Towards a metric for recognition-based graphical password security

Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme

The effectiveness of intersection attack countermeasures for graphical passwords

Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks

An algorithm for automatically choosing distractors for recognition based authentication using minimal image types

<p>When a user logs on to a recognition based authentication system, he or she is presented with a number of images, one of which is their pass image and the others are distractors. The user must recognise and select their own image to enter the system. If any of the distractors is too similar to the target, the user is likely to become confused and may well choose a distractor by mistake.</p> <p>It is simple for humans to rule on image similarity but such a labour intensive approach hinders the wider uptake of these mechanisms. Automating image similarity detection is a challenging problem but somewhat easier when the images being used are minimal image types such as hand drawn doodles and Mikons constructed using a computer tool.</p> <p>We have developed an algorithm, which has been reported earlier, to automatically detect if two doodle images are similar. This paper reports a new experiment to discover the amount of similarity in collections of doodles and Mikons, from a human perspective. This information is used to improve the algorithm and confirm that it also works well with Mikons.</p&gt

Comparing the usability of doodle and Mikon images to be used as authenticators in graphical authentication systems

Recognition-based graphical authentication systems rely on the recognition of authenticator images by legitimate users for authentication. This paper presents the results of a study that compared doodle images and Mikon images as authenticators in recognition based graphical authentication systems taking various usability dimensions into account. The results of the usability evaluation, with 20 participants, demonstrated that users preferred Mikon to doodle images as authenticators in recognition based graphical authentication mechanisms. Furthermore, participants found it difficult to recognize doodle images during authentication as well as associate them with something meaningful. Our findings also show the need to consider the security offered by the images, especially their predictability

Multicriteria optimization to select images as passwords in recognition based graphical authentication systems

Usability and guessability are two conflicting criteria in assessing the suitability of an image to be used as password in the recognition based graph -ical authentication systems (RGBSs). We present the first work in this area that uses a new approach, which effectively integrates a series of techniques in order to rank images taking into account the values obtained for each of the dimen -sions of usability and guessability, from two user studies. Our approach uses fuzzy numbers to deal with non commensurable criteria and compares two multicriteria optimization methods namely, TOPSIS and VIKOR. The results suggest that VIKOR method is the most applicable to make an objective state-ment about which image type is better suited to be used as password. The paper also discusses some improvements that could be done to improve the ranking assessment

A comprehensive study of the usability of multiple graphical passwords

Recognition-based graphical authentication systems (RBGSs) using images as passwords have been proposed as one potential solution to the need for more usable authentication. The rapid increase in the technologies requiring user authentication has increased the number of passwords that users have to remember. But nearly all prior work with RBGSs has studied the usability of a single password. In this paper, we present the first published comparison of the usability of multiple graphical passwords with four different image types: Mikon, doodle, art and everyday objects (food, buildings, sports etc.). A longi-tudinal experiment was performed with 100 participants over a period of 8 weeks, to examine the usability performance of each of the image types. The re-sults of the study demonstrate that object images are most usable in the sense of being more memorable and less time-consuming to employ, Mikon images are close behind but doodle and art images are significantly inferior. The results of our study complement cognitive literature on the picture superiority effect, vis-ual search process and nameability of visually complex images

Measuring the revised guessability of graphical passwords

There is no widely accepted way of measuringthe level of security of a recognition-based graphical password against guessing attacks. We aim to address this by examining the influence of predictability of user choice on the guessability and proposing a new measure of guessability. Davis et al. showed that these biases exist for schemes using faces and stories, we support this result and show these biases exist in other recognition-based schemes. In addition, we construct an attack exploiting predictability, which we term “Semantic Ordered Guessing Attack” (SOGA). We then apply this attack to two schemes (the Doodles scheme and a standard recognition-based scheme using photographic images) and report the results. The results show that predictability when users select graphical passwords influence the level of security to a varying degree (dependent on the distractor selection algorithm). The standard passimages scheme show an increase on guessability of up to 18 times more likely than the usual reported guessability, with a similar set up of nine images per screen and four screens, the doodles scheme shows a successful guessing attack is 3.3 times more likely than a random guess. Finally, we present a method of calculating a more accurate guessability value, which we call the revised guessability of a recognition-based scheme. Our conclusion is that to maximise the security of a recognition-based graphical password scheme, we recommend disallowing user choice of images

Evaluation of Year 1 of the Tuition Partners Programme: Impact Evaluation for Primary Schools. Evaluation Report

The National Tutoring Programme (NTP) Tuition Partners (TP) programme was designed to provide additional support to schools and teachers to supplement classroom teaching through subsidised high-quality tutoring for pupils from an approved list of tutoring organisations, the Tuition Partners. This evaluation covers the TP programme as delivered in its first year by the Education Endowment Foundation (EEF), from November 2020 to August 2021. Tuition Partners was one arm of the NTP. The NTP aimed to support teachers and schools in providing a sustained response to the Covid-19 pandemic and to provide a longer term contribution to closing the attainment gap between disadvantaged pupils and their peers. The NTP was part of a wider government response to the pandemic, funded by the Department for Education and originally developed by the EEF, Nesta, Impetus, The Sutton Trust, and Teach First, and with the support of the KPMG Foundation. The EEF appointed 33 approved ‘Tuition Partners’ that schools could select from to deliver tuition. Schools could access 15 hours of tutoring per selected pupil (with a minimum of 12 hours being considered a completed block of tuition). Tuition was provided online and/or face-to-face; and was 1:1, or in small groups (1:2 or 1:3); and available in English, maths, science, humanities and modern foreign languages. Tuition was expected to be delivered in schools (before, during and after school), in addition to usual teaching; and, in certain circumstances, at home. The programme was targeted at disadvantaged pupils attending state-maintained schools in England, including those eligible for Pupil Premium funding (PP-eligible), Free School Meals (FSM), or those identified by schools as having an equivalent need for support. Participating schools had discretion to identify which of their pupils they felt would most benefit from additional tuition support. Pupils in Years 1–11 were eligible (5–16 years old). The programme aimed to reach 215,000 to 265,000 pupils, across 6000 state-maintained schools in England, and it was expected that approximately 20,000 tutors would be recruited by Tuition Partners. The TP programme was set up and delivered during the Covid-19 pandemic, requiring continued responsiveness to the challenges faced by schools including restricted attendance, remote teaching, and ongoing widespread staff and pupil absences. During the school closures to most pupils from January – March 2021, the EEF approved TPs to deliver online tuition at home, however many schools chose to wait to commence tutoring until schools reopened fully, and therefore started tutoring later than planned. This evaluation report covers the analysis on the impact of the TP programme on the maths and English attainment outcomes for primary school pupils (Years 1–6) using standardised classroom assessments. Separate reports relate to analysis on Year 11 pupils and an implementation and process evaluation (IPE). The evaluation findings for the TP programme are brought together in a summary and interpretation report that is available here. This evaluation uses a quasi-experimental design (QED), involving a group of intervention schools that participated in the TP programme, and a group of comparison schools that did not receive the programme. The evaluation relies on a propensity score matching and re-weighting approach to ensure that the intervention and comparison schools are similar to each other in important, observable regards. As pupils who would have received TP in comparison schools were difficult to identify, the evaluation focused on pupils eligible for Pupil Premium and on all pupils, as these groups can be identified in both TP and comparison schools. For English, the analysis is based on 165 primary schools with 7073 pupils eligible for Pupil Premium and for maths, 126 primary schools with 5102 pupils eligible for Pupil Premium3. An additional instrumental variable (IV) analysis, based on the sample of TP schools only, looked at the impact of TP in schools that signed up to the TP programme earlier (and that delivered more tutoring) compared to schools that signed up later. On average, pupils eligible for Pupil Premium in schools that received TP made similar progress in English and maths compared to pupils eligible for Pupil Premium in comparison schools (no evidence of an effect in English or in maths). This result has a low security rating. A particular challenge is that, on average, only approximately 20% of pupils eligible for Pupil Premium were selected for tutoring, meaning a large proportion of pupils eligible for Pupil Premium were included in the analysis who did not receive tutoring. Therefore, this estimated impact of TP is diluted and it is hard to detect any effect that may (or may not) be present. Similar analysis on all pupils found that pupils in schools that received TP made, on average, similar progress in English compared to all pupils in comparison schools (no evidence of an effect), and an additional one month’s progress in maths compared to pupils in comparison schools. However, there is uncertainty around these estimates, with the positive maths result being consistent with a null (0 months) or slightly larger positive effect (2 months) and the English result being consistent with small positive (1 month) or small negative effect (−1 months). Furthermore, this analysis was subject to even further dilution: on average, only 12% (for maths) and 14% (for English) of pupils in the analysed schools were selected for tutoring. Given this context, it is unlikely that any of these differences were due to TP. In the sample of TP schools, completing a 12-hour block of tutoring (compared to zero hours) was related to higher English scores amongst pupils eligible for Pupil Premium that received more tutoring due to the early sign-up of the school. An equivalent analysis for maths was not able to proceed. A different analysis within TP schools showed that pupils who received more hours of tutoring were associated with higher English scores on average than pupils who received fewer hours of tutoring. However, this was not the case for maths, where receiving more hours of tutoring was not associated with higher maths scores. These results are associations and are not necessarily causal estimates of impact; there may be other explanations for the results

Evaluation of Year 1 of the Tuition Partners Programme: Impact Evaluation Report for Year 11. Evaluation Report: An exploration of impact in Year 11

The National Tutoring Programme (NTP) Tuition Partners (TP) programme was designed to provide additional support to schools and teachers to supplement classroom teaching through subsidised, high quality tutoring for pupils from an approved list of tutoring organisations, the Tuition Partners. This evaluation covers the TP programme as delivered in its first year by the Education Endowment Foundation (EEF), from November 2020 to August 2021. Tuition Partners was one arm of the NTP. The NTP aimed to support teachers and schools in providing a sustained response to the Covid-19 pandemic and to provide a longer term contribution to closing the attainment gap between disadvantaged pupils and their peers. The NTP was part of a wider government response to the pandemic, funded by the Department for Education and originally developed by the EEF, Nesta, Impetus, The Sutton Trust, and Teach First, and with the support of the KPMG Foundation. The EEF appointed 33 approved ‘Tuition Partners’ that schools could select from to deliver tuition. Schools could access 15 hours of tutoring per selected pupil (with a minimum of 12 hours being considered a completed block of tuition). Tuition was provided online and/or face-to-face; and was 1:1, or in small groups (1:2 or 1:3); and available in English, maths, science, humanities and modern foreign languages. Tuition was expected to be delivered in schools (before, during and after school), in addition to usual teaching; and in certain circumstances, at home. The programme was targeted at disadvantaged pupils attending state-maintained schools in England, including those eligible for Pupil Premium funding (PP-eligible), Free School Meals (FSM), or those identified by schools as having an equivalent need for support. Participating schools had discretion to identify which of their pupils they felt would most benefit from additional tuition support. Pupils in Years 1–11 were eligible (5–16 years old). The programme aimed to reach 215,000 to 265,000 pupils, across 6,000 state-maintained schools in England, and it was expected that approximately 20,000 tutors would be recruited by Tuition Partners. The TP programme was set up and delivered during the Covid-19 pandemic, requiring continued responsiveness to the challenges faced by schools including restricted attendance, remote teaching, and ongoing widespread staff and pupil absences. During school closures to most pupils from January – March 2021, the EEF approved TPs to deliver online tuition at home, however many schools chose to wait to commence tutoring until schools reopened fully, and therefore started tutoring later than planned. The usual summer exams process for Year 11 pupils could not go ahead as planned in summer 2021, and GCSEs were determined by TAGs instead. This evaluation report covers the analysis on the impact of the TP programme on the maths and English attainment outcomes for Year 11 pupils only. Separate reports relate to analysis on a sample of primary schools and an implementation and process evaluation (IPE). The evaluation findings for the TP programme are brought together in a summary and interpretation report that is available here. This evaluation uses a quasi-experimental design (QED), involving a group of intervention schools that participated in the TP programme, and a group of comparison schools that did not receive the programme. The evaluation relies on a propensity score matching approach to ensure that the intervention and comparison schools are similar to each other in important, observable regards. As pupils who would have received TP in comparison schools were difficult to identify, the evaluation focused on pupils eligible for Pupil Premium and on all pupils, as these groups can be identified in both TP and non-TP schools. The analysis is based on 1,464 secondary schools with a total of 62,024 pupils eligible for Pupil Premium. The evaluation assessed impact in English and maths using Teacher Assessed Grades (TAGs) from 2021. Year 11 pupils eligible for Pupil Premium in schools that received TP made similar progress in English and maths compared to pupils eligible for Pupil Premium in comparison schools (there was no evidence of an effect in English or maths). A particular challenge is that, on average, only 12% of pupils eligible for Pupil Premium were selected for tutoring in maths and 9% were selected for tutoring in English, meaning the vast majority of the pupils included in the analysis did not receive tutoring. Therefore, this estimated impact of TP is diluted and it is hard to detect any effect that may (or may not) be present. When looking at all pupils in Year 11, pupils in schools that received TP made, on average, similar progress in English compared to all Year 11 pupils in comparison schools (there was no evidence of an effect). In maths, Year 11 pupils in schools that received TP made slightly less progress than all Year 11 pupils in comparison schools (though this effect was very small and equivalent to zero months ’ additional progress). However, this analysis was subject to even further dilution than the PPeligible analysis: only 7% of Year 11 pupils were selected for tutoring in maths and 6% in English. Given this context, it is unlikely that any of these differences were due to TP. Additional analysis restricted the sample of schools to those that targeted higher proportions of pupils eligible for Pupil Premium to receive tutoring, to reduce the issue of dilution and bring the group of analysed pupils closer to those that were selected for the intervention. In schools that selected over 50% of pupils eligible for Pupil Premium for tutoring, pupils eligible for Pupil Premium made similar progress in TP and comparison schools in English and maths. However, when the sample was restricted to schools that selected over 70% of pupils eligible for Pupil Premium for tutoring (and reducing dilution further), the impact of TP on pupils eligible for Pupil Premium is positive. In these schools, pupils eligible for Pupil Premium made, on average, the equivalent of two months additional progress in English and two months additional progress in maths, compared to pupils eligible for Pupil Premium in comparison schools. This analysis was based on a smaller sample of schools that were rematched to a comparison sample. However, different characteristics to the rest of the TP population of schools remained (more ‘Outstanding’ schools, lower percentage of FSM students), so this finding may not necessarily be generalisable to all TP schools. Within schools that participated in TP, pupils who received more hours of tutoring in maths obtained higher maths TAGs, and pupils who received more hours of tutoring in English obtained higher English TAGs, than pupils who received fewer hours of tutoring in the respective subjects. These results are associations and are not necessarily causal estimates of impact; there may be other explanations for the higher grades among these pupils

Calculation of the free-free transitions in the electron-hydrogen scattering S-wave model

The S-wave model of electron-hydrogen scattering is evaluated using the convergent close-coupling method with an emphasis on scattering from excited states including an initial state from the target continuum. Convergence is found for discrete excitations and the elastic free-free transition. The latter is particularly interesting given the corresponding potential matrix elements are divergent