The Impact of Image Synonyms in Graphical-Based Authentication Systems

Traditional text-based passwords used for authentication in information systems have several known issues in the areas of usability and security. Research has shown that when users generate passwords for systems, they tend to create passwords that are subject to compromise more so than those created randomly by the computer. Research has also shown that users have difficulty remembering highly secure, randomly created, text-based passwords. Graphical-based passwords have been shown to be highly memorable for users when applied to system authentication. However, graphical-based authentication systems require additional cognitive load to recognize and enter a password compared to traditional text-based authentication that is more muscle-memory. This increase in cognitive load causes an increased security risk of shoulder-surfing created from the longer amount of time needed to input a password. Graphical-based authentication systems use the same images for each possible input value. This makes these authentication systems vulnerable to attackers. The attackers use their ability to remember visual information to compromise a graphical-based password. This study conducted research into a graphical-based authentication scheme that implemented pictorial synonyms. The goal is to decrease security risk of graphical-based authentication systems while maintaining (or even increasing) the usability of these systems. To accomplish this goal, a study to evaluate the impact on the cognitive load required using an image synonym authentication system compared to traditional graphical-based authentication schemes. The research found that there was not a significant difference in the areas of user cognitive load, shoulder-surfing threat, and user effectiveness. The research evaluated users\u27 accuracy, cognitive load, and time to authenticate and found to have significant impact of pictorial synonyms on graphical-based authentication systems. The research shows that the accuracy of pictorial synonyms was greater than word password. This appears to due to people\u27s ability to recall pictorial information over text information. Future research should look at the impact of pictorial synonyms on shoulder-surfing attackers and different ages

Graphical user authentication system (GUAS)

Nowadays, the most accepted computer authentication technique is to use alphanumerical usernames with text-based password. This method has been proven to have significant multiple weaknesses. For example, users tend to choose the passwords that can be easily cracked. On the other hand, if a password is difficult to guess, then it is often hard to memorize. To address those issues, some researchers have developed graphical-based authentication algorithm that implement pictures as passwords. In this project, I had conduct an in-depth comprehensive review regarding the existing graphical password scheme. Furthermore, I classify these existing Graphical User Authentication System (GUAS) into two kinds of mechanism, which are: recognition-based and recall-based approaches. Besides that, I will examine the strengths and limitations of each technique and identify the future research directions. I also developed an improved version of GUAS algorithm address the common limitation exists in the current graphical password techniques. Overall, in this thesis, the scheme of the new technique will be proposed, the advantages of technique will be outlined and lastly, the future work will be anticipated as well

An improved map based graphical android authentication system

Currently, graphical password methods are available for android and other devices, but the major problem is vulnerability issue. A map graphical-based authentication system (Dheeraj et al, 2013) was designed on mobile android devices, but it did not provide a large choice or multiple sequence to user for selecting password which made it vulnerable to brute-force attack, and there is no randomization which made it prone to shoulder-surfing attack. This proposed system seeks to improve the map graphical-based password authentication system android application devices. The system adds the password space size, rule and randomization during registration and login stage. This will improve the system and make it more secured against brute force and shoulder surfing attacks. The experimental results revealed that 910 trials instead of 730 using two countries selection, 5760 trials instead of 5050 for the existing system are available on the map using 3 countries, 352807 trials instead of 30250 for the existing system are available on the map using 4 countries and 181440 trials instead of 151210 for the existing system are available on the map using 5 countries. Thus, very larger number of trials has to be done for detection to succeed using brute force technique.Keywords: Authentication, Graphical Passwords, Randomization, Password Space Siz

Secure E-mailing System Using Pair Based Scheme and AES with Session Password

In early days Textual passwords are used for security of session but these passwords are vulnerable to the various attacks like Dictionary attack, Shoulder surfing, eves dropping, etc. Further graphical passwords and bio-metric passwords are invented. These two techniques are good performer but they have their own disadvantages. Such as requires extra time for login and more cost respectively. Thus we proposed a session password scheme in which the passwords are used only once for each and when session is terminated the password is no longer in use. The proposed of session password scheme uses Pair Based Authentication scheme for generating session password. In every Data communication system security to data is primary aim. Data security can be provided by many ways. This Paper gives a design of effective security for data communication in network by AES algorithm for encryption and decryption

Pattern lock and the app based on context, ease of use aspect in comparison

Smartphone has been a popular device utilized to support productivity in human life and has become an integral part of human activities such as for communication, entertainment and social interaction. Those activities can be related to the information which needs to be protected because of its high privacy. Therefore, the smartphone needs a procedure that demonstrates an ability to secure that user information. However, more protective the scheme, more difficult the usage. Based on that pattern behavior, a good security scheme which support the users for easy security feature is urgently needed. One of such kind security features is authentication feature. In that manner, the ease of use aspect for acquiring the system by using an easy authentication mechanism becomes critically important. The ease of use intended is the efficiency of interaction between the user and that security feature for doing authentication including the time needed for doing that. This study developed the app which utilizes the context data, namely Geofilock. The context data meant is the location data based on the GPS and MAC address of the Wi-Fi. The system detected both context data and determined whether the smartphone needs to show the pattern screen lock as authentication feature or not, based on the context data analysis. The functionality of Geofilock works properly as shown by less user interaction number and less time needed by the user for obtaining the access. In addition, the app is easy to operate, as suggested by the user feedback

A Hybrid Graphical User Authentication Scheme in Mobile Cloud Computing Environments

User authentication is a critical security requirement for accessing resources in cloud computing systems. A text-based password is a standard user authentication way and it is still extensively used so far. However, textual passwords are difficult to remember, which forces users to write it down and compromise security. In recent years, graphical user authentication methods have been proposed as an alternative way used to verify the identity of users. The most critical challenges cloud-computing users face is to post their sensitive data on external servers that are not directly under their control and that can be used or managed by other people. This paper proposes a question-based hybrid graphical user authentication scheme for portable cloud-computing environments. The proposed scheme comprises advantages over both recognition- and recall-based techniques without storing any sensitive information on cloud servers. The experimental study and survey have been conducted to investigate the user satisfaction about the performance and usability aspects of the proposed scheme. The study results show that the proposed scheme is secure, easy to use, and immune to potential password attacks such as brute force password guessing attacks and shoulder surfing attack

Improving Children\u27s Authentication Practices with Respect to Graphical Authentication Mechanism

A variety of authentication mechanisms are used for online applications to protect user’s data. Prior literature identifies that adults and children often utilize weak authentication practices and our own initial research corroborates that children often create weak usernames and passwords. One reason children adopt weak authentication practices is due to difficulties in remembering their usernames and passwords. Existing literature suggests that people are better at remembering graphical information than text and words. In this dissertation, my research goal is to improve the usability and security of children’s authentication mechanisms. My research includes designing, developing, and evaluating a new graphical user authentication mechanism for children where children choose a sequence of pictures as their password. In our studies, this mechanism, named KidsPic, allowed children (ages 6-11) to create and remember their passwords better than an alphanumeric password. Usability studies identified areas needing further investigation with regards to usability and security. With regards to usability: we investigated whether resolution influences picture selection, the influence of category order on memorability, if the number of objects in a picture influences its selection, and if picture features like dominant colors influences picture selection. With regards to security: we designed and implemented mechanisms to mitigate brute-force and shoulder surfing attacks. For guessing attacks, we conducted a usability study with child dyads. The results and analysis from these additional usability research objectives revealed no influence of picture resolution, order of picture categories, number of objects in each picture, and dominant colors on children choosing pictures for their password. The security research objectives resulted in design enhancements of KidsPic that mitigate bruteforce, shoulder surfing, and guessing attacks

Usability analysis of authentication techniques

This document will be divided into two main parts. The first one will be the classification of the authentication techniques. We will search the main electronic databases for papers related to authentication techniques. We will then summarize the related papers and show what classifications they use for the authentication techniques. After all of the documents have been read and summarized we will analyse them and group the authentication techniques into the classifications found. For the second part of the document we will focus on the study of usability attributes in the authentication techniques. This to know how authentications techniques compare to one another based on their usability attributes. We will search the main electronic databases for papers related to the usability attributes of authentication techniques based on the usability definition of ISO/IEC 25010 (SQuaRE) and its attributes. We will then summarize the related papers and show what authentication methods they describe and which usability attributes they measure. After all of the documents have been read and summarized we will analyse them depending on their usability attribute. At the end we will elaborate those results to show which authentication techniques have better usability in terms of a specific usability attribute. This will help practitioners who are interested in using authentication methods but want or need to focus on a specific usability attribute. They will be able to use this as a guide to help them chose the best option that fits their purpose