Graphical password: prevent shoulder-surfing attack using digraph substitution rules

Lip Yee POR; Chin Soon KU; Amanul ISLAM; Tan Fong ANG

doi:10.1007/s11704-016-5472-z

Front. Comput. Sci. ›› 2017, Vol. 11 ›› Issue (6) : 1098 -1108. DOI: 10.1007/s11704-016-5472-z

RESEARCH ARTICLE

Graphical password: prevent shoulder-surfing attack using digraph substitution rules

Author information +

History +

PDF (953KB)

Abstract

In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity required to derive password-images is proposed. In the proposed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each challenge set for three consecutive sets.While this activity is simple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowledge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the proposed method, the scenario information used in each challenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks.

Keywords

graphical password / authentication / shouldersurfing / data and computer security / digraph substitution rules

Cite this article

Download citation ▾

Lip Yee POR, Chin Soon KU, Amanul ISLAM, Tan Fong ANG. Graphical password: prevent shoulder-surfing attack using digraph substitution rules. Front. Comput. Sci., 2017, 11(6): 1098-1108 DOI:10.1007/s11704-016-5472-z

登录浏览全文

4963

注册一个新账户忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Jiang P, Wen Q Y, Li W M, Jin Z P, Zhang H. An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Frontiers of Computer Science, 2015, 9(1): 142–156

[2]	Sasse M A, Brostoff S, Weirich D. Transforming the “weakest link”: a human-computer interaction approach for usable and effective security. BT Technology Journal, 2001, 19(3): 122–131

[3]	Herley C, Oorschot P C, Patrick A S. Passwords: if we’re so smart, why are we still using them?. In: Proceedings of the 13th International Conference on Financial Cryptography and Data Security. 2009, 23–26

[4]	Renaud K, De-Angeli A. Visual Passwords: cure-all or snake-oil?. Communications of the ACM, 2009, 52(12): 135–140

[5]	De-Angeli A, Coventry L, Johnson G, Renaud K. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 2005, 63(1): 128–152

[6]	Forget A, Chiasson S, Biddle R. Shoulder-surfing resistance with eyegaze entry in cued-recall graphical passwords. In: Proceedings of the 28th Annual CHI Conference on Human Factors in Computing Systems. 2010, 1107–1110

[7]	Biddle R, Chiasson S, Van Oorschot P. Graphical passwords: learning from the first twelve years. Journal of ACM Computing Surveys (CSUR), 2012, 44(4): 19–41

[8]	Davis D, Monrose F, Reiter M. On user choice in graphical password schemes. In: Proceedings of the 13th USENIX Security Symposium. 2004, 151–164

[9]	Por L Y, Lim X T. Issues, threats and future trend for GSP. In: Proceedings of the 7thWSEAS International Conference on Applied Computer & Applied Computational Science. 2008, 627–633

[10]	Por L Y, Lim X T. Multi-grid background Pass-Go. WSEAS Transactions on Information Science & Applications, 2008, 5(7): 1137–1148

[11]	Wiedenbeck S,Waters J, Sobrado L, Birget J. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces. 2006, 177–184

[12]	Gao H C, Liu X Y, Wang S D, Liu H G, Dai R Y. Design and analysis of a graphical password scheme. In: Proceedings of the 4th International Conference on Innovative Computing, Information and Control. 2009, 675–678

[13]	Por L Y. Frequency of occurrence analysis attack and its countermeasure. The International Arab Journal of Information Technology, 2013, 10(2): 189–197

[14]	Manjunath G, Satheesh K, Saranyadevi C, Nithya M. Text-based shoulder surfing resistant graphical password scheme. International Journal of Computer Science and Information Technologies, 2014, 5(2): 2277–2280

[15]	Shaikh J, Pawar C C, Jadhav V S, Sindhu M R. User authentication using graphical system. Progress in Science and Engineering Research Journal, 2015, 17(3): 56–61

[16]	Gao H C, Wei J, Ye F, Ma L C. A survey on the use of graphical passwords in security. Journal of Software, 2013, 8(7): 1678–1698

[17]	Sobrado L, Birget J C. Graphical passwords. The Ruthgers Scholar, 2002, 4

[18]	Ion I, Reeder R, Consolvo S. “⋯no one can hack my mind”: comparing expert and non-expert security practices. In: Proceedings of Symposium on Usable Privacy and Security (SOUPS). 2015, 327–346

[19]	Gao S, Ma W P, Zhuo Z P, Wang F H. On cross-correlation indicators of an S-box. Frontiers of Computer Science in China, 2011, 5(4): 448–453

[20]	Por L Y, Kiah M L M. Shoulder surfing resistance using penup event and neighbouring connectivity manipulation. Malaysian Journal of Computer Science, 2010, 23(2): 121–140

[21]	Por L Y, Delina B. Information hiding: a new approach in text steganography. In: Proceedings of the 7th WSEAS International Conference on Applied Computer and Applied Computational Science. 2008, 689–695

[22]	Por L Y, Delina B, Ang T F, Ong S Y. An enchanced mechanism for image steganography using sequential colour cycle algorithm. The International Arab Journal of Information Technology, 2013, 10(1): 51–60

[23]	Por L Y, Lai W K, Alireza Z, Delina B. StegCure: an amalgamation of different steganographic methods in GIF image. In: Proceedings of the 12th WSEAS International Conference on Computers. 2008, 420–425

[24]	Por L Y, Wong K, Chee K O. UniSpaCh: a text-based data hiding method using Unicode space characters. Journal of Systems and Software, 2012, 85(5): 1075–1082

[25]	Feng D, Wu C. Advances in cryptography and information security — introduction of 2002–2006 progress of SKLOIS. Frontiers of Computer Science in China, 2007, 1(4): 385–396