance, recording or save it into the browser.Estimating password strength- they utilize guessability,what number of estimates a distinct cracking algorithm takes to guess apassword to measure the strength of secret key.Late work advocates introduce this matric that representsan attacker trying guesses based on desired probability as compare to someother metrics.
In this metric every secret key is allocated a figure numberexplains that what number of estimates an attacker would needs to figure the guesspassword. Additionally, they refers past work which includes numerous strategiesto simulates a talented attacker. There is no certification that this estimationof quantity simulates on all attackers, in reality a attacker with moreinformation about how these passwords were made might have the capacity to makebetter suppositions. In the secondarticle, gaze touch pass: multimodal password was introduced.
Participantsdefine four symbols according to this scheme, each can be entered eitherthrough touch or through look. Continuous look contributions to a similar way wouldthan need to be isolated by a look to the front. User can enter by touching thecharacters and moving the eyes. The eyes of participants are identified by thefront camera.
In security terms, video recorders are used to do study of defininggaze touch pass.Gaze touchpass tends to two threat models, in these two models the user is an open spacethat is not under the control of attackers. The attackers know the framework ofsystem and knows how to give a password.Iterativeattacks- the attackerscan watch the user few times from various perspectives. The attackersconcentrate on one methodology per perception on the eyes view of client andthen concentrate on input screen. Lastly, recollect both information andcollaborate later.Side attacks- the attackers concentrate on theuser from the point of using eyes and using touch screen.
What’s more, the useror client and attackers are sufficiently close to observe the touchscreen.However, also far enough to lesson the effort switching focus back between theuser’s eyes and device’s display.While gazetouch pass demonstrates that multimodal passwords are altogether more securethan single modal once. Iterative attackers are still conceivable and seen tobe moderately simple to perform. Future work should concentrate on expandingprotection on iterative attackers while looking after ease of use.
One otherpossible approach is to use random cue, it’s difficult to get observations frommultiple view. Here is likewise examine the memorability and practical passwordspace of gaze touch pass. What’s more, video based eye following has its knownlimitations: shifting light condition, impressions of eye glasses and heavymake up can influence the quality of eye tracking. For this reason, justselected straight forward eye motions that can be vigorously identified byfrontal cameras. It may utilization of better eye following hardware canempower a more extensive scope of eye developments which are identified.
Futuresystems can utilize different sorts of eye developments. For instance, thesmooth pursuits eye movement has gained concentrate in past in enablingcalibration free gaze based interaction.Usability study-the goal of this study to dissect the usability of gaze touch pass and togather video recording of look and touch contribution of the resulting securityconsider. In a repeated measure analyze, every user performed 16authentications using randomly created secret keys. They enrolled 13 users betweenthe age of 21 and 35 years. They logged all logins and recorded the usersutilizing three hd cameras.
Every user played out a preparation run for eachcondition to get to know framework. This study assessed the usability based oninput speed and error rate. Conclusion-There wasdone comparison of password usability either using on mobile devices or oncomputers. There was also discussed some policies to set password. It was foundthat, password using on mobile is the cause of less usability.
This study alsodescribes that passwords using on mobile phones are weaker in front of strongattackers.Moreover, onthe basis of study, there are some policies used for traditional devices.With manymobile users system where security is important use 2word 16 policy.
Suppose visiblepassword creation or give permission to participants that they can have optionsto visible password through creation time where shoulder surfing attacks arenot common in systems.For avoidinguser’s frustration, disable text entry tool. Secondly, Gaze touch pass is moresecure than other single systems specially against side attackers because ofhaving rapidly focus on phones and eyes.
In the end, found that multimodal isenhancing the security level of systems.