Sign In

Communications of the ACM

ACM TechNews

How to Make Passwords That Cannot Be Compromised By Torture or Coercion


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A visual metaphor for password theft.

Researchers at California State Polytechnic Institute, Pomona have come up with a way to measure one's stress level to determine whether they are being coerced into revealing a password.

Credit: Psyomjesu

Researchers at California State Polytechnic University, Pomona hypothesized a method to measure an individual's stress levels and determine whether they are being coerced into revealing a password so authentication may be denied.

The technique gauges a subject's response to music they previously identified as relaxing, in that it provokes a shiver down the spine similar to being cold.

Five participants identified their favorite piece of "chill" music and then had their heartbeat and brain-wave patterns monitored as they listened to it, with emphasis on the point in the music when the chill response was triggered. The theory is that a relaxed subject can experience the "chill" in the future and replicate the associated physiological signals. The research team says tests determined subjects successfully did this 90% of the time.

The researchers, led by Max Wolotsky, reason these signals cannot be counterfeited and can only be measured when the subject is in a state of relaxation. Thus, any coercion would provoke a different signal that might lead to the development of coercion-resistant authentication systems.

From Technology Review
View Full Article

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account