Computer scientists work to strengthen online security

Nov 09, 2009

If you forget your password when logging into an e-mail or online shopping Web site, the site will likely ask you a security question: What is your mother's maiden name? Where were you born?

The trouble is that such questions are not very secure. More people than you may think will know your answers. And if they don't, it might not be hard to search for it online or even make a lucky guess.

But Rutgers computer scientists are testing a new tactic that could be both easier and more secure.

"We call them activity-based personal questions," said Danfeng Yao, assistant professor of computer science in the Rutgers School of Arts and Sciences. "Sites could ask you, 'When was the last time you sent an e-mail?' Or, 'What did you do yesterday at noon?'"

Yao and her students have been testing how resistant these activity questions are to "attack," - computer security lingo for when an intruder answers them correctly and gains access to personal information such as e-mails or to do online shopping or banking.

Early studies suggest that questions about recent activities are easy for legitimate users to answer but harder for potential intruders to find or guess, Yao said.

"We want the question to be dynamic," she said. "The questions you get today will be different from the ones you would get tomorrow."

Rutgers doctoral student Huijun Xiong and visiting undergraduate student Anitra Babic are presenting the group's preliminary results in a workshop at this week's Association for Computing Machinery Conference on Computer and Communications Security. Babic is a senior at Chestnut Hill College in Philadelphia and participated in a summer research program at Rutgers.

Yao said she gave four students in her lab a list of questions related to network activities, physical activities and opinion questions, and then told them to "attack" each other.

"We found that questions related to time are more robust than others. Many guessed the answer to the question, 'Who was the last person you sent e-mail to?' But fewer were able to guess, 'What time did you send your last e-mail?'"

Yao explains that it should not be difficult for an online service provider to formulate these kinds of security questions by looking at its users' e-mail, calendar activities or previous transactions. Computers would have use natural language processing tools to synthesize understandable questions and analyze the answers for accuracy.

Yao is proposing further studies to determine the practicality of the new approach and the best way to implement it.

Source: Rutgers University (news : web)

Explore further: Coping with floods—of water and data

add to favorites email to friend print save as pdf

Related Stories

Study finds you get what you pay for with online Q & A sites

Apr 09, 2008

A new study by University of Minnesota computer science and engineering researchers revealed that the answer quality provided by online question-and-answer Web sites, such as Yahoo! Answers and Google Answers, depends on ...

Yahoo! launches Web answering site

Dec 08, 2005

Yahoo! launched a search service Thursday that will allow users to ask questions using full sentences and not just keywords.

Twitter hacked by old technique -- again

Jul 15, 2009

(AP) -- Breaking into someone's e-mail can be child's play for a determined hacker, as Twitter Inc. employees have learned the hard way - again.

Rational or Random? Model Shows How People Send E-Mails

Nov 19, 2008

In the last 10 years, e-mail has gone from a novelty to a necessity. What was once a pastime is now an essential form of communication, with many people opening their inboxes to find dozens of e-mails waiting.

Wolfram Alpha Could Answer Questions that Google Can't

Mar 09, 2009

(PhysOrg.com) -- A new search engine described as an "electronic brain" could make searching the Internet more intelligent. Called Wolfram Alpha, the search engine computes its own answers rather than looking ...

Recommended for you

Coping with floods—of water and data

Dec 19, 2014

Halloween 2013 brought real terror to an Austin, Texas, neighborhood, when a flash flood killed four residents and damaged roughly 1,200 homes. Following torrential rains, Onion Creek swept over its banks and inundated the ...

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

paulthebassguy
not rated yet Nov 09, 2009
But I can't remember exactly when I sent my last email?! I think that this is a nice concept but it will fail due to the actual practicality of it.

Also "Computers would have use natural language processing tools to synthesize understandable questions and analyze the answers for accuracy" - NLP algorithms are notorious for wording incomprehensible sentences and not understanding normal sentences properly when there is the slightest amount of ambiguity.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.