nach oben

International Journal of Information Security

Erschienen in:

01.06.2014 | Regular Contribution

Shoulder-surfing-proof graphical password authentication scheme

verfasst von: Tzong-Sun Wu, Ming-Lun Lee, Han-Yu Lin, Chao-Yuan Wang

Erschienen in: International Journal of Information Security | Ausgabe 3/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The graphical password authentication scheme uses icons instead of text-based passwords to authenticate users. Icons might be somehow more familiar to human beings than text-based passwords, since it is hard to remember the latter with sufficient security strength. No matter what kind of password is used, there are always shoulder-surfing problems. An attacker can easily get text-based password or graphical password by observation, capturing a video or recording the login process. In this paper, we propose a shoulder-surfing-proof graphical password authentication scheme using the convex-hull graphical algorithm. We give evaluation and comparisons to demonstrate the security strength and the functionality advantages of our scheme.

Vorheriger Artikel Active authentication for mobile devices utilising behaviour profiling

Nächster Artikel Risk balance defense approach against intrusions for network server

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Abdullah, M.D.H.B., Abdullah, A.H.B., Ithnin, N., Mammi, H.K.: Graphical password: user’s affinity of choice-an analysis of picture attributes selection. In: International Symposium on Information Technology vol. 3, pp. 1–6 (2008)

Alsulaiman, F.A., Saddik, A.E.: A novel 3D graphical password schema. In; Proceedings of the IEEE International Conference on Virtual Environments, Human-Computer Interfaces and Measurement Systems, pp. 125–128 (2006)

Boit, A., Geimer, T., Loviscach, J.A.: random cursor matrix to hide graphical password input. In: International Conference on Computer Graphics and Interactive Techniques, pp. 1–1 (2009)

Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL injection attacks. In: International Conference on Applied Cryptography and Network Security, pp. 292–302 (2004)

Chiasson, S., Forget, A., Biddle, R.: Accessibility and graphical passwords. In: Symposium on Accessible Privacy and Security, Pittsburgh, USA (2008)

Chiasson, S., Oorschot, P.C.V., Biddle, R.: Graphical password authentication using cued click points. In: 12th European Symposium on Research in Computer Security, pp. 359–374 (2007)

Dhamija, R., Perrig, A.: Deja Vu: a user study using images for authentication. In: Proceedings of the 9th Conference on USENIX Security Symposium, pp. 45–58 (2000)

Dirik, A.E., Perrig, A., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 20–28 (2007)

Eljetlawi, A.M., Ithnin, N.: Graphical password: prototype usability survey. In: International Conference on Advanced Computer Theory and Engineering, pp. 351–355 (2008)

10.

Galitz, W.O.: The Essential Guide to User Interface Design, 2nd edn. Wiley, NY, USA (2002)

11.

Gao, H., Liu, X., Dai, R., Wang, S.: A new graphical password scheme against spyware by using CAPTCHA. In: Proceedings of the 5th Symposium on Usable Privacy and Security, CA, USA (2009)

12.

Hafiz, M.D., Abdullah, A.H., Ithnin, N., Mammi, H.K.: Towards identifying usability and security features of graphical password in knowledge based authentication technique. In: Second Asia International Conference on Modelling and Simulation, pp. 396–403 (2008)

13.

Hong, D., Man, S., Hawes, B., Mathews, M,: A password scheme strongly resistant to spyware. In: Proceedings International Conference on Security and Management, pp. 94–100 (2004)

14.

Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords, Proceedings of the 8th USENIX Security Symposium. Washington, D.C., USA (1999)

15.

Komanduri, S., Hutchings, D.R.: Order and entropy in picture passwords. Graph. Interface 322, 115–122 (2008)

16.

Kumar, M., Garfinkel, T., Boneh, D., Winograd, T.: Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 13–19 (2007)

17.

Lin, P.L., Weng, L.T., Huang, P.W.: Graphical passwords using images with random tracks of geometric shapes. In: Proceedings of the 2008 Congress on Image and Signal Processing, vol. 3, pp. 27–31 (2008)

18.

Maetz, Y., Onno, S., Heen, O.: Recall-a-story, a story-telling graphical password system. In: Proceedings of the 5th Symposium on Usable Privacy and Security (2009)

19.

Malek, B., Orozco, M., Saddik, A.E.: Novel shoulder-surfing resistant haptic-based graphical password. In: Proceedings of the Eurohaptics Conference, Florence, Italy (2006)

20.

Moncur, W., Leplatre, G.: Pictures at the ATM: exploring the usability of multiple graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 887–894 (2007)

21.

Perkovic, T., Cagalj, M., Rakic, N.: SSSL: shoulder surfing safe login. In: International Conference on Software, Telecommunications and Computer Networks, pp. 270–275 (2009)

22.

RealUser. http://www.realuser.com (2009). Last accessed on Dec 2009

23.

Sabzevar, A.P., Stavrou, A.: Universal multi-factor authentication using graphical passwords. In: Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems, pp. 625–632 (2008)

24.

Shi, P., Zhu, B., Youssef, A.: A PIN entry scheme resistant to recording-based shoulder-surfing. In: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies, pp. 237–241 (2009)

25.

Sobrado, L., Birget, J.C.: Graphical passwords, The Rutgers Scholar, An Electronic Bulletin of Undergraduate Research, Camden New Jersey, 4 (2002). Accessed on June 2007

26.

Suo, X., Zhu, Y., Owen, G.S.: Analysis and design of graphical password techniques. Adv. Visual Comput. 4292, 741–749 (2006)

27.

Suo, X., Zhu, Y., Owen G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 463–472 (2005)

28.

Takada, T.: FakePointer: an authentication scheme for improving security against peeping attacks using video cameras. In: The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, pp. 395–400 (2008)

29.

Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 56–66 (2006)

30.

Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum. Comput. Stud. 32, 102–127 (2005)CrossRef

31.

Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Authentication using graphical passwords: effects of tolerance and image choice. In: Symposium on Usable Privacy and Security, pp. 1–12 (2005)

32.

Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 177–184 (2006)

33.

Zhao, H., Li, X., S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, vol. 2, pp. 467–472 (2007)

Titel: Shoulder-surfing-proof graphical password authentication scheme
verfasst von: Tzong-Sun Wu
Ming-Lun Lee
Han-Yu Lin
Chao-Yuan Wang
Publikationsdatum: 01.06.2014
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 3/2014
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-013-0216-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2014

Provably secure E-cash system with practical and efficient complete tracing

Active authentication for mobile devices utilising behaviour profiling

Risk balance defense approach against intrusions for network server

Toward a secure Kerberos key exchange with smart cards

All-or-Nothing Transforms as a countermeasure to differential side-channel analysis

Premium Partner