Communications of the ACM
How to Make Passwords That Cannot Be Compromised By Torture or Coercion
Researchers at California State Polytechnic Institute, Pomona have come up with a way to measure one's stress level to determine whether they are being coerced into revealing a password.
Credit: Psyomjesu
Researchers at California State Polytechnic University, Pomona hypothesized a method to measure an individual's stress levels and determine whether they are being coerced into revealing a password so authentication may be denied.
The technique gauges a subject's response to music they previously identified as relaxing, in that it provokes a shiver down the spine similar to being cold.
Five participants identified their favorite piece of "chill" music and then had their heartbeat and brain-wave patterns monitored as they listened to it, with emphasis on the point in the music when the chill response was triggered. The theory is that a relaxed subject can experience the "chill" in the future and replicate the associated physiological signals. The research team says tests determined subjects successfully did this 90% of the time.
The researchers, led by Max Wolotsky, reason these signals cannot be counterfeited and can only be measured when the subject is in a state of relaxation. Thus, any coercion would provoke a different signal that might lead to the development of coercion-resistant authentication systems.
From Technology Review
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found