An algorithm for automatically choosing distractors for recognition based authentication using minimal image types

<p>When a user logs on to a recognition based authentication system, he or she is presented with a number of images, one of which is their pass image and the others are distractors. The user must recognise and select their own image to enter the system. If any of the distractors is too similar to the target, the user is likely to become confused and may well choose a distractor by mistake.</p> <p>It is simple for humans to rule on image similarity but such a labour intensive approach hinders the wider uptake of these mechanisms. Automating image similarity detection is a challenging problem but somewhat easier when the images being used are minimal image types such as hand drawn doodles and Mikons constructed using a computer tool.</p> <p>We have developed an algorithm, which has been reported earlier, to automatically detect if two doodle images are similar. This paper reports a new experiment to discover the amount of similarity in collections of doodles and Mikons, from a human perspective. This information is used to improve the algorithm and confirm that it also works well with Mikons.</p&gt

A comprehensive study of the usability of multiple graphical passwords

Recognition-based graphical authentication systems (RBGSs) using images as passwords have been proposed as one potential solution to the need for more usable authentication. The rapid increase in the technologies requiring user authentication has increased the number of passwords that users have to remember. But nearly all prior work with RBGSs has studied the usability of a single password. In this paper, we present the first published comparison of the usability of multiple graphical passwords with four different image types: Mikon, doodle, art and everyday objects (food, buildings, sports etc.). A longi-tudinal experiment was performed with 100 participants over a period of 8 weeks, to examine the usability performance of each of the image types. The re-sults of the study demonstrate that object images are most usable in the sense of being more memorable and less time-consuming to employ, Mikon images are close behind but doodle and art images are significantly inferior. The results of our study complement cognitive literature on the picture superiority effect, vis-ual search process and nameability of visually complex images

Comparing the usability of doodle and Mikon images to be used as authenticators in graphical authentication systems

Recognition-based graphical authentication systems rely on the recognition of authenticator images by legitimate users for authentication. This paper presents the results of a study that compared doodle images and Mikon images as authenticators in recognition based graphical authentication systems taking various usability dimensions into account. The results of the usability evaluation, with 20 participants, demonstrated that users preferred Mikon to doodle images as authenticators in recognition based graphical authentication mechanisms. Furthermore, participants found it difficult to recognize doodle images during authentication as well as associate them with something meaningful. Our findings also show the need to consider the security offered by the images, especially their predictability

Multicriteria optimization to select images as passwords in recognition based graphical authentication systems

Usability and guessability are two conflicting criteria in assessing the suitability of an image to be used as password in the recognition based graph -ical authentication systems (RGBSs). We present the first work in this area that uses a new approach, which effectively integrates a series of techniques in order to rank images taking into account the values obtained for each of the dimen -sions of usability and guessability, from two user studies. Our approach uses fuzzy numbers to deal with non commensurable criteria and compares two multicriteria optimization methods namely, TOPSIS and VIKOR. The results suggest that VIKOR method is the most applicable to make an objective state-ment about which image type is better suited to be used as password. The paper also discusses some improvements that could be done to improve the ranking assessment

Graphical Password-Based User Authentication with Free-Form Doodles

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. M. Martinez-Diaz, J. Fierrez and J. Galbally, "Graphical Password-Based User Authentication With Free-Form Doodles," in IEEE Transactions on Human-Machine Systems, vol. 46, no. 4, pp. 607-614, Aug. 2016. doi: 10.1109/THMS.2015.2504101User authentication using simple gestures is now common in portable devices. In this work, authentication with free-form sketches is studied. Verification systems using dynamic time warping and Gaussian mixture models are proposed, based on dynamic signature verification approaches. The most discriminant features are studied using the sequential forward floating selection algorithm. The effects of the time lapse between capture sessions and the impact of the training set size are also studied. Development and validation experiments are performed using the DooDB database, which contains passwords from 100 users captured on a smartphone touchscreen. Equal error rates between 3% and 8% are obtained against random forgeries and between 21% and 22% against skilled forgeries. High variability between capture sessions increases the error rates.This work was supported by projects Contexts (S2009/TIC-1485) from CAM, Bio-Shield (TEC2012-34881) from Spanish MINECO, and BEAT (FP7-SEC-284989) from EU

Gathering realistic authentication performance data through field trials

Most evaluations of novel authentication mechanisms have been conducted under laboratory conditions. We argue that the results of short-term usage under laboratory conditions do not predict user performance “in the wild”, because there is insufficient time between enrolment and testing, the number of authentications is low, and authentication is presented as a primary task, rather then the secondary task as it is “in the wild”. User generated reports of performance on the other hand provide subjective data, so reports on frequency of use, time intervals, and success or failure of authentication are subject to the vagaries of users ’ memories. Studies on authentication that provide objective performance data under real-world conditions are rare. In this paper, we present our experiences with a study method that tries to control frequency and timing of authentication, and collects reliable performance data, while maintaining ecological validity of the authentication context at the same time. We describe the development of an authentication server called APET, which allows us to prompt users enrolled in trial cohorts to authenticate at controlled intervals, and report our initial experiences with trials. We conclude by discussing remaining challenges in obtaining reliable performance data through a field trial method such as this one

KidzPass:authenticating pre-literate children

Many online services require users to authenticate themselves to prove their identity. Text-based passwords are the most widely-used authentication mechanism. Yet a number of population groups struggle with text-based passwords. One of these groups is made up of children aged 3-5. This is an important sector of society, because many of these children use the Internet at home. This was especially true during the COVID-19 pandemic.Young children can struggle with text-based passwords due to their emerging literacy and immature development. The majority of children do not learn to read fluently until age seven. At age four or five, they generally do not have the required skills to create, retain and manage alphanumeric passwords. This might well leave young children vulnerable when online or impose unrealistic demands on their care givers who support them in authenticating themselves.Here, we report on the development and evaluation of two versions of KidzPass, a graphical authentication mechanism that specifically relies on the abilities 3-5 year old children can be expected to possess. We conclude by reporting on lessons learned about designing authentication for this target user group

Empirical approach towards investigating usability, guessability and social factors affecting graphical based passwords security

This thesis investigates the usability and security of recognition-based graphical authentication schemes in which users provide simple images. These images can either be drawn on paper and scanned into the computer, or alternatively, they can be created with a computer paint program. In our first study, looked at how culture and gender might affect the types of images drawn. A large number of simple drawings were provided by Libyan, Scottish and Nigerian participants and then divided into categories. Our research found that many doodles (perhaps as many as 20%) contained clues about the participants’ own culture or gender. This figure could be reduced by providing simple guidelines on the types of drawings which should be avoided. Our second study continued this theme and asked the participants to try to guess the culture of the person who provided the image. This provided examples of easily guessable and harder to guess images. Our third study we built a system to automatically register simple images provided by users. This involved creating a website where the users could register their images and which they could later login to. Image analysis software was also written which corrected any mistakes the user might make when scanning in their images or using the Paint program. This research showed that it was possible to build an automatic registration system, and that users preferred using a paint tool rather than drawing on paper and then scanning in the drawing. This study also exposed poor security in some user habits, since many users kept their drawings or image files. This research represents one of the first studies of interference effects where users have to choose two different graphical passwords. Around half of the users provided very similar set of drawings. The last study conducted an experiment to find the best way of avoiding ‘shoulder surfing’ attacks to security when selecting simple images during the login stage. Pairs of participants played the parts of the observer and the user logging in. The most secure approaches were selecting using a single keystroke and selecting rows and columns with two key strokes

Design and evaluation of graphical authentication systems for Arab children

The increasing use of digital technologies by all ages means the number of online accounts used by children is also increasing. The COVID-19 pandemic further increased this situation with children staying at home to do schooling and communicate with friends online. It is thus urgent to investigate authentication systems for this age group. Text passwords are still the most used authentication systems, however children have a range of problems with them. Unfortunately, little research has investigated suitable authentication systems for children. The aim of this programme of research is to bridge this gap by investigating the usability of graphical authentication systems for children. The research is divided into three phases, each consisting of one or more studies that provide insight for the next phase. Phase 1 focuses on understanding and exploring password knowledge and practices of children who are native speakers of Arabic. This phase revealed a number of challenges for Arabic children with text passwords, due to their level of cognitive development and lack of literacy in the English language. In Phase 2 two graphical authentication systems, DoodlePass and ObjectPass, were designed and evaluated based on three usability aspects: effectiveness, efficiency, and satisfaction. The findings showed that both these systems are effective, efficient, and satisfying for Arab children aged 6 to 12 years, and promising alternatives for text passwords. Phase 3 compared the DoodlePass and ObjectPass authentication systems. The findings showed that ObjectPass is significantly more effective, efficient, and satisfying compared with DoodlePass. Both qualitative and quantitative analysis of the data were undertaken at all stages of the research. Overall, the findings suggest that graphical authentication systems are usable and promising alternatives for text passwords to overcome literacy and memorability challenges for children in the 6 to 12 years age group

Verificaciónn de firma y gráficos manuscritos: Características discriminantes y nuevos escenarios de aplicación biométrica

Tesis doctoral inédita leída en la Escuela Politécnica Superior, Departamento de Tecnología Electrónica y de las Comunicaciones. Fecha de lectura: Febrero 2015The proliferation of handheld devices such as smartphones and tablets brings a new scenario for biometric authentication, and in particular to automatic signature verification. Research on signature verification has been traditionally carried out using signatures acquired on digitizing tablets or Tablet-PCs. This PhD Thesis addresses the problem of user authentication on handled devices using handwritten signatures and graphical passwords based on free-form doodles, as well as the effects of biometric aging on signatures. The Thesis pretends to analyze: (i) which are the effects of mobile conditions on signature and doodle verification, (ii) which are the most distinctive features in mobile conditions, extracted from the pen or fingertip trajectory, (iii) how do different similarity computation (i.e. matching) algorithms behave with signatures and graphical passwords captured on mobile conditions, and (iv) what is the impact of aging on signature features and verification performance. Two novel datasets have been presented in this Thesis. A database containing free-form graphical passwords drawn with the fingertip on a smartphone is described. It is the first publicly available graphical password database to the extent of our knowledge. A dataset containing signatures from users captured over a period 15 months is also presented, aimed towards the study of biometric aging. State-of-the-art local and global matching algorithms are used, namely Hidden Markov Models, Gaussian Mixture Models, Dynamic Time Warping and distance-based classifiers. A large proportion of features presented in the research literature is considered in this Thesis. The experimental contribution of this Thesis is divided in three main topics: signature verification on handheld devices, the effects of aging on signature verification, and free-form graphical password-based authentication. First, regarding signature verification in mobile conditions, we use a database captured both on a handheld device and digitizing tablet in an office-like scenario. We analyze the discriminative power of both global and local features using discriminant analysis and feature selection techniques. The effects of the lack of pen-up trajectories on handheld devices (when the stylus tip is not in contact with the screen) are also studied. We then analyze the effects of biometric aging on the signature trait. Using three different matching algorithms, Hidden Markov Models (HMM), Dynamic Time Warping (DTW), and distance-based classifiers, the impact in verification performance is studied. We also study the effects of aging on individual users and individual signature features. Template update techniques are analyzed as a way of mitigating the negative impact of aging. Regarding graphical passwords, the DooDB graphical password database is first presented. A statistical analysis is performed comparing the database samples (free-form doodles and simplified signatures) with handwritten signatures. The sample variability (inter-user, intra-user and inter-session) is also analyzed, as well as the learning curve for each kind of trait. Benchmark results are also reported using state of the art classifiers. Graphical password verification is afterwards studied using features and matching algorithms from the signature verification state of the art. Feature selection is also performed and the resulting feature sets are analyzed. The main contributions of this work can be summarized as follows. A thorough analysis of individual feature performance has been carried out, both for global and local features and on signatures acquired using pen tablets and handheld devices. We have found which individual features are the most robust and which have very low discriminative potential (pen inclination and pressure among others). It has been found that feature selection increases verification performance dramatically, from example from ERRs (Equal Error Rates) over 30% using all available local features, in the case of handheld devices and skilled forgeries, to rates below 20% after feature selection. We study the impact of the lack of trajectory information when the pen tip is not in contact with the acquisition device surface (which happens when touchscreens are used for signature acquisitions), and we have found that the lack of pen-up trajectories negatively affects verification performance. As an example, the EER for the local system increases from 9.3% to 12.1% against skilled forgeries when pen-up trajectories are not available. We study the effects of biometric aging on signature verification and study a number of ways to compensate the observed performance degradation. It is found that aging does not affect equally all the users in the database and that features related to signature dynamics are more degraded than static features. Comparing the performance using test signatures from the first months with the last months, a variable effect of aging on the EER against random forgeries is observed in the three systems that are evaluated, from 0.0% to 0.5% in the DTW system, from 1.0% to 5.0% in the distance-based system using global features, and from 3.2% to 27.8% in the HMM system. A new graphical password database has been acquired and made publicly available. Verification algorithms for finger-drawn graphical passwords and simplified signatures are compared and feature analysis is performed. We have found that inter-session variability has a highly negative impact on verification performance, but this can be mitigated performing feature selection and applying fusion of different matchers. It has also been found that some feature types are prevalent in the optimal feature vectors and that classifiers have a very different behavior against skilled and random forgeries. An EER of 3.4% and 22.1% against random and skilled forgeries is obtained for free-form doodles, which is a promising performance