Top

Published in:

2015 | OriginalPaper | Chapter

GridMap: Enhanced Security in Cued-Recall Graphical Passwords

Authors : Nicolas Van Balen, Haining Wang

Published in: International Conference on Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Despite their widespread usage, text-based passwords are vulnerable to password cracking as users tend to choose weak passwords. This is mainly because the more secure a password is, the harder it is for a user to remember it. As a promising alternative, various graphical password systems, which take advantage of the fact that humans are more sensitive to visual information than verbal text, have been proposed over the past decade. However, graphical passwords come with their own vulnerabilities, such as high susceptibility to shoulder surfing and hotspots. In this paper, we develop a new cued-recall graphical password system called GridMap by exploring (1) the use of grids with variable input entered through the keyboard, and (2) the use of geopolitical maps as background images. As a result, GridMap is able to achieve high keyspace and resistance to shoulder surfing attacks. To validate the efficacy of GridMap in practice, we conduct a user study with 50 participants. Our experimental results show that GridMap works well in domains in which a user logs in on a regular basis, and provides a memorability benefit if the chosen map has a personal significance to the user.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Policy Driven Node Selection in MapReduce

next chapter UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts

Paivio, T.R.A., Smythe, P.C.: Why are pictures easier to recall than words? Psychon. Sci. 11(4), 137–138 (1968)CrossRef

Biddle, R., Chiasson, S., Oorschot, P.C.V.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4), 1–41 (2011)CrossRefMATH

Bond, M.: Comments on grIDsure authentication, March 2008. http://www.cl.cam.ac.uk/ mkb23 /research/GridsureComments.pdf

Brostoff, S., Inglesant, P., Sasse, M.A.: Evaluating the usability and security of a graphical one-time pin system. In: Proceedings of the 24th BCS Interaction Specialist Group Conference, pp. 88–97 (2010)

Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.C.: Influencing users towards better passwords: persuasive cued click-points. In: BCS HCI, vol. 1, pp.121–130 (2008)

Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007) CrossRef

Passface Corportion.: The Science Behind Passfaces. http://www.passfaces.com/published. Accessed June 2013

Dunphy, P., Fitch, A., Olivier, P.: Gaze-contingent passwords at the ATM. In: Proceedings of COGAIN 2008, September 2008

Dunphy, P., Yan, J.: Do images improve “draw a secret” graphical passwords? In: Proceedings of ACM CCS 2007, October 2007

10.

Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of WWW 2007, pp. 657–666 (2007)

11.

Forget, A., Chiasson, S., Biddle, R.: Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In: Proceedings of CHI 2010, pp. 1107–1110 (2010)

12.

Forget, A., Chiasson, S., Biddle, R.: Supporting learning of an unfamiliar authentication scheme. In: AACE E-Learn, E-Learn 2012. AACE (2012)

13.

GrIDsure. http://www.gridsure-security.co.uk. Accessed May 2013

14.

Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of USENIX Security Symposium 1999, August 1999

15.

Kirkpatrick, E.A.: An experimental study of memory. Psychol. Rev. 1, 602–609 (1894)CrossRef

16.

Komanduri, S., Hutchings, D.R.: Order and entropy in picture passwords. In: Proceedings of Graphics Interface 2008 (2008)

17.

Shepard, R.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6, 156–163 (1967)CrossRef

18.

Stubblefield, A., Simon, D.: Inkblot authentication. Microsoft Research Technical report, (MSR-TR-2004-85)1–16 (2004)

19.

Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of SOUPS 2006, July 2006

20.

Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Authentication using graphical passwords: effects of tolerance and image choice. In: Proceedings of SOUPS 2005, July 2005

21.

Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63, 102–127 (2005)CrossRef

22.

Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defence for recall-based graphical passwords. In: Proceedings of SOUPS 2011, July 2011

Title: GridMap: Enhanced Security in Cued-Recall Graphical Passwords
Authors: Nicolas Van Balen
Haining Wang
Publisher: Springer International Publishing
Book: International Conference on Security and Privacy in Communication Networks
Print ISBN: 978-3-319-23828-9

Electronic ISBN: 978-3-319-23829-6

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-23829-6_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner