Do I Know You? Evaluating Human-to-Human Authentication via Conversational Interfaces

Online impersonation attacks are prevalent as the result of an increase in electronic communication. Humans exposed to impersonation attacks are normally resistant to them. Yet, very little is known of the method humans use to authenticate each other over computer mediated communications. In this research, we study how individuals identify a familiar individual versus an adversary over a text messaging e-commerce game. Then we classified each authentication method used by the participants into the following five themes: 'Knowledge & Experience', 'History & Plans', 'Texting Style', 'Response Speed' and 'Personality Type'.Consequently, we investigate the feasibility and robustness of implementing human-to-human authentication methods in conversational systems. We evaluate each theme and rank them based on data source access and analysis complexity. While we find that many strategies can only provide weak security guarantees, we also identify one that could provide strong guarantees under realistic threat models.