TU home | T3 | Doctoral Dissertation Defense Announcement for Lakshmidevi Sreeramareddy

Doctoral Dissertation Defense Announcement for Lakshmidevi Sreeramareddy

Time: December 11, 10 -12

Location: YR 459

 Committee Chair, Dr. Jinjuan Heidi Feng, 410-704-3463, jfeng@towson.edu

ABSTRACT

A USABLE AND ACCESSIBLE AUTHENTICATION METHOD: 

GESTURE-BASED PASSWORD

Lakshmidevi Sreeramareddy 

         Alphanumeric password is the most widely adopted authentication method. However, numerous studies suggest that alphanumeric passwords are hard to use with potential security problems. An effective authentication tool has to balance between security and usability. This dissertation discusses the development and evaluation of an accessible gesture-based authentication method. The application uses drawings to authenticate the user and considers a number of biometric features such as speed and pause between strokes to enhance the authentication. Four user studies have been conducted to evaluate the gesture-based password application on different devices and by different user populations. The first study was a preliminary proof-of-concept investigation to help understand the interaction pattern and the nature of the passwords. It also allowed us to collect baseline data about various features that might help enhancing the authentication algorithm. Informed by the first study, a three session study was conducted to understand the performance and interaction pattern of users when using multi-stroke password.  This study also provide insights regarding the robustness of the gesture password method against shoulder surfing. The third study investigated the impact of input devices on the performance measures of the gesture password method. Specifically, we studies two types of devices: mouse and touch screen.  The fourth study examined the use of the gesture password method by the senior users. The results suggest that the gesture password method has the potential to serve as a usable alternative authentication method. As the confidence scores demonstrate, participants were able to reproduce the passwords with accuracy. The content of the passwords drawn is diversified, which has positive implications for security. Participants’ subjective feedback about the application is highly positive.