Jean-Camille Birget

PassPoints: design and longitudinal evaluation of a graphical password system

Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

Design and evaluation of a shoulder-surfing resistant graphical password scheme

When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individuals authentication session. This is referred to as shoulder-surfing and is a known risk, of special concern when authenticating in public places. Until recently, the only defense against shoulder-surfing has been vigilance on the part of the user. This paper reports on the design and evaluation of a game-like graphical method of authentication that is resistant to shoulder-surfing. The Convex Hull Click (CHC) scheme allows a user to prove knowledge of the graphical password safely in an insecure location because users never have to click directly on their password images. Usability testing of the CHC scheme showed that novice users were able to enter their graphical password accurately and to remember it over time. However, the protection against shoulder-surfing comes at the price of longer time to carry out the authentication.

Modeling user choice in the PassPoints graphical password scheme

We develop a model to identify the most likely regions for users to click in order to create graphical passwords in the PassPoints system. A PassPoints password is a sequence of points, chosen by a user in an image that is displayed on the screen. Our model predicts probabilities of likely click points; this enables us to predict the entropy of a click point in a graphical password for a given image. The model allows us to evaluate automatically whether a given image is well suited for the PassPoints system, and to analyze possible dictionary attacks against the system. We compare the predictions provided by our model to results of experiments involving human users. At this stage, our model and the experiments are small and limited; but they show that user choice can be modeled and that expansions of the model and the experiments are a promising direction of research.

Almost finite expansions of arbitrary semigroups

Abstract We describe algebraic techniques that enable us to apply methods of finite semigroup theory to arbitrary infinite semigroups. This will be used in later papers to put global coordinates on semigroups and their morphisms, and to study languages and automata that are not finite-state.

Partial orders on words, minimal elements of regular languages, and state complexity

Abstract The classical partial orders on strings (prefix, suffix, subsegment, subsequence, lexical, and dictionary order) can be generalized to the case where the alphabet itself has a partial order. This was done by Higman for the subsequence order, and by Kundu for the prefix order. Higman proved that for any language L , the set MIN( L ) of minimal elements in L with respect to the generalized subsequence order is finite. Kundu proved that for any regular language L , the set MIN( L ) of minimal elements in L with respect to the generalized prefix order is also regular. Here we extend his result to the other orders and give upper bounds for the number of states of the finite automata recognizing MIN( L ). The main contribution of this paper, however, is the proof of lower bounds . The upper bounds are shown to be tight; in particular, if L is recognized by a deterministic finite automaton with n states then any deterministic (or even nondeterministic ) finite automaton recognizing MIN( L ) needs exponentially many states in n ; here, MIN is taken with respect to a generalized prefix, suffix, or subsegment order (with a partially ordered alphabet of 4 letters, whose Hasse diagram contains just one edge) or with respect to the ordinary subsequence order. We also give a new proof of a theorem of Sakoda and Sipser about the complementation of nondeterministic finite automata.

Graphical passwords based on robust discretization

This paper generalizes Blonders graphical passwords to arbitrary images and solves a robustness problem that this generalization entails. The password consists of user-chosen click points in a displayed image. In order to store passwords in cryptographically hashed form, we need to prevent small uncertainties in the click points from having any effect on the password. We achieve this by introducing a robust discretization, based on multigrid discretization

Isoperimetric functions of groups and computational complexity of the word problem

We prove that the word problem of a finitely generated group G is in NP (solvable in polynomial time by a nondeterministic Turing machine) if and only if this group is a subgroup of a finitely presented group H with polynomial isoperimetric function. The embedding can be chosen in such a way that G has bounded distortion in H. This completes the work started in [6] and [25].

Hierarchy-based access control in distributed environments

Access control is a fundamental concern in any system that manages resources, e.g., operating systems, file systems, databases and communications systems. The problem we address is how to specify, enforce, and implement access control in distributed environments. This problem occurs in many applications such as management of distributed project resources, e-newspaper and pay TV subscription services. Starting from an access relation between users and resources, we derive a user hierarchy, a resource hierarchy, and a unified hierarchy. The unified hierarchy is then used to specify the access relation in a way that is compact and that allows efficient queries. It is also used in cryptographic schemes that enforce the access relation. We introduce three specific cryptography based hierarchical schemes, which can effectively enforce and implement access control and are designed for distributed environments because they do not need the presence of a central authority (except perhaps for setup).

The Groups of Richard Thompson and Complexity

We prove new results about the remarkable infinite simple groups introduced by Richard Thompson in the 1960s. We give a faithful representation in the Cuntz C⋆-algebra. For the finitely presented simple group V we show that the word-length and the table size satisfy an n log n relation. We show that the word problem of V belongs to the parallel complexity class AC1 (a subclass of P), whereas the generalized word problem of V is undecidable. We study the distortion functions of V and show that V contains all finite direct products of finitely generated free groups as subgroups with linear distortion. As a consequence, up to polynomial equivalence of functions, the following three sets are the same: the set of distortions of V, the set of Dehn functions of finitely presented groups, and the set of time complexity functions of nondeterministic Turing machines.

State-complexity of finite-state devices, state compressibility and incompressibility

We study how the number of states may change when we convert between different finite-state devices. The devices that we consider are finite automata that are one-way or two-way, deterministic or nondeterministic or alternating. We obtain several new simulation results (e.g., ann-state 2NFA can be simulated by a 1NFA with ≤ 8n + 2 states, and by a 1AFA with ≤n2 states), and state-incompressibility results (e.g., in order to simulate ann-state 2DFA, a 1NFA needs ≥√/2n−2 states, and a 2AFA needs ≥c√n states for some constant c, in general).