Sauvik Das, Eiji Hayashi, and Jason I. Hong

International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp)

September 2013

We explore how well the intersection between our own everyday memories and those captured by our smartphones can be used for what we call autobiographical authentication—a challenge-response authentication system that queries users about day-to-day experiences. Through three studies—two on MTurk and one field study—we found that users are good, but make systematic errors at answering autobiographical questions. Using Bayesian modeling to account for these systematic response errors, we derived a formula for computing a confidence rating that the attempting authenticator is the user from a sequence of question-answer responses. We tested our formula against five simulated adversaries based on plausible real-life counterparts. Our simulations indicate that our model of autobiographical authentication generally performs well in assigning high confidence estimates to the user and low confidence estimates to impersonating adversaries.

android, authentication, autobiographical authentication, security, smartphone, ubicomp