時(shí)間:2022年10月26日(周三)10:00-11:30
報(bào)告人:北卡羅來納大學(xué)夏洛特分校張東松教授
會(huì)議號(hào):#騰訊會(huì)議:981-531-401
報(bào)告內(nèi)容簡(jiǎn)介:
The pervasive use of mobile devices exposes users to increasing risks of shoulder-surfing attacks. Despite previous efforts on understanding shoulder-surfing resistance of mobile user authentication methods, empirical studies on textual password methods, particularly hybrid passwords that combine passwords with biometrics, remain lacking. To fill this literature gap, this study compares shoulder-surfing resistance of two hybrid password methods: touch gesture- and keystroke-based passwords. We select a touch gesture-based password method that exemplifies multiple shoulder-surfing resistance strategies and a keystroke-based password method leveraging keystroke dynamics. To gain a holistic understanding of shoulder-surfing resistance of the above methods, we investigated the effects of interaction mode, observation angle, entry error, and observation effort and proposed the related hypotheses. To measure shoulder-surfing resistance performance, we proposed efficiency as well as effectiveness metrics. We conducted a longitudinal lab experiment and another online experiment with diversified participants to test the hypotheses. The results of both experiments show that the touch gesture-based password method is superior to the keystroke-based counterpart in guarding users against shoulder-surfing attacks. The results also provide empirical evidence for the effects of interaction mode, observation angle, and observation effort on shoulder-surfing resistance. Our findings provide suggestions on how to enhance the security of password-based authentication methods.
報(bào)告人簡(jiǎn)介:
張東松教授目前任北卡羅萊納大學(xué)夏洛特分校商業(yè)信息系統(tǒng)和運(yùn)營管理系商業(yè)分析Belk講席教授、數(shù)據(jù)科學(xué)學(xué)院研究主任。于2002年獲得美國亞利桑那大學(xué)Eller偉德國際1946bv官網(wǎng)管理信息系統(tǒng)專業(yè)博士學(xué)位,他的研究主要包括知識(shí)管理、網(wǎng)上社區(qū)、電子商務(wù)、網(wǎng)上詐騙的自動(dòng)識(shí)別等領(lǐng)域。目前,他已有約100篇學(xué)術(shù)論文發(fā)表在相關(guān)學(xué)術(shù)期刊和會(huì)議上,包括MIS Quarterly,Journal of Management Information Systems (JMIS), IEEE Transactions on Knowledge and Data Engineering (TKDE),IEEE Transactions on Software Engineering,IEEE Transactions on Systems,Man,Cybernetics, Decision Support Systems和 Information & Management等。他曾獲得美國國家科學(xué)基金會(huì)(NSF)、美國國家衛(wèi)生研究所(NIH)、谷歌公司、中國國家自然科學(xué)基金會(huì)、中國科學(xué)院、英國皇家學(xué)會(huì)等機(jī)構(gòu)的研究資助。他現(xiàn)在是多個(gè)信息系統(tǒng)和電子商務(wù)領(lǐng)域國際著名期刊的高級(jí)編輯、副編輯和編委會(huì)成員,包括MIS Quarterly,Journal of Management Information Systems (JMIS),Communications of the ACM (CACM),Journal of Association of Information Systems等。
(承辦:管理工程系、科研與學(xué)術(shù)交流中心)
