Hirokazu Sasamoto, a grad student at Carnegie Mellon CyLab Japan, Eiji Hayashi (E '06) and Carnegie Mellon faculty Nicolas Christin are changing the way people think about cybersecurity.
Christin explains that researchers typically consider the human factor as the Achilles' heel of security.
"Instead, we show that one can make systems more secure by specifically relying on things humans are very good at, for instance, our ability to mentally combine tactile and visual information very quickly," he said. "We are really turning the problem on its head; rather than viewing the users as a constraint, we rely on them to make the system more secure."
Sasamoto, Hayashi and Christin think there may be practical applications just around the corner — and their paper, "Undercover: Authentication Usable in Front of Prying Eyes," has been accepted by a world class human-computer interaction conference. The conference — CHI 2008 — will be held in Florence, Italy, in April.
"Both in terms of scale and prestige, CHI is the premier forum for research at the boundary of psychology and computer science," said Christin. "It is a highly competitive forum where people vie to present their work in front of about 2,000 attendees."
Christin offered an example of how their work may change everyday lives.
"I am a bit nervous every time I withdraw money from an ATM," admitted Christin. "Crooks can see me type my 'secret' PIN and very easily figure out what it is, which becomes a big problem if they also gain access to my card number."
With the technique presented in the paper, even if crooks can observe what is entered on the key pad, they won't be able to figure out the PIN. In the future, similar techniques could probably be adapted to reduce the growing risks linked to spyware.