Skip to main content
UOIT Home
Please use this identifier to cite or link to this item: http://hdl.handle.net/10155/1004

Issue Date: 1-Dec-2018
Title: Systems and models for secure fallback authentication
Authors: Addas, Alaadin
Publisher : UOIT
Degree : Master of Science (MSc)
Department : Computer Science
Supervisor : Thorpe, Julie
Keywords: Geographic authentication
Fallback authentication
Autobiographical authentication
Known adversary
Abstract: Fallback authentication (FA) techniques such as security questions, Email resets, and SMS resets have significant security flaws that easily undermine the primary method of authentication. Security questions have been shown to be often guessable. Email resets assume a secure channel of communication and pose the threat of the avalanche effect; where one compromised email account can compromise a series of other accounts. SMS resets also assume a secure channel of communication and are vulnerable to attacks on telecommunications protocols. Additionally, all of these FA techniques are vulnerable to the known adversary. The known adversary is any individual with elevated knowledge of a potential victim, or elevated access to a potential victim's devices that uses these privileges with malicious intent, undermining the most commonly used FA techniques. An authentication system is only as strong as its weakest link; in many cases this is the FA technique used. As a result of that, we explore one new and one altered FA system: GeoPassHints a geographic authentication system paired with a secret note, as well as GeoSQ, an autobiographical authentication scheme that relies on location data to generate questions. We also propose three models to quantify the known adversary in order to establish an improved measurement tool for security research. We test GeoSQ and GeoPassHints for usability, security, and deployability through a user study with paired participants (n=34). We also evaluate the models for the purpose of measuring vulnerabilities to the known adversary by correlating the scores obtained in each model to the successful guesses that our participant pairs made.
Appears in Collections:Electronic Theses and Dissertations (Public)
Faculty of Business and Information Technology - Master Theses

Files in This Item:

File Description SizeFormat
Addas_Alaadin.pdf3.1 MBAdobe PDFView/Open

Items in e-scholar@UOIT are protected by copyright, with all rights reserved, unless otherwise indicated.