ENGLISH
您所在的位置: 首页» 新闻中心» 讲座预告

【明理讲堂2022年第43期】10-26北卡罗来纳大学夏洛特分校张东松教授:shoulder-surfing resistant mobile user authentication: a comparison of touch gesture- and keystroke-ba

时间:2022年10月26日(周三)10:00-11:30

报告人:北卡罗来纳大学夏洛特分校张东松教授

会议号:#腾讯会议:981-531-401

报告内容简介:

The pervasive use of mobile devices exposes users to increasing risks of shoulder-surfing attacks. Despite previous efforts on understanding shoulder-surfing resistance of mobile user authentication methods, empirical studies on textual password methods, particularly hybrid passwords that combine passwords with biometrics, remain lacking. To fill this literature gap, this study compares shoulder-surfing resistance of two hybrid password methods: touch gesture- and keystroke-based passwords. We select a touch gesture-based password method that exemplifies multiple shoulder-surfing resistance strategies and a keystroke-based password method leveraging keystroke dynamics. To gain a holistic understanding of shoulder-surfing resistance of the above methods, we investigated the effects of interaction mode, observation angle, entry error, and observation effort and proposed the related hypotheses. To measure shoulder-surfing resistance performance, we proposed efficiency as well as effectiveness metrics. We conducted a longitudinal lab experiment and another online experiment with diversified participants to test the hypotheses. The results of both experiments show that the touch gesture-based password method is superior to the keystroke-based counterpart in guarding users against shoulder-surfing attacks. The results also provide empirical evidence for the effects of interaction mode, observation angle, and observation effort on shoulder-surfing resistance. Our findings provide suggestions on how to enhance the security of password-based authentication methods.

报告人简介:

张东松教授目前任北卡罗莱纳大学夏洛特分校商业信息系统和运营管理系商业分析Belk讲席教授、数据科学学院研究主任。于2002年获得美国亚利桑那大学Eller12BET管理信息系统专业博士学位,他的研究主要包括知识管理、网上社区、电子商务、网上诈骗的自动识别等领域。目前,他已有约100篇学术论文发表在相关学术期刊和会议上,包括MIS Quarterly,Journal of Management Information Systems (JMIS), IEEE Transactions on Knowledge and Data Engineering (TKDE),IEEE Transactions on Software Engineering,IEEE Transactions on Systems,Man,Cybernetics, Decision Support Systems和 Information & Management等。他曾获得美国国家科学基金会(NSF)、美国国家卫生研究所(NIH)、谷歌公司、中国国家自然科学基金会、中国科学院、英国皇家学会等机构的研究资助。他现在是多个信息系统和电子商务领域国际著名期刊的高级编辑、副编辑和编委会成员,包括MIS Quarterly,Journal of Management Information Systems (JMIS),Communications of the ACM (CACM),Journal of Association of Information Systems等。

(承办:管理工程系、科研与学术交流中心)