Graphical Password-Based User Authentication with Free-Form Doodles

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. M. Martinez-Diaz, J. Fierrez and J. Galbally, "Graphical Password-Based User Authentication With Free-Form Doodles," in IEEE Transactions on Human-Machine Systems, vol. 46, no. 4, pp. 607-614, Aug. 2016. doi: 10.1109/THMS.2015.2504101User authentication using simple gestures is now common in portable devices. In this work, authentication with free-form sketches is studied. Verification systems using dynamic time warping and Gaussian mixture models are proposed, based on dynamic signature verification approaches. The most discriminant features are studied using the sequential forward floating selection algorithm. The effects of the time lapse between capture sessions and the impact of the training set size are also studied. Development and validation experiments are performed using the DooDB database, which contains passwords from 100 users captured on a smartphone touchscreen. Equal error rates between 3% and 8% are obtained against random forgeries and between 21% and 22% against skilled forgeries. High variability between capture sessions increases the error rates.This work was supported by projects Contexts (S2009/TIC-1485) from CAM, Bio-Shield (TEC2012-34881) from Spanish MINECO, and BEAT (FP7-SEC-284989) from EU

A comprehensive study of the usability of multiple graphical passwords

Recognition-based graphical authentication systems (RBGSs) using images as passwords have been proposed as one potential solution to the need for more usable authentication. The rapid increase in the technologies requiring user authentication has increased the number of passwords that users have to remember. But nearly all prior work with RBGSs has studied the usability of a single password. In this paper, we present the first published comparison of the usability of multiple graphical passwords with four different image types: Mikon, doodle, art and everyday objects (food, buildings, sports etc.). A longi-tudinal experiment was performed with 100 participants over a period of 8 weeks, to examine the usability performance of each of the image types. The re-sults of the study demonstrate that object images are most usable in the sense of being more memorable and less time-consuming to employ, Mikon images are close behind but doodle and art images are significantly inferior. The results of our study complement cognitive literature on the picture superiority effect, vis-ual search process and nameability of visually complex images

KidzPass:authenticating pre-literate children

Many online services require users to authenticate themselves to prove their identity. Text-based passwords are the most widely-used authentication mechanism. Yet a number of population groups struggle with text-based passwords. One of these groups is made up of children aged 3-5. This is an important sector of society, because many of these children use the Internet at home. This was especially true during the COVID-19 pandemic.Young children can struggle with text-based passwords due to their emerging literacy and immature development. The majority of children do not learn to read fluently until age seven. At age four or five, they generally do not have the required skills to create, retain and manage alphanumeric passwords. This might well leave young children vulnerable when online or impose unrealistic demands on their care givers who support them in authenticating themselves.Here, we report on the development and evaluation of two versions of KidzPass, a graphical authentication mechanism that specifically relies on the abilities 3-5 year old children can be expected to possess. We conclude by reporting on lessons learned about designing authentication for this target user group

Empirical approach towards investigating usability, guessability and social factors affecting graphical based passwords security

This thesis investigates the usability and security of recognition-based graphical authentication schemes in which users provide simple images. These images can either be drawn on paper and scanned into the computer, or alternatively, they can be created with a computer paint program. In our first study, looked at how culture and gender might affect the types of images drawn. A large number of simple drawings were provided by Libyan, Scottish and Nigerian participants and then divided into categories. Our research found that many doodles (perhaps as many as 20%) contained clues about the participants’ own culture or gender. This figure could be reduced by providing simple guidelines on the types of drawings which should be avoided. Our second study continued this theme and asked the participants to try to guess the culture of the person who provided the image. This provided examples of easily guessable and harder to guess images. Our third study we built a system to automatically register simple images provided by users. This involved creating a website where the users could register their images and which they could later login to. Image analysis software was also written which corrected any mistakes the user might make when scanning in their images or using the Paint program. This research showed that it was possible to build an automatic registration system, and that users preferred using a paint tool rather than drawing on paper and then scanning in the drawing. This study also exposed poor security in some user habits, since many users kept their drawings or image files. This research represents one of the first studies of interference effects where users have to choose two different graphical passwords. Around half of the users provided very similar set of drawings. The last study conducted an experiment to find the best way of avoiding ‘shoulder surfing’ attacks to security when selecting simple images during the login stage. Pairs of participants played the parts of the observer and the user logging in. The most secure approaches were selecting using a single keystroke and selecting rows and columns with two key strokes

BioTouchPass: Handwritten Passwords for Touchscreen Biometrics

This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibleThis work enhances traditional authentication systems based on Personal Identification Numbers (PIN) and One- Time Passwords (OTP) through the incorporation of biometric information as a second level of user authentication. In our proposed approach, users draw each digit of the password on the touchscreen of the device instead of typing them as usual. A complete analysis of our proposed biometric system is carried out regarding the discriminative power of each handwritten digit and the robustness when increasing the length of the password and the number of enrolment samples. The new e-BioDigit database, which comprises on-line handwritten digits from 0 to 9, has been acquired using the finger as input on a mobile device. This database is used in the experiments reported in this work and it is available together with benchmark results in GitHub1. Finally, we discuss specific details for the deployment of our proposed approach on current PIN and OTP systems, achieving results with Equal Error Rates (EERs) ca. 4.0% when the attacker knows the password. These results encourage the deployment of our proposed approach in comparison to traditional PIN and OTP systems where the attack would have 100% success rate under the same impostor scenarioThis work has been supported by projects: BIBECA (MINECO), Bio-Guard (Ayudas Fundación BBVA a Equipos de Investigación Científica 2017) and by UAM-CecaBank. Ruben Tolosana is supported by a FPU Fellowship from Spanish MEC

Verificaciónn de firma y gráficos manuscritos: Características discriminantes y nuevos escenarios de aplicación biométrica

Tesis doctoral inédita leída en la Escuela Politécnica Superior, Departamento de Tecnología Electrónica y de las Comunicaciones. Fecha de lectura: Febrero 2015The proliferation of handheld devices such as smartphones and tablets brings a new scenario for biometric authentication, and in particular to automatic signature verification. Research on signature verification has been traditionally carried out using signatures acquired on digitizing tablets or Tablet-PCs. This PhD Thesis addresses the problem of user authentication on handled devices using handwritten signatures and graphical passwords based on free-form doodles, as well as the effects of biometric aging on signatures. The Thesis pretends to analyze: (i) which are the effects of mobile conditions on signature and doodle verification, (ii) which are the most distinctive features in mobile conditions, extracted from the pen or fingertip trajectory, (iii) how do different similarity computation (i.e. matching) algorithms behave with signatures and graphical passwords captured on mobile conditions, and (iv) what is the impact of aging on signature features and verification performance. Two novel datasets have been presented in this Thesis. A database containing free-form graphical passwords drawn with the fingertip on a smartphone is described. It is the first publicly available graphical password database to the extent of our knowledge. A dataset containing signatures from users captured over a period 15 months is also presented, aimed towards the study of biometric aging. State-of-the-art local and global matching algorithms are used, namely Hidden Markov Models, Gaussian Mixture Models, Dynamic Time Warping and distance-based classifiers. A large proportion of features presented in the research literature is considered in this Thesis. The experimental contribution of this Thesis is divided in three main topics: signature verification on handheld devices, the effects of aging on signature verification, and free-form graphical password-based authentication. First, regarding signature verification in mobile conditions, we use a database captured both on a handheld device and digitizing tablet in an office-like scenario. We analyze the discriminative power of both global and local features using discriminant analysis and feature selection techniques. The effects of the lack of pen-up trajectories on handheld devices (when the stylus tip is not in contact with the screen) are also studied. We then analyze the effects of biometric aging on the signature trait. Using three different matching algorithms, Hidden Markov Models (HMM), Dynamic Time Warping (DTW), and distance-based classifiers, the impact in verification performance is studied. We also study the effects of aging on individual users and individual signature features. Template update techniques are analyzed as a way of mitigating the negative impact of aging. Regarding graphical passwords, the DooDB graphical password database is first presented. A statistical analysis is performed comparing the database samples (free-form doodles and simplified signatures) with handwritten signatures. The sample variability (inter-user, intra-user and inter-session) is also analyzed, as well as the learning curve for each kind of trait. Benchmark results are also reported using state of the art classifiers. Graphical password verification is afterwards studied using features and matching algorithms from the signature verification state of the art. Feature selection is also performed and the resulting feature sets are analyzed. The main contributions of this work can be summarized as follows. A thorough analysis of individual feature performance has been carried out, both for global and local features and on signatures acquired using pen tablets and handheld devices. We have found which individual features are the most robust and which have very low discriminative potential (pen inclination and pressure among others). It has been found that feature selection increases verification performance dramatically, from example from ERRs (Equal Error Rates) over 30% using all available local features, in the case of handheld devices and skilled forgeries, to rates below 20% after feature selection. We study the impact of the lack of trajectory information when the pen tip is not in contact with the acquisition device surface (which happens when touchscreens are used for signature acquisitions), and we have found that the lack of pen-up trajectories negatively affects verification performance. As an example, the EER for the local system increases from 9.3% to 12.1% against skilled forgeries when pen-up trajectories are not available. We study the effects of biometric aging on signature verification and study a number of ways to compensate the observed performance degradation. It is found that aging does not affect equally all the users in the database and that features related to signature dynamics are more degraded than static features. Comparing the performance using test signatures from the first months with the last months, a variable effect of aging on the EER against random forgeries is observed in the three systems that are evaluated, from 0.0% to 0.5% in the DTW system, from 1.0% to 5.0% in the distance-based system using global features, and from 3.2% to 27.8% in the HMM system. A new graphical password database has been acquired and made publicly available. Verification algorithms for finger-drawn graphical passwords and simplified signatures are compared and feature analysis is performed. We have found that inter-session variability has a highly negative impact on verification performance, but this can be mitigated performing feature selection and applying fusion of different matchers. It has also been found that some feature types are prevalent in the optimal feature vectors and that classifiers have a very different behavior against skilled and random forgeries. An EER of 3.4% and 22.1% against random and skilled forgeries is obtained for free-form doodles, which is a promising performance

A NEW APPROACH FOR INSTIGATING SECURITY USING SINGLE ZOOM MOUSE CLICK GRAPHICAL PASSWORD

Due to growing hazards to networked computer system, there is great need for security innovations. Authentication is the process of security to information. User authentication is one of the significant topics in information security. Commonly used authentication is alphanumeric passwords, biometrics and smart card. At present day upcoming popular method is graphical password. In graphical password systems authentication is based on clicking on image rather than typing alphanumeric strings .The motivation to develop graphical password is the fact that human can remember picture better than text. In this we propose a graphical password scheme which is more secured than other method. This method also depends not only on image but also number of mouse click on the image. This method reduces the huge image database, as well as images being too simple to cause collisions on points selected for different users

Design and evaluation of graphical authentication systems for Arab children

The increasing use of digital technologies by all ages means the number of online accounts used by children is also increasing. The COVID-19 pandemic further increased this situation with children staying at home to do schooling and communicate with friends online. It is thus urgent to investigate authentication systems for this age group. Text passwords are still the most used authentication systems, however children have a range of problems with them. Unfortunately, little research has investigated suitable authentication systems for children. The aim of this programme of research is to bridge this gap by investigating the usability of graphical authentication systems for children. The research is divided into three phases, each consisting of one or more studies that provide insight for the next phase. Phase 1 focuses on understanding and exploring password knowledge and practices of children who are native speakers of Arabic. This phase revealed a number of challenges for Arabic children with text passwords, due to their level of cognitive development and lack of literacy in the English language. In Phase 2 two graphical authentication systems, DoodlePass and ObjectPass, were designed and evaluated based on three usability aspects: effectiveness, efficiency, and satisfaction. The findings showed that both these systems are effective, efficient, and satisfying for Arab children aged 6 to 12 years, and promising alternatives for text passwords. Phase 3 compared the DoodlePass and ObjectPass authentication systems. The findings showed that ObjectPass is significantly more effective, efficient, and satisfying compared with DoodlePass. Both qualitative and quantitative analysis of the data were undertaken at all stages of the research. Overall, the findings suggest that graphical authentication systems are usable and promising alternatives for text passwords to overcome literacy and memorability challenges for children in the 6 to 12 years age group

New Graphical Password Scheme Containing Questions-Background-Pattern and Implementation

Security of authentication is needed to be provided superlatively to secure users’ personal and exchange information, since online information exchange systems have been developed according to internet speed. Therefore, aim of the chapter is to develop current graphical password scheme based on recall, create and implement a new graphical password scheme composed of three layer verification. We programmed our scheme in order to use in section of anonymous information exchange system and user’s registration of trading chat room. While we conducted survey on user by accessing participant to our system lied in participants’ local network and we analyzed in accordance with the average length of their created password and statistical significant of entropy bit. From the survey of total participants, our scheme has statistical significance, furthermore it was proved that it can secure form a variety of attacks as entropy bit was high

A Shoulder Surfing Resistant Graphical Authentication System

Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability