The LSV seminar takes place on Tuesday at 11:00 AM. The usual location is the conference room at Pavillon des Jardins (venue). If you wish to be informed by e-mail about upcoming seminars, please contact Stéphane Le Roux and Matthias Fuegger.
The seminar is open to public and does not require any form of registration.
Authentication systems that rely upon personal knowledge questions (such as "What is your mother's maiden name?") are widely used but have, until recently, received little attention from the academic community. In this talk, I will present several methods and results regarding the security and usability of these authentication questions. Evaluating security has, on one hand, involved adapting techniques from guessing theory and applying them to real-world statistical distributions for typical answer categories such as the names of people, pets and places. It can also involve staging experiments where friends or family members are encouraged to guess answers. Experiments can also be used to evaluate the usability (e.g., memorability) of challenge questions and their answers. And while the results of existing personal knowledge question systems have been mostly negative, some possible improvements might be gained through increased interaction with the user, for example, to shape the answer distribution and lower the prevalence of common answers, or to introduce more tolerant authentication so as to reduce the reliance on perfect response accuracy.