Learn More
A number of recent scams and security attacks (phishing, spyware, fake terminals, ...) hinge on a crook's ability to <i>observe</i> user behavior. In this paper, we describe the design, implementation, and evaluation of a novel class of user authentication systems that are resilient to observation attacks. Our proposal is the first to rely on the human(More)
We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user's current location) for authentication. We provide a probabilistic framework(More)
Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On(More)
In this paper, we propose and evaluate Use Your Illusion, a novel mechanism for user authentication that is secure and usable regardless of the size of the device on which it is used. Our system relies on the human ability to recognize a degraded version of a previously seen image. We illustrate how distorted images can be used to maintain the usability of(More)
While a large body of research on image-based authentication has focused on memorability, comparatively less attention has been paid to the new security challenges these schemes may introduce. Because images can convey more information than text, image-based authentication may be more vulnerable to educated guess attacks than passwords. In this paper, we(More)
We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to combine a number of passive factors for authentication (e.g., a user's current location) with appropriate active factors. In this paper, we provide a probabilistic framework for dynamically selecting an active(More)
This paper discusses and evaluates two novel multisensory user authentication mechanisms aimed at preventing observation attacks. These mechanisms improve the usability of our previous work by reducing authentication times, and are more suitable for portable and mobile devices. The ability to authenticate users is crucial to most modern information systems.(More)
Passwords are the most common authentication scheme today. However, it is difficult for people to memorize strong passwords, such as random sequences of characters. Additionally, passwords do not provide protection against phishing attacks. This paper introduces WebTicket, a low cost, easy-to-use and reliable web account management system that uses(More)
  • E Hayashi
  • 2000
This study reports on melatonin treatment in autism. A 14-year-old autistic male with severe mental retardation was given melatonin at a dose of 6 mg at 9:00 pm (C1) or 11:00 pm (C2). His parents kept a sleep diary. In C1, he often experienced early morning waking and fragmented night sleep but in C2, night sleep was prolonged and sleep-wake rhythm was(More)