My research focuses in Human Computer Interaction. Theoretical security evaluation includes analyzing password space. While empirical security evaluation includes doing experiment on shoulder-surfing, observation, intersection, guessing attacks etc. Can I only include theoretical evaluation?
It depend on what aspect of a security evaluation is considered. Strict mathematical security of a particular graphical credential structure can be done without experimentation. However, usability evaluation of the very same credential structure would be almost entirely based on statistical analysis of experiments.
Yes both are needed. After implement you should clearly describe how it will satisfy all the security thread.
As we r better by discriminating images than words, means we the Human being possess a strong ability to discriminate between delicate differences in images; hence, a graphical “password” authentication for client-server, distributed computing, SIP etc. could be effective. To compare it with a text-based password authentication, the password space of an image is limited by how many images exist in a collection of images, or how many times an image can be subdivided. So, classification of graphical passwords are: cognometrics, locimetrics, and drawametrics.
Cognometrics is an image recognition scheme.
Locimetrics is a graphical password that challenges a user’s memory of specific areas or loci within an image.
Drawametrics are graphical passwords that measure the uniqueness of touch screen–based drawing activity with a stylus.
This is very important in locimetric based Authentication, where the user must select unique points based on an image as opposed to a sequence of images. Both cognometrics and locimetrics can work with contemporary PC-based systems; however, drawametrics require specific hardware that is not commonplace on today’s PC systems.
Hope this will be the best answer for your question, if you need more about this, I m ready to send you materials.
I'm not sure if this actually answers your question, but we used five 'human' criteria in addition to the security aspects, when designing our authentication system:
1. The 3-3 rule
Can the user still login after consuming 3 pints of beer, and when exhausted at 3am?
2. Can the user pay at the supermarket checkout, without holding up the queues?
3. Can the user use his current password without entering a password?
4. Can it all be done without typing? Without biometrics?
5. Can a child use it?
I think my answer to another question may help.
Here's a link:
https://www.researchgate.net/post/What_are_the_most_recent_advances_and_computational_tools_to_implement_effective_protection_for_SMS_Verification_Code_under_SS7_Redirection_Attacks
In doing something, do it with love or never do it at all.
- Mahatma Gandhi
Ofcourse, its necessary to show the lacuna n literature and the extent of convergence and divergence in existing studies.
- Badges
- Science topic
- Similar topics
- Computer Science and Engineering
- Human-Computer Interaction