Title:	Mental Trapdoors for User Authentication on Small Mobile Devices
Authors:	Eiji Hayashi, Nicolas Christin, Rachna Dhamija, Adrian Perrig
Publication Date:	August 12, 2007
Full Report:	CMU-CyLab-07-011 (.pdf)

Abstract

As small mobile devices such as mobile phones become increasingly sophisticated, they are beginning to be used for highly security- sensitive applications such as payment systems, stock trading, and access control systems. The increasing importance of mobile phones exposes the tremendous lack of access control systems that restrict access to the legitimate user. In fact, a lost mobile phone "delegates'' all rights to its new owner. The main challenges in designing a secure user authentication system for small mobile devices are the miniaturization as well as the requirement for usability across a wide range of people.

In this paper, we propose and evaluate a novel mechanism for user authentication. The cognitive process we rely on is the human ability to recognize degraded images; degraded images are easily recognized by legitimate users who have been being exposed to the original picture. On the other hand, without knowledge of the original image, it is difficult to mentally "revert" from the degraded image to the original image, which provides a line of defense against guessing attacks.