polito.it
Politecnico di Torino (logo)

Toward a usable system-generated authentication mechanism

Federica Sarti

Toward a usable system-generated authentication mechanism.

Rel. Antonio Lioy, Andrea Atzeni. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2020

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (6MB) | Preview
[img] Archive (ZIP) (Documenti_allegati) - Altro
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (46MB)
Abstract:

The objective of this thesis is to investigate through objective metrics the usability of a new system-generated authentication mechanism, based on the concept of implicit memory, with the purpose to overcome the unreliable subjective human component in both authentication and usability evaluation. The first part of this work aims to analyse the state of the art of authentication systems, presenting their advantages, disadvantages and usability issues. Particular attention is given to system-generated authentication mechanisms, which permits to address the human related vulnerabilities (e.g. predictability) and to provide a greater degree of security. In this context, novel system-generated authentication mechanisms, based on the concept of implicit memory, are examined. These systems exploit the ability of the human brain to acquire and store information unconsciously, resulting in the complete abolition of the cognitive effort derived from recall of information from memory and therefore addressing the representative problem of memorization of the system-generated systems. The second part of the thesis focusses on the examination of usability evaluation methods, with specific interest for the objective metrics, in particular concerning user satisfaction, which typically relies on self-report questionnaires. In this regard, emerging physiological objective metrics are presented, such as eye-tracking, heart rate variability (HRV) or electromyography (EMG). The intent of introducing this new category of metrics is to obtain unbiased assessments, which are not subject to human brain reprocessing of lived experiences. The final part of the thesis describes the prototype implementation, the usability test realization and the results achieved. The test has the purpose to evaluate a system-generated authentication system, with a selection of objective metrics. The metrics include a series of data directly obtained by the log file, such as time and failures during the completion of tasks, and information collected by eye-tracking and mouse-clicking heat-maps, in addition to the heart rate variability data collected by means of a bracelet with optical heart rate sensor. As a matter of fact, although these new approaches permit to gather reliable data concerning the emotional state of the user, they do not provide any information on the positivity or negativity of the emotion experienced. Consequently, in order to evaluate and compare the information obtained through these new metrics, subjective questionnaires were inserted concerning the emotional state of the user. The prototype is a graphical authentication method, based on the visual-motor skills unconsciously acquired by the user, in accordance with the implicit memory concept, which refers to the absence of humans' consciousness or intentionality during recollection of experiences. It has been tested by a total of 22 participants, with heterogeneous experiences in the utilisation of IT systems. The majority of participants had a positive impression on the system, although they had never experienced anything similar. Furthermore, over one half of the participants agreed with the idea of replacing their traditional authentication methods with the proposed one, especially for the absence of cognitive effort by the user. This result is impressive, because it reveals users'awareness of the inadequacy of username/password mechanisms and the will to migrate towards something more innovative.

Relatori: Antonio Lioy, Andrea Atzeni
Anno accademico: 2019/20
Tipo di pubblicazione: Elettronica
Numero di pagine: 148
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/15258
Modifica (riservato agli operatori) Modifica (riservato agli operatori)