Open Access Open Access  Restricted Access Subscription or Fee Access

Security Analysis in Graphical Password Schemes

S. Yamini

Abstract


A model is developed to identify the most likely regions for users to click in order to create graphical passwords. A graphical password is a sequence of points, chosen by a user in an image that is displayed on the screen. It allows us to evaluate automatically whether a given image is well suited for the system, and to analyze possible dictionary attacks against the system. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred this and saying that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. It provides greater security than others because the number of images increases the workload for attackers.

Keywords


Cued Click Points, Security Analysis, Dictionary Attacks, Pass Points, Hotspots, Graphical Passwords.

Full Text:

PDF

References


S. Yamini, “Authentication in graphical password systems”, IISAM 2011, RVSCET, Sulur.

S. Akula, V. Devisetty, Image based registration and authentication system," Midwest Instruction and Computing Symposium (2004).

Chiasson, S., R. Biddle, R., and P.C. van Oorschot. A Second Look at the Usability of Click-based Graphical Passwords. ACM SOUPS, 2007.

D. Davis, F. Monrose, M. Reiter, On user choice in graphical password schemes", 13th Usenix Security Symposium (2004) 1-14.

Dirik, A.E., N. Menon, and J.C Birget. Modeling user choice in the PassPoints graphical password scheme. ACM SOUPS, 2007.

I. Jeremyn, A. Mayer, F. Monrose, M.K. Reiter, A.D. Rubin, The design and analysis of graphical passwords", Proc. 8th Usenix Security Symposium (1999).

R. Morris, K. Thompson, “Password security. A case study", Comm. ACM 22 (1979) 594-597.

“The Passfaces System", Real User Technology and Products, (2004); http://www.realuser.com/ published/RealUserTechnologyAndProducts.pdf.

Sonia Chiasson, Alain Forget, Robert Biddle, “Accessibility and Graphical Passwords”, Carleton University, Ottawa, Canada.

Sonia Chiasson, Alain Forget, Robert Biddle, P.C. van Oorschot, “User interface design affects security: Patterns in click-based graphical passwords”, Carleton University, Ottawa Canada.

Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical Password Authentication Using Cued Click Points”, Carleton University, Ottawa, Canada.

X. Suo, Y. Zhu, G.S. Owen, “Graphical passwords: A survey", 21st Annual Computer Security Applications Conference (ACSAC'05) (2005) 463-472.

Topkara, U., Topkara, M., Atallah, M. K. “Passwords for Everyone: Secure Mnemonic-based Accessible Authentication”. USENIX Annual Technical Conference 2007.

J. Thorpe, P.C. van Oorschot, Towards secure design choices for implementing graphical passwords", Computer Security Applications Conference (2004).

Wiedenbeck, S., J.C. Birget, A. Brodskiy, and N. Memon. Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. ACM SOUPS, 2005.

S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, N. Memon, “Design and longitudinal evaluation of a graphical password system", International J. Of Human-Computer Studies 63 (2005) 102-127.

Weinshall, D. Cognitive Authentication Schemes Safe against Spyware (Short Paper). IEEE Symposium on Security and Privacy, 2006.

D. Weinshall, S. Kirkpatrick, “Passwords you'll never forget, but can't recall", Conference on Human Factors in Computing Systems (CHI) (2004) 1399-1402.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.