Authentication is the first line of defense against
compromising confidentiality and integrity. Though traditional
login/password based schemes are easy to implement, they have been subjected to several attacks. As alternative, token and biometric based authentication systems were introduced. However, they have not improved substantially to justify the investment. Thus, a variation to the login/password scheme, viz. graphical scheme was introduced. But it also suffered due to shoulder-surfing and screen dump attacks. In this paper, we introduce a framework of our proposed (IPAS) Implicit
Password Authentication System, which is immune to the common attacks suffered by other authentication schemes. IPAS is similar to the Pass Point scheme with some finer differences. In every “what youknow type” authentication scheme we are aware of, the server requests
the user to reproduce the fact given to the server at the time of registration. This is also true in graphical passwords such as Pass Point.

Sabzevar, A.P. & Stavrou, A., 2008,” Universal Multi-Factor

Authentication Using Graphical Passwords”, IEEE International

Conference on Signal Image Technology and Internet Based Systems

(SITIS).

Haichang, G., L. Xiyang, et al. (2009). “Design and Analysis of a[3] Graphical Password Scheme”, Innovative Computing, Information and

Control (ICICIC), 2009 Fourth International Conference on Graphical

Passwords.

Pierce JD, Jason G. Wells, Matthew J. Warren, & David R.

Mackay(2003). “A Conceptual Model for Graphical Authentication”, 1st

Australian Information security Management Conference, 24 Sept. Perth,

Western Australia, paper 16. Xiaoyuan, S., Z. Ying, et al. (2005).

“Graphical passwords: a survey”,

Computer Security Applications Conference, 21st Annual.

Wells, Jason; Hutchinson, Damien; and Pierce, Justin, "Enhanced

Security for Preventing Man-in-the-Middle Attacks in Authentication,

formation Security Management Conference. Paper 58.

Takada, T. and H. Koike (2003). “Awase-E: Image-Based Authentication

for Mobile Phones Using User’s Favorite Images”,

Human-Computer Interaction with Mobile Devices and Services,

Springer Berlin / Heidelberg. 2795: 347-351.

Dirik, A. E., N. Memon, et al. (2007). “Modeling user choice in the

PassPoints graphical password scheme”, Proceedings of the 3rd

symposium on Usable privacy and security. Pittsburgh,

Pennsylvania,ACM.

Wei-Chi, K. and T. Maw-Jinn (2005). “A Remote User

Authentication Scheme Using Strong Graphical Passwords”, Local

Computer Networks, 2005. 30th Anniversary. Lashkari, A. H., F.

Towhidi, et al. (2009). “A Complete Comparison

on Pure and Cued Recall-Based Graphical User Authentication

Algorithms”, Computer and Electrical Engineering, 2009. ICCEE

'09.Second International Conference.

Renaud, K. (2009)."On user involvement in production of images used in

visual authentication." J. Vis. Lang. Comput. 20(1): 1-15.

Masrom, M., F. Towhidi, et al. (2009). “Pure and cued recall-based

graphical user authentication”, Application of Information and

Communication Technologies, 2009. AICT 2009. International

Conference.

Birget, J. C., H. Dawei, et al. (2006). "Graphical passwords based on

robust discretization", Information Forensics and Security, IEEE

Transactions on 1(3): 395-399.

S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, N.

Memon,``PassPoints: Design and longitudinal evaluation of a graphical

password system'', International J. of Human-Computer Studies (Special

Issue on HCI Research in Privacy and Security), 63 (2005)102-127.

S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, N.Memon,

``Authentication using graphical passwords: Effects of tolerance and

image choice'', Symposium on Usable Privacy and Security (SOUPS), 6-8

July 2005, at Carnegie-Mellon Univ.,Pittsburgh.

A Python Package for Learning Gaussian Mixture Models

J. Bigun, J. Fierrez-Aguilar, J. Ortega-Garcia, and J.

Gonzalez-Rodriguez. Combining biometricevidence for person

authentication. In Advanced Studies in Biometrics, 2005.

R. Brunelli and D. Falavigna. Person identification using multiple cues. In

IEEE Transactions on Pattern Analysis and Machine Intelligence, 1995.

K. Chang, J. Hightower, and B. Kveton. Inferring identity using

accelerometers in television remote controls. In International Conference

on Pervasive Computing, 2009.

M. L. Damiani and C. Silvestri. Towards movement-aware access

control. In SIGSPATIALACM GIS 2008 International Workshop on

Security and Privacy in GIS and LBS, 2008.

D. Dwork. Differential privacy: A survey of results. In TAMC, 2008.

H. Falaki, R. Mahajan, S. Kandula, D. Lymberopoulos, R. Govindan, and

D. Estrin. Diversity in smartphone usage. In MobiSys, 2010.

S. Furnell, N. Clarke, and S. Karatzouni. Beyond the pin: Enhancing user

authentication for mobile devices. Computer Fraud and Security, 2008.

D. Gafurov, K. Helkala, and T. Søndrol. Biometric gait authentication

using accelerometer sensor. JCP, 1(7):51–59, 2006.

R. Greenstadt and J. Beal. Cognitive security for personal devices. In

AISec, 2008.

M. Jakobsson and A. Juels. Server-side detection of malware infection. In

NSPW, 2009.

M. Jakobsson, E. Shi, P. Golle, and R. Chow. Implicit Authentication for

Mobile Devices. In HotSec, 2009.

A. Kale, N. Cuntoor, and V. Kr¨uger. Gait-Based Recognition of Humans

Using Continuous HMMs. In FGR, 2002.

G. Leggett, J. Williams, and M. Usnick. Dynamic identity verification

via keystroke characteristics.In International Journal of Man-Machine

Studies, 1998.

F. Monrose and A. Rubin. Authentication via keystroke dynamics. In

CCS, 1997.

A. Moore. Lecture Notes: Gaussian Mixture Models.

http://www.cs.cmu.edu/afs/cs/Web/People/awm/tutorials/gmm.html.

M. Nisenson, I. Yariv, R. El-Yaniv, and R. Meir. Towards behaviometric

security systems: Learning to identify a typist. In PKDD, 2003.

L. Rainie and J. Anderson. The Future of the Internet III.

http://www.pewinternet.org/Reports/2008/The-Future-of-the-Internet-III

.aspx.

N. Sastry, U. Shankar, and D. Wagner. Secure verification of location

claims. In WiSe ’03:Proceedings of the 2nd ACM workshop on Wireless

security, 2003.

S. Schroeder. Smartphones Are Selling Like Crazy.

http://mashable.com/2010/02/05/smartphones-sales/.