時間:2022年10月26日(周三)10:00-11:30
報告人:北卡羅來納大學夏洛特分校張東松教授
會議號:#騰訊會議:981-531-401
報告內容簡介:
The pervasive use of mobile devices exposes users to increasing risks of shoulder-surfing attacks. Despite previous efforts on understanding shoulder-surfing resistance of mobile user authentication methods, empirical studies on textual password methods, particularly hybrid passwords that combine passwords with biometrics, remain lacking. To fill this literature gap, this study compares shoulder-surfing resistance of two hybrid password methods: touch gesture- and keystroke-based passwords. We select a touch gesture-based password method that exemplifies multiple shoulder-surfing resistance strategies and a keystroke-based password method leveraging keystroke dynamics. To gain a holistic understanding of shoulder-surfing resistance of the above methods, we investigated the effects of interaction mode, observation angle, entry error, and observation effort and proposed the related hypotheses. To measure shoulder-surfing resistance performance, we proposed efficiency as well as effectiveness metrics. We conducted a longitudinal lab experiment and another online experiment with diversified participants to test the hypotheses. The results of both experiments show that the touch gesture-based password method is superior to the keystroke-based counterpart in guarding users against shoulder-surfing attacks. The results also provide empirical evidence for the effects of interaction mode, observation angle, and observation effort on shoulder-surfing resistance. Our findings provide suggestions on how to enhance the security of password-based authentication methods.
報告人簡介:
張東松教授目前任北卡羅萊納大學夏洛特分校商業信息系統和運營管理系商業分析Belk講席教授、數據科學學院研究主任。于2002年獲得美國亞利桑那大學Eller偉德國際1946bv官網管理信息系統專業博士學位,他的研究主要包括知識管理、網上社區、電子商務、網上詐騙的自動識別等領域。目前,他已有約100篇學術論文發表在相關學術期刊和會議上,包括MIS Quarterly,Journal of Management Information Systems (JMIS), IEEE Transactions on Knowledge and Data Engineering (TKDE),IEEE Transactions on Software Engineering,IEEE Transactions on Systems,Man,Cybernetics, Decision Support Systems和 Information & Management等。他曾獲得美國國家科學基金會(NSF)、美國國家衛生研究所(NIH)、谷歌公司、中國國家自然科學基金會、中國科學院、英國皇家學會等機構的研究資助。他現在是多個信息系統和電子商務領域國際著名期刊的高級編輯、副編輯和編委會成員,包括MIS Quarterly,Journal of Management Information Systems (JMIS),Communications of the ACM (CACM),Journal of Association of Information Systems等。
(承辦:管理工程系、科研與學術交流中心)