Computer scientists work to strengthen online security
November 9, 2009If you forget your password when logging into an e-mail or online shopping Web site, the site will likely ask you a security question: What is your mother's maiden name? Where were you born?
The trouble is that such questions are not very secure. More people than you may think will know your answers. And if they don't, it might not be hard to search for it online or even make a lucky guess.
But Rutgers computer scientists are testing a new tactic that could be both easier and more secure.
"We call them activity-based personal questions," said Danfeng Yao, assistant professor of computer science in the Rutgers School of Arts and Sciences. "Sites could ask you, 'When was the last time you sent an e-mail?' Or, 'What did you do yesterday at noon?'"
Yao and her students have been testing how resistant these activity questions are to "attack," - computer security lingo for when an intruder answers them correctly and gains access to personal information such as e-mails or to do online shopping or banking.
Early studies suggest that questions about recent activities are easy for legitimate users to answer but harder for potential intruders to find or guess, Yao said.
"We want the question to be dynamic," she said. "The questions you get today will be different from the ones you would get tomorrow."
Rutgers doctoral student Huijun Xiong and visiting undergraduate student Anitra Babic are presenting the group's preliminary results in a workshop at this week's Association for Computing Machinery Conference on Computer and Communications Security. Babic is a senior at Chestnut Hill College in Philadelphia and participated in a summer research program at Rutgers.
Yao said she gave four students in her lab a list of questions related to network activities, physical activities and opinion questions, and then told them to "attack" each other.
"We found that questions related to time are more robust than others. Many guessed the answer to the question, 'Who was the last person you sent e-mail to?' But fewer were able to guess, 'What time did you send your last e-mail?'"
Yao explains that it should not be difficult for an online service provider to formulate these kinds of security questions by looking at its users' e-mail, calendar activities or previous transactions. Computers would have use natural language processing tools to synthesize understandable questions and analyze the answers for accuracy.
Yao is proposing further studies to determine the practicality of the new approach and the best way to implement it.
-
Study finds you get what you pay for with online Q & A sites
Apr 09, 2008 |
not rated yet |
0
-
Users of Yahoo Answers seek advice, opinion, expertise
Apr 22, 2008 |
not rated yet |
0
-
Yahoo! launches Web answering site
Dec 08, 2005 |
not rated yet |
0
-
Twitter hacked by old technique -- again
Jul 15, 2009 |
not rated yet |
0
-
Rational or Random? Model Shows How People Send E-Mails
Nov 19, 2008 |
not rated yet |
0
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (31) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
Synergistic relations between computer science and technology.
Feb 06, 2012
-
how do iphone gloves work?
Feb 05, 2012
-
iPhone battery over time
Jan 30, 2012
-
Best alternate Tablet to an iPad for writing math or physics equations?
Jan 26, 2012
-
Sending SMS to a website
Jan 20, 2012
-
Need help with my technical fest!
Jan 19, 2012
- More from Physics Forums - Computing & Technology
More news stories
Google might launch Drive for cloud storage soon
(PhysOrg.com) -- Google's next big move, according to the Wall Street Journal, is a cloud storage service called Drive. Hardly first to the plate, Google is simply catching up to introducing its cloud reposi ...
Walney offshore wind farm is world's biggest (for now)
(PhysOrg.com) -- The Walney wind farm on the Irish Sea--characterized by high tides, waves and windy weather--officially opened this week. The farm is treated in the press as a very big deal as the Walney ...
Love a click away in Indonesia's Twitter Republic
He was a geeky kid from Yogyakarta, she a glamorous city girl in Jakarta. In a country with one of the world's most vibrant social networking scenes they fell in love on Twitter.
3 hours ago |
not rated yet |
0
GPS court ruling leaves US phone tracking unclear
A US Supreme Court decision requiring a warrant to place a GPS device on the car of a criminal suspect leaves unresolved the bigger issue of police tracking using mobile phones, legal experts say.
23 hours ago |
4 / 5 (2) |
0
Europeans protest controversial Internet pact
Tens of thousands of people marched in protests in more than a dozen European cities Saturday against a controversial anti-online piracy pact that critics say could curtail Internet freedom.
19 hours ago |
4.6 / 5 (9) |
0
Latin America mining boom clashes with conservation
Latin America is experiencing a mining boom as prices rise fuelled by a hike in global demand, but the region is also being hit by a wave of violent protests, strikes and rallies by environmentalists.
Europe stakes billion-dollar bet on new rocket
A pencil-slim rocket is scheduled to lift into space from South America on Monday, carrying a billion-dollar bet that Europe can grab a juicy slice of the market to place satellites in low orbit.
Study finds that anti-diabetic medication can prevent the long-term effects of maternal obesity
In a study to be presented today at the Society for Maternal-Fetal Medicine's annual meeting, The Pregnancy Meeting, in Dallas, Texas, researchers will report findings that show that short therapy with the anti-diabetic medication ...
Netflix settlement trims 14 pct off 4Q earnings
(AP) -- Netflix pressed the rewind button on its fourth-quarter earnings after settling allegations that the video subscription service violated a consumer-privacy law.
Navy to begin tests on electromagnetic railgun prototype launcher
The Office of Naval Research (ONR)'s Electromagnetic (EM) Railgun program will take an important step forward in the coming weeks when the first industry railgun prototype launcher is tested at a facility ...
Explained: Sigma
It's a question that arises with virtually every major new finding in science or medicine: What makes a result reliable enough to be taken seriously? The answer has to do with statistical significance -- but ...
Nov 09, 2009
Rank: not rated yet
Also "Computers would have use natural language processing tools to synthesize understandable questions and analyze the answers for accuracy" - NLP algorithms are notorious for wording incomprehensible sentences and not understanding normal sentences properly when there is the slightest amount of ambiguity.