As small mobile devices such as mobile phones become increasingly
sophisticated, they are beginning to be used for highly securitysensitive
applications such as payment systems, stock trading, and
access control systems. The increasing importance ofmobile phones
exposes the tremendous lack of access control systems that restrict
access to the legitimate user. In fact, a lost mobile phone “delegates”
all rights to its new owner. The main challenges in designing
a secure user authentication system for small mobile devices are
the miniaturization as well as the requirement for usability across a
wide range of people.
In this paper, we propose and evaluate a novel mechanism for
user authentication. The cognitive process we rely on is the human
ability to recognize degraded images; degraded images are easily
recognized by legitimate users who have been being exposed to the
original picture. On the other hand, without knowledge of the original
image, it is difficult to mentally “revert” from the degraded image
to the original image, which provides a line of defense against
guessing attacks.
We implement a prototype user authentication system in Nokia
N70 cellular phones, and conduct a usability study of our scheme
with 54 participants. We find that all users manage to authenticate,
even after four weeks, which is a strong indication that the scheme
is usable by a wide range of people, even on miniaturized portable
devices.
We anticipate that this research will revitalize and encourage research
in the important topic of portable device based user authentication.