Social Authentication for Mobile Phones

In this work we present a scheme for automating authentication based on social factors using mobile phones. We test its feasibility by running simulations on an existing dataset. We implement two protocols one based on public keys and the other on hash chains. Then we consider threat scenarios. Computer systems depend on the user being authenticated securely. Usually this involves a username and password and if more security is required an electronic token as well. Other than these two "factors" there is also biometrics, such as fingerprints. Thus the traditional systems use some combination of: something you know (passwords), something you have (tokens) and something you are (biometrics). Recently a fourth factor: someone you know has been suggested as well. This technique has been applied to the problem of emergency authentication, as a replacement for calls to a help-desk. This social authentication is based on the process of vouching. In this method a user asks a friend to vouch for them. Previously this was done explicitly, with the user asking a friend for a vouching code. In this thesis we will use users' cellphones to automate this process.