PDF(953 KB)
Graphical password: prevent shoulder-surfing attack using digraph substitution rules
Lip Yee POR, Chin Soon KU, Amanul ISLAM, Tan Fong ANG
PDF(953 KB)
PDF(953 KB)
Graphical password: prevent shoulder-surfing attack using digraph substitution rules
In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity required to derive password-images is proposed. In the proposed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each challenge set for three consecutive sets.While this activity is simple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowledge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the proposed method, the scenario information used in each challenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks.
graphical password / authentication / shouldersurfing / data and computer security / digraph substitution rules
| [1] |
Jiang P, Wen Q Y, Li W M, Jin Z P, Zhang H. An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Frontiers of Computer Science, 2015, 9(1): 142–156
CrossRef
Google scholar
|
| [2] |
Sasse M A, Brostoff S, Weirich D. Transforming the “weakest link”: a human-computer interaction approach for usable and effective security. BT Technology Journal, 2001, 19(3): 122–131
CrossRef
Google scholar
|
| [3] |
Herley C, Oorschot P C, Patrick A S. Passwords: if we’re so smart, why are we still using them?. In: Proceedings of the 13th International Conference on Financial Cryptography and Data Security. 2009, 23–26
CrossRef
Google scholar
|
| [4] |
Renaud K, De-Angeli A. Visual Passwords: cure-all or snake-oil?. Communications of the ACM, 2009, 52(12): 135–140
CrossRef
Google scholar
|
| [5] |
De-Angeli A, Coventry L, Johnson G, Renaud K. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 2005, 63(1): 128–152
CrossRef
Google scholar
|
| [6] |
Forget A, Chiasson S, Biddle R. Shoulder-surfing resistance with eyegaze entry in cued-recall graphical passwords. In: Proceedings of the 28th Annual CHI Conference on Human Factors in Computing Systems. 2010, 1107–1110
|
| [7] |
Biddle R, Chiasson S, Van Oorschot P. Graphical passwords: learning from the first twelve years. Journal of ACM Computing Surveys (CSUR), 2012, 44(4): 19–41
CrossRef
Google scholar
|
| [8] |
Davis D, Monrose F, Reiter M. On user choice in graphical password schemes. In: Proceedings of the 13th USENIX Security Symposium. 2004, 151–164
|
| [9] |
Por L Y, Lim X T. Issues, threats and future trend for GSP. In: Proceedings of the 7thWSEAS International Conference on Applied Computer & Applied Computational Science. 2008, 627–633
|
| [10] |
Por L Y, Lim X T. Multi-grid background Pass-Go. WSEAS Transactions on Information Science & Applications, 2008, 5(7): 1137–1148
|
| [11] |
Wiedenbeck S,Waters J, Sobrado L, Birget J. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces. 2006, 177–184
CrossRef
Google scholar
|
| [12] |
Gao H C, Liu X Y, Wang S D, Liu H G, Dai R Y. Design and analysis of a graphical password scheme. In: Proceedings of the 4th International Conference on Innovative Computing, Information and Control. 2009, 675–678
CrossRef
Google scholar
|
| [13] |
Por L Y. Frequency of occurrence analysis attack and its countermeasure. The International Arab Journal of Information Technology, 2013, 10(2): 189–197
|
| [14] |
Manjunath G, Satheesh K, Saranyadevi C, Nithya M. Text-based shoulder surfing resistant graphical password scheme. International Journal of Computer Science and Information Technologies, 2014, 5(2): 2277–2280
|
| [15] |
Shaikh J, Pawar C C, Jadhav V S, Sindhu M R. User authentication using graphical system. Progress in Science and Engineering Research Journal, 2015, 17(3): 56–61
|
| [16] |
Gao H C, Wei J, Ye F, Ma L C. A survey on the use of graphical passwords in security. Journal of Software, 2013, 8(7): 1678–1698
CrossRef
Google scholar
|
| [17] |
Sobrado L, Birget J C. Graphical passwords. The Ruthgers Scholar, 2002, 4
|
| [18] |
Ion I, Reeder R, Consolvo S. “⋯no one can hack my mind”: comparing expert and non-expert security practices. In: Proceedings of Symposium on Usable Privacy and Security (SOUPS). 2015, 327–346
|
| [19] |
Gao S, Ma W P, Zhuo Z P, Wang F H. On cross-correlation indicators of an S-box. Frontiers of Computer Science in China, 2011, 5(4): 448–453
CrossRef
Google scholar
|
| [20] |
Por L Y, Kiah M L M. Shoulder surfing resistance using penup event and neighbouring connectivity manipulation. Malaysian Journal of Computer Science, 2010, 23(2): 121–140
|
| [21] |
Por L Y, Delina B. Information hiding: a new approach in text steganography. In: Proceedings of the 7th WSEAS International Conference on Applied Computer and Applied Computational Science. 2008, 689–695
|
| [22] |
Por L Y, Delina B, Ang T F, Ong S Y. An enchanced mechanism for image steganography using sequential colour cycle algorithm. The International Arab Journal of Information Technology, 2013, 10(1): 51–60
|
| [23] |
Por L Y, Lai W K, Alireza Z, Delina B. StegCure: an amalgamation of different steganographic methods in GIF image. In: Proceedings of the 12th WSEAS International Conference on Computers. 2008, 420–425
|
| [24] |
Por L Y, Wong K, Chee K O. UniSpaCh: a text-based data hiding method using Unicode space characters. Journal of Systems and Software, 2012, 85(5): 1075–1082
CrossRef
Google scholar
|
| [25] |
Feng D, Wu C. Advances in cryptography and information security — introduction of 2002–2006 progress of SKLOIS. Frontiers of Computer Science in China, 2007, 1(4): 385–396
CrossRef
Google scholar
|
/
| 〈 |
|
〉 |
AI Summary
