Date of Award

Spring 3-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Information Systems (PhDIS)

First Advisor

Omar El-Gayar

Second Advisor

Cherie Noteboom

Third Advisor

Gabe Mydland

Abstract

Passwords have remained the dominant form of knowledge-based authentication (KBA) for greater than five decades. Despite being nearly universally hated by users, practitioners, and researchers, little to no advances have occurred since their first use. This continued use is often attributed to two benefits: speed of completion and cost of implementation. Users are skilled at typing quickly on keyboards, and all major computing systems have been designed to support the keyboard based password. As we move into a new world of computing, specifically in augmented and virtual realities (AR/VR), the value of these benefits is expected to significantly decrease. AR/VR technology has advanced significantly in recent years, with recent applications in military, medicine, and has even the International Space Station. As this technology is poised to enter more mainstream adoption, it is important that security be considered earlier rather than later. A major benefit of AR/VR, is that it provides unrivaled capabilities to create completely new and immersive experiences. Despite these capabilities, the traditional password remains the most observed security artifact, with a virtual QWERTY keyboard being displayed in the AR/VR space. This keyboard, however, is no longer quick and easy to type on with current controller schemes, and the cost of implementing new schemes is drastically reduced from a computational perspective. This research develops a general model of knowledge-based authentication (KBA), and the necessary methods to instantiate this model in an AR/VR context in the form of design principles. These design principles provide methods for successful implementation based on cognitive load theory (CLT). Finally, a fully functional prototype is developed and evaluated assessing both the usability and security properties through a randomized controlled experiment. We find that our abstract model and design principles provide a robust framework for the design and implementation of novel KBA schemes in AR/VR contexts. Additionally, we find that novel mechanisms to provide sequencing and graphical chunking of the users selections enhances memorability and security of user selected knowledge based authenticators This research will draws attention to the importance of considering security artifacts in the context for which they are being used, not for which they were originally developed. This additionally provides guidance towards future advances in knowledge-based authentication in AR/VR, as well as future computing technologies.

Download

Share

COinS