We’ve recently returned from beautiful Vancouver for the 2nd Annual GRAND Conference. We are part of projects on “Usable Privacy and Security for New Media Environments” and “Digital Games for Learning and Training”. It was an oppportunity to discuss on-going projects, get feedback from others in different disciplines, talk about research priorities, and plan for the next year.
On May 6, we hosted grade 8-9 students from Ottawa in our lab for a session on user interaction technologies as part of Carleton’s Enrichment Mini-Courses. Students learned about the technologies and got hands-on experience with multitouch tables, a haptic device, an eye tracker, a head-mounted display, and a digital pen.
We spent a week in Toronto for the ISSNet Annual Workshop. We heard updates on recent work on research projects in all three themes (Network-oriented Security, Software Systems-oriented Security, Human-oriented Security) and had plenty of opportunity to catch up and discuss research with members from other Universities and industry partners. Several students from our lab presented posters of their on-going research projects. Invited talks by Nart Villeneuve from Trend Micro and by N. Asokan and Valtteri Niemi from Nokia gave us interesting insight into current industry work.
We were pleased to learn that our survey of graphical passwords has been accepted for publication in ACM Computing Surveys. It will appear in issue 44(4).
Title: Graphical Passwords: Learning from the First Twelve Years
Starting around 1999, a great many graphical password schemes have been proposed as alternatives to text-based password authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects, as well as system evaluation. The paper first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages. We then review usability requirements for knowledge-based authentication as they apply to graphical passwords, identify security threats that such systems must address and review known attacks, discuss methodological issues related to empirical evaluation, and identify areas for further research and improved methodology.
Several Carleton security and usable security researchers attended Financial Cryptography ‘11 in St. Lucia. We were pleasantly surprised to see that several of the papers addressed human factors and usable security. Our workshop on Authentication was well-attended and generated lots of questions and discussion between attendees and panelists. The workshop included invited talks by Cormac Herley, Steven Bellovin, and Robert Biddle.
Join us for a one-day workshop on user authentication:
We are organizing a workshop on user authentication, co-located with Financial Cryptography 2011 in St. Lucia on March 4, 2011. The workshop will consist of invited talks and expert panels. A preliminary program is available and will be updated as details are finalized.
Workshop on The Future of User Authentication and Authorization on the Web:
Challenges in Current Practice, New Threats, and Research Directions
Friday, March 4, 2011 — St. Lucia
After completing his comprehensive examinations, Alain spent the past 3 months as an intern at Microsoft Research. He worked with fellow intern and Ph.D. Candidate Kami Vaniea and mentors Stuart Schechter and Rob Reeder on Laissez-faire file sharing.
It has been a fantastic learning experience on several topics, including the subtle issues involved in designing usable access control, how industry-based research at Microsoft differs from academic research, and sneak peeks of upcoming Windows products, such as Windows Phone 7 and Kinect; a controller-less interface for the Xbox 360.
IEEE’s Privacy, Security, Trust conference (PST) was held here in Ottawa this year. The talks were an interesting mix ranging from very technical to public policy topics, including a keynote by Ann Cavoukian, the Information and Privacy Commissioner of Ontario. Dan, Alain, and Robert presented a paper on using eye-gaze as a tool to predict likely click-based graphical password click-points. Sonia taught a half-day tutorial introducing usable security and how to run usability evaluations.