Security Analysis Method of Recognition-Based Graphical Password

Authors

  • Touraj Khodadadi Malaysia-Japan International Institute of Technology (MJIIT), Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia
  • Mojtaba Alizadeh Malaysia-Japan International Institute of Technology (MJIIT), Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia
  • Somayyeh Gholizadeh Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Malaysia
  • Mazdak Zamani Advanced Informatics School, Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia
  • Mahdi Darvishi Faculty of Computing, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia

DOI:

https://doi.org/10.11113/jt.v72.3941

Keywords:

Security, password space and entropy, recognition-based, metrics

Abstract

One of the most important primitive security mechanisms is the authentication system. Authentication through the use of password is a commonly utilized mechanism for authentication of users. In general, users utilize characters as their password; however, passwords based on texts are hard to recall and if the passwords are too simple and predictable, then there is the danger of being susceptible to threats. In order to overcome the problems with authentication, an alternative and new approach has been introduced utilizing images for passwords. The idea gains support from the knowledge that the human’s brain is highly capable of remembering many detailed images, however remembering texts are more difficult. Users who utilize the graphic authentication carry out certain functions on the images such as to click, drag, and movement of the mouse and so on. This research reviews several common Recognition-Based graphical password methods and analyzes their security based on the estimation criteria. Moreover, the research defines a metric that would make it possible for the analysis of the security level of the graphical passwords that are Recognition-Based. Finally, a table comparing the limits of each method based on the security level is presented. 

References

S. Komanduri and D. R. Hutchings. 2008. Order and Entropy in Picture Passwords. In Proceedings of Graphics Interface 2008. 115–122.

A. Patrick, A. C. Long, and S. Flinn. 2003.. HCI and Security Systems.

H. Gao, Z. Ren, X. Chang, X. Liu, and U. Aickelin. 2010. A New Graphical Password Scheme Resistant to Shoulder-Surfing. In Cyberworlds (CW), 2010 International Conference on. 194–199.

Farnaz Towhidi, Maslin Masrom. 2009. A Survey on Recognition-Based Graphical User Authentication Algorithms. International Journal of Computer Science and Information Security. 6(2).

N. Wright, A. S. Patrick, and R. Biddle. 2012. Do You See Your Password? Applying Recognition to Textual Passwords. In Proceedings of the Eighth Symposium on Usable Privacy and Security. 8.

Z. Erlich and M. Zviran. 2009. Authentication Methods for Computer Systems Security. Encyclopedia of Information Science and Technology. 2nd ed. 1: 288–293.

L. Lazar, O. Tikolsky, C. Glezer, and M. Zviran. 2011. Personalized Cognitive Passwords: An Exploratory Assessment. Information Management & Computer Security. 19: 25–41.

R. Biddle, S. Chiasson, and P. C. Van Oorschot. 2012. Graphical Passwords: Learning from the First Twelve Years. ACM Computing Surveys (CSUR). 44(19).

S. Brostoff and M. A. Sasse. 2000. Are Passfaces More Usable Than Passwords? A Field Trial Investigation. In People and Computers XIV—Usability or Else! ed: Springer. 405–424.

L. Sobrado and J.-C. Birget. 2002. Graphical Passwords. The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research. 4.

D. Davis, F. Monrose, and M. K. Reiter, 2004. On User Choice in Graphical Password Schemes. In USENIX Security Symposium. 11–11.

R. Biddle, S. Chiasson, and P. C. Van Oorschot. 2009. Graphical Passwords: Learning from the First Generation. Technical Report TR-09-09, School of Computer Science, Carleton University.

R. Dhamija and A. Perrig. 2000. D´ej`a Vu: A User Study Using Images for Authentication. Presented at the Proceedings of the 9th conference on USENIX Security Symposium-Volume 9, Denver, Colorado.

X. Suo, Y. Zhu, and G. S. Owen. 2005. Graphical Passwords: A Survey. In Computer Security Applications Conference, 21st Annual. 10: 472.

A. H. Lashkari, A. A. Manaf, and M. Masrom. 2011. A Secure Recognition Based Graphical Password by Watermarking. In Computer and Information Technology (CIT), 2011 IEEE 11th International Conference on. 164–170.

S. Man, D. Hong, B. Hawes, and M. M. Matthews. 2004. A Graphical Password Scheme Strongly Resistant to Spyware. In Security and Management. 94–100.

W. Jansen. 2004. Authenticating Mobile Device Users Through Image Selection. The Internet Society: Advances in Learning, Commerce and Security. 1: 183–194.

W. Jansen. 2003. Authenticating users on handheld devices. In Proceedings of the Canadian Information Technology Security Symposium.

A. Fulkar, S. Sawla, Z. Khan, and S. Solanki. 2012. A Study of Graphical Password and Various Graphical Password Authentication Schemes. World. 1: 04–08,

M. Mihajlov, B. Jerman-Blazic, and M. Ilievski. 2011. Recognition-Based Graphical Authentication with Single-Object Images. In Developments in E-systems Engineering (DeSE). 203–208.

R. A. Khot, P. Kumaraguru, and K. Srinathan. 2012. WYSWYE: Shoulder Surfing Defense for Recognition Based Graphical Passwords. In Proceedings of the 24th Australian Computer-Human Interaction Conference. 285–294.

M. Hlywa, R. Biddle, and A. S. Patrick. 2011. Facing the Facts About Image Type In Recognition-Based Graphical Passwords. In Proceedings of the 27th Annual Computer Security Applications Conference. 149–158.

S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget. 2006. Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme. In Proceedings of the Working Conference on Advanced Visual Interfaces. 177–184.

F. Towhidi, M. Masrom, and A. A. Manaf. 2013. An Enhancement on Passface Graphical Password Authentication. J. Basic. Appl. Sci. Res. 3(2): 135–141.

Suo, X., Y. Zhu, and G. S. Owen. 2006. Analysis and Design of Graphical Password Techniques. Proceedings of the 2nd International Symposium, Advanced in Vis. Comp., Nov. 6–8, Springer, Berlin Heidelberg. 4292: 741–749.

Lashkari, A. H., et al. 2009. Shoulder Surfing Attack in Graphical Password Authentication. International Journal of Computer Science and Information Security (IJCSIS).

A. De Angeli, L. Coventry, G. Johnson, and K. Renaud. 2005. Is a Picture Really Worth a Thousand Words? Exploring the feasibility of graphical authentication systems. International Journal of Human- Computer Studies. 63: 128–152.

Lashkari, A. H., et al. 2011. Security Evaluation for Graphical Password, in The International Conference on Digital Information and Communication Technology and its Applications (DICT AP2011).

Downloads

Published

2015-01-11

Issue

Vol. 72 No. 5: Special Issue on 2014 AFAP International Conference Current & Emerging Trends in Sciences & Eng. (Surabaya) Vol. 2

Section

Science and Engineering

License

Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.

How to Cite

Security Analysis Method of Recognition-Based Graphical Password. (2015). Jurnal Teknologi, 72(5). https://doi.org/10.11113/jt.v72.3941