Shoulder Surfing Resistant Graphical Authentication Scheme for Web Based Applications

Since the design and development of the first graphical authentication pioneered by Blonder in 1996, numerous research has been conducted on this area to be used in different scenarios especially on the Internet. One of the major motivators is the picture superiority which as studies have shown, states that images/pictures provide higher memorability as opposed to Text based authentication. However, graphical authentication is still faced with some challenges. In this paper, a shoulder surfing resistant graphical authentication scheme is proposed to tackle a major issue related to the graphical authentication schemes developed. The proposed scheme provides a high level of resistance to shoulder surfing attacks, mitigating the need to upload pictures and aids in finding chosen objects in the scheme. However, the schemes has some vulnerabilities which implies that there may not be a perfect graphical authentication scheme; each scheme has its merits and demerits making it a suitable candidate for different environment and/or event depending on its architecture

Towards an effective recognition graphical password mechanism based on cultural familiarity

Text-based passwords for authentication are exposed to the dictionary attack as users tend to create weak passwords for easy memorability. When dealing with user’s authentication, pictures are more likely to be simply remembered in comparison with words. Hence, this study aimed to determine the types of pictures in accordance to users’ cultural background. It also investigated the relationship between the choices of password and the cultural familiarity along with the effect of Graphical Password (GP) on security and usability. A list of guidelines was proposed for the recognition of graphical passwords. This is believed to increase the security as well as usability. A total of 40 students were recruited to build a GP database. Further, an evaluation was conducted to investigate users’ familiarity and recognition of the GP from the database using 30 other respondents. The results showed that the 30 participants positively responded to the familiar pictures in accordance to their cultures. The result of successful login rate was 79.51% which indicates that cultural-based GP has increased the respondents’ familiarity by promoting their memorability. Further, the respondents who chose familiar GP had higher guessing attack rate than the unfamiliar GP. Finally, a total of 8 guidelines were established based on the aspects that correspond to the users’ preferences for choosing and processing GP. These guidelines can be used by graphical password system designers to develop effective GP system

Empirical approach towards investigating usability, guessability and social factors affecting graphical based passwords security

This thesis investigates the usability and security of recognition-based graphical authentication schemes in which users provide simple images. These images can either be drawn on paper and scanned into the computer, or alternatively, they can be created with a computer paint program. In our first study, looked at how culture and gender might affect the types of images drawn. A large number of simple drawings were provided by Libyan, Scottish and Nigerian participants and then divided into categories. Our research found that many doodles (perhaps as many as 20%) contained clues about the participants’ own culture or gender. This figure could be reduced by providing simple guidelines on the types of drawings which should be avoided. Our second study continued this theme and asked the participants to try to guess the culture of the person who provided the image. This provided examples of easily guessable and harder to guess images. Our third study we built a system to automatically register simple images provided by users. This involved creating a website where the users could register their images and which they could later login to. Image analysis software was also written which corrected any mistakes the user might make when scanning in their images or using the Paint program. This research showed that it was possible to build an automatic registration system, and that users preferred using a paint tool rather than drawing on paper and then scanning in the drawing. This study also exposed poor security in some user habits, since many users kept their drawings or image files. This research represents one of the first studies of interference effects where users have to choose two different graphical passwords. Around half of the users provided very similar set of drawings. The last study conducted an experiment to find the best way of avoiding ‘shoulder surfing’ attacks to security when selecting simple images during the login stage. Pairs of participants played the parts of the observer and the user logging in. The most secure approaches were selecting using a single keystroke and selecting rows and columns with two key strokes

Security evaluation for graphical password

Nowadays, user authentication is one of the important topics in information security. Text-based strong password schemes could provide with certain degree of security. However, the fact that strong passwords being difficult to memorize often leads their owners to write them down on papers or even save them in a computer file. Graphical Password or Graphical user authentication (GUA) has been proposed as a possible alternative solution to text-based authentication, motivated particularly by the fact that humans can remember images better than text. All of Graphical Password algorithms have two different aspects which are usability and security. This paper focuses on security aspects of algorithms that most of researchers work on this part and try to define security features and attributes. Unfortunately, till now there isn't a complete evaluation criterion for graphical password security. At first, this paper tries to study on most of GUA algorithm. Then, collects the major security attributes in GUA and proposed an evaluation criterion