Research Objectives

• A common ritual of universities and other large organisations is the dilemma of creating, saving, using and forgetting multiple account names and passwords. As the number of students and computer systems increase, this anecdotal burden will reach a tipping point at which the security problems will no longer be manageable or acceptable. This software aims to provide a modular solution that gradually replaces the current dependency on passwords with the use of questions about individual activities or profile as the basis of authentication. The degree of interchangeability with existing password based systems provides usability value to current users and preserves the financial value of existing authentication systems.
• Research into security often focuses on total or absolute security instead of practical value. Despite the introduction of new security methods and products, the use of name and password in a challenge response protocol is still dominant and in some cases gaining ground (such as for Internet and mobile applications). Although more government (e.g. Inland Revenue) and retail (e.g. banking) applications are using knowledge-based authentication, they use proprietary solutions that are expensive and not publicly accessible. The premise of this project is that many security solutions have poor usability and high implementation costs, especially if it requires removal of existing password based systems. This software aims to provide a cost effective improvement in security for educational and commercial organisations that currently use password based authentication. First, the project uses open source licensing to reduce the cost of implementation. Second, the software focuses only on authentication functionality since that is the area most prone to low technology attacks such as manipulating or deceiving the user. Third, the solution preserves the usability and financial value of existing password systems by providing an interchangeable alternative.
• The Electronic and Computer Engineering department at University of Portsmouth is developing an undergraduate programme in security technology. This software aims to contribute directly to the development of new teaching units as well as providing a practical opportunity for students to interact with current research that has an observable link to their studies. Indeed, it would be beneficial for the project to have students participate as test users of the software and possibly inspire related final year student projects.

Objectives

• Design and implement knowledge-based authentication software that randomly generates authentication questions from a variety of user specific information.
• Investigate methods and define data models in order to apply Independent Component Analysis (ICA) techniques to the task of detecting fraudulent authentication. This approach would provide insight into the potential for applying ICA outside the field of signal processing.
• Investigate and design low complexity user interfaces that are easy to use and compatible with a range of mobile devices and web browsers. This work would provide insight into user interface design for the increasing number of mobile devices.

Topics

• Knowledge based authentication method
• Independent component analysis (ICA) applied to authentication