Goh Wen Bin
ABSTRACT
Authentication is one of the most important mechanisms to ensure system accessibility by legitimate users. Various authentication tools exist based on numerous techniques. Distinguishing factors of such authentication tools are the underlying passwords that they imply. These passwords can be textual based, graphical based, hardware based or biometric based. All such password types have their pros and cons. The principle focus of this research is picture-based graphical passwords, since they are easy to remember and can overcome the limitations of using long textual passwords for stronger security. However, mostly the picture-based passwords suffer from shoulder surfing attacks and are therefore vulnerable. If this vulnerability is overcome then such graphical passwords are highly useful because of their strength and ease of use as compared to long textual passwords. The main objective of this research is to propose and develop a picture-based authentication scheme with anti shoulder surfing capability. The proposed authentication scheme consists of both password creation and usage. Both these stages are supported by specialized technical constructs that overcome the anti shoulder surfing attack even if the attacker is standing next to the legitimate user.
- O. Zakaria, T. Zangooei and M. A. M. Shukran. 2012. Enhancing Mixing Recognition-Based and Recall-Based Approach in Graphical Password Scheme. In: International Journal of Advancements in Computing Technology, 2012, vol. 4, issue 15, pages 189 -- 197.Google Scholar
- S. K. Sonkar, R. L. Paikrao and A. Kumar. 2012. Graphical Password Authentication Scheme On Color Image Gallery. In: International Journal of Engineering and Innovative Technology, 2012, vol. 2, issue 4.Google Scholar
- D. Hong, S. Man, B. Hawes and M. Matthews. 2004. A Password Scheme Strongly Resistant to Spyware. In Proceedings of International conference on security and management. Las Vegas USA, 2004.Google Scholar
- A. Adams, and M. A. Sasse. 1999. Users are not the enemy. In: Communications of the ACM, 1999, vol. 42, issue 12 pages 40--46. Google ScholarDigital Library
- I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter and A. D. Rubin. 1999. The Design and Analysis of Graphical Passwords. In Proceedings of the 8<sup>th</sup> USENIX Security Symposium, Washington D. C. USA, 23--26 August 1999. Google ScholarDigital Library
- S. Rajarajan, M. Prabhu, S. Palanivel and M. P. Karthikeyan. 2014. GRAMAP: Three Stage Graphical Password Authentication Scheme. In: Journal of Theoretical and Applied Information Technology, 20<sup>th</sup> March 2014, vol. 61, issue 2, pages 262 -- 269.Google Scholar
- S. Malempati and S. Mogalla. 2011. Grid based Approach for Data Confidentiality. In: International Journal of Computer Applications, July 2011, vol. 25, issue 9, 5 pages.Google Scholar
- A. D. Angeli, L. Coventry, G. Johnson and K. Renaud. 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. In: International Journal of Human-Computer Studies, July 2005, vol. 63, issue 1--2, pages. 128--152. Google ScholarDigital Library
- L. Sobrado and J. Birget. 2002. Graphical passwords. The Rutgers Scholar, 2002, vol. 4.Google Scholar
- M. D. Hafiz, A. H. Abdullah, N. Ithnin and H. K. Mammi. 2008. Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique. In Proceedings of Second Asia International Conference on Modeling and Simulation AICMS, KL Malaysia, 13--15 May 2008, pages 396--403. Google ScholarDigital Library
- L. H. Li. 2009. Cued recall graphical password system resistant to shoulder surfing. In: Thesis, University of Malaya, July 2009.Google Scholar
- J. Littleton. 2012. ColorDots: An Intersection Analysis Resistant Graphical Password Scheme for the Prevention of Shoulder-surfing Attack. In: Thesis, University of North Florida, 2012.Google Scholar
- B. Reshma, G. Mahesh and K. Dnyaneshwar. 2014. Data Security Using Graphical Password and AES Algorithm for E-mail system. In: International Journal of Engineering Development and Research IJEDR, 2014, vol. 2, issue 1.Google Scholar
- I. Krikelas, I. Xydas, P. F. Bonnefoi. 2013. Graphical User Authentication in Mobile Device using the web RGB color palette. In Proceedings of 6<sup>th</sup> Balkan Conference in Informatics, Greece, Sept. 2013.Google Scholar
- K. S. Lim, N. Ithnin and H. K. Mammi. 2011. Identifying the Reusability of the Triangle and Intersection Schemes on Mobile Devices. In: Computer and Information Science, June 2011, vol. 4, issue 4, pages 109 -- 119.Google Scholar
- Write down your passwords. ZDNet: Microsoft. http://www.zdnet.com/microsoft-write-down-your-passwords-1139193117, (Accessed: 01/12/2017).Google Scholar
- K. Divyapriya1 and P.Prabhu. 2018. Image Based Authentication Using Illusion Pin for Shoulder Surfing Attack. In: International Journal of Pure and Applied Mathematics, 2018, vol. 119, issue 7.Google Scholar
- J. N. Luo, M. H. Yang and C. L. Tsai. 2016. A Mobile Device-Based Antishoulder-Surfing Identity Authentication Mechanism. In: International Conference on Network and System Security (NSS) 2016, LNCS, vol. 9955.Google ScholarCross Ref
Index Terms
- Graphical authentication based on anti-shoulder surfing mechanism
Recommendations
Design and evaluation of a shoulder-surfing resistant graphical password scheme
AVI '06: Proceedings of the working conference on Advanced visual interfacesWhen users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as ...
Shoulder-surfing-proof graphical password authentication scheme
The graphical password authentication scheme uses icons instead of text-based passwords to authenticate users. Icons might be somehow more familiar to human beings than text-based passwords, since it is hard to remember the latter with sufficient ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Comments