Privacy And Secure Authentication Using Cooperative Query Answer

Abstract

Many web applications provide secondary authentication methods, i.e., secret queries, recovery mail , to reset
user password when login fails. However, the answers to many such secret questions can be easily guessed by an
acquaintance or exposed to a stranger that has access to public online tools; moreover, creating the secret queries after long
a user may forget her/his answers. Today’s prevalence of smartphones has granted us new chances to observe and
understand how the personal data collected by smartphone sensors and apps can help create personalized secret queries
without violating the users’ privacy concerns. , In my project, provide a Secret-Q based security system, it’s called as
“Secret-QA”, that creates a set of secret queries from the user smartphone usage. I develop a model on Android
smartphones, and evaluate the security of the secret queries by asking the acquaintance/unknown person who participates in
our user study to guess the answers with and without the help of online tools; meanwhile, we observe the queries’ by asking
participants to answer their own queries. Our experimental results reveal that the secret queries related to motion sensors,
calendar, app installment, and part of legacy app usage history (e.g., phone calls) have the best memorability for users as
well as the highest robustness to attacks.