Knowledge-Based Authentication (KBA) Research
Knowledge-Based Authentication (KBA) refers to the use of information or knowledge for identification or authentication. Colloquially, this is often referred to as using "Something you know" to authenticate. This page captures our research work into KBA.
Team Members
Staff
Researchers and Visitors
- Mike Just, Visiting Research Fellow (Sept 2008 - )
Alumni
- Usman Ahmed, MSc Informatics (graduated December 2009)
- Afshan Asghar Jaffrey (graduated December 2009)
- Simon Le Parc, MSc Informatics (graduated December 2009)
- Greg Matthews, Research Student (July 2009 - August 2009)
- Sharmila Mukherjee, MSc Informatics (graduated December 2009)
Colleagues
We work closely with our colleagues from other institutions.
Publications, Presentations, and Press
The following is a list of our related publications and presentations. There is also information available regarding some associated Experiments and Data Collection exercises that support our work.
- Mike Just, "Account Recovery Challenges: Secure and Usable Authentication," (invited paper) in Proceedings of Information Security Summit 2009.
- Mike Just, David Aspinall, "Personal Choice and Challenge Questions: A Security and Usability Assessment," in Proceedings of SOUPS 2009.
- Mike Just, David Aspinall, "Challenging Challenge Questions: Implications for the Testing and Deployment of Authentication Technologies," to appear in Policy & Internet.
(Earlier version presented at Trust 2009.)
- Joseph Bonneau, Mike Just, G. Matthews, "What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions," to appear in Proceedings of Financial Cryptography 2010.
Presentations
- Lifting the Lid Technology Showcase for SMEs
- Institute for Communicating and Collaborative Systems (ICCS) Seminar Series
- 13 February 2009, University of Edinburgh
- Invited Talk by Mike Just: Challenge Questions: Authentication's Weakest Link? (Abstract)(Presentation)
- Department of Computing Science Seminar Series
- 25 February 2009, University of Glasgow
- Invited Talk by Mike Just: Challenge Question Authentication (Presentation)
- Laboratory for Foundations of Computer Science (LFCS) 'Lab Lunch'
- 10 March 2009, University of Edinburgh
- Talk by Mike Just: Challenging Challenge Questions (Presentation)
- Trust 2009
- 8 April 2009, University of Oxford
- Talk by Mike Just: Challenging Challenge Questions (Presentation)
- Security Seminar Series
- 12 May 2009, University of Cambridge
- Talk by Mike Just: Whither Challenge Question Authentication? (Presentation)
- Information Security Summit 2009
- 27-28 May 2009, Prague, Czech Republic
- Invited Talk by Mike Just: Account Recovery: Authentication's Dirty Secret? (Abstract)(Presentation)
- Faculty of Informatics Seminar
- 29 May 2009, Masaryk University, Brno, Czech Republic
- Talk by Mike Just: On the Security and Usability of Challenge Questions (Presentation)
- Digital Security Seminar Series
- 13 July 2009, Carleton University, Ottawa, Canada
- Invited Talk by Mike Just: Personal Choice and Challenge Questions: A Security and Usability Assessment (Presentation)
- SOUPS 2009
- 16 July 2009, Mountain View, California
- Talk by Mike Just: Personal Choice and Challenge Questions: A Security and Usability Assessment (Presentation)
- Scottish Networking Event (SCONE)
- 10 September 2009, University of Strathclyde, Glasgow, Scotland
- Talk by Mike Just: Secure and Usable Authentication (Presentation)
Press
- Weak security ID questions put email at
risk, 8 March 2010, BBC News
-
Which lie did I tell?, 5 December 2009, Net.Wars
- Study: password resetting 'security questions' easily
guessed, 19 May 2009, ZDNet
Projects
Information about the EPSRC funding of our project Knowledge-Based Authentication: Evaluating and Improving can be found here.