A New Password Authentication Mechanism Using 2D Shapes

Fayyadh, Bilal Eid; Mansour, Khalid; Mahmoud, Khaled W.

doi:10.1109/csit.2018.8486188

Cited by 7 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their approach provides more benefits compared to ordinary text-based passwords but does not clearly state how shoulder surfing attacks would be minimized. Moreover, Fayyadh et al [45] present a graphical method that allows the user to create shapes during their registration and thereby required to draw such shapes when accessing the system. Their approach is quite an improvement compared to Bilgi and Tugrul [44].…”

Section: 2results Of Password Biometric Authenticationmentioning

confidence: 99%

“…Table 2 shows the evaluation of password biometric authentication approaches. [45] password authentication graphical password (2D Shapes) effective against the brute force attacks, the dictionary attacks, and the keylogger attacks Difficult to remember the number of used shapes when larger Sudramurthy et al (2017) [51] password authentication…”

Section: 2results Of Password Biometric Authenticationmentioning

confidence: 99%

See 1 more Smart Citation

A survey of biometric approaches of authentication

Yusuf¹,

Marafa²,

Shehu³

et al. 2020

IJACR

View full text Add to dashboard Cite

Information security refers to a means of preventing unauthorized users from access to information. Risk management usually adopts in information security to provide solutions to security challenges by minimizing risks.Risk can be minimized by administrative control and defense mechanisms. Access control can also enforce the user right access and thereby minimizing risks. Authentication is one of the techniques used in access control systems to protect unauthorized access. Many approaches for authentication have been proposed to address security challenges. These approaches have a conflict with the system usability and therefore required the modification of tradition password techniques for better solutions. Information Authentication is the common method used by security experts to verify the users' identities before getting access right into the system. Access controls are enforced for all users, irrespective of categories they belong. Traditional authentication methods [1] were enough to protect the unauthorized access right as many security breaches were reported. Therefore, advanced security methods that are based on human features required.

show abstract

Section: 2results Of Password Biometric Authenticationmentioning

confidence: 99%

Section: 2results Of Password Biometric Authenticationmentioning

confidence: 99%

A survey of biometric approaches of authentication

Yusuf¹,

Marafa²,

Shehu³

et al. 2020

IJACR

View full text Add to dashboard Cite

show abstract

“…All the user needs to do for authentication is to draw the pattern as shown. B. E. Fayyadh et al [40] in this paper proposes a new hybrid graphical password scheme using two-dimensional (2D) shapes to create passwords. in this new scheme, users are asked to use certain 2D shapes to draw their graphical password during registration.…”

Section: B Drawing Password Authenticationmentioning

confidence: 99%

On-Air Hand-Drawn Doodles for IoT Devices Authentication During COVID-19

Elshenaway

Guirguis

2021

IEEE Access

View full text Add to dashboard Cite

In this paper, a new natural human interaction authentication method has been proposed for the Internet of Things (IoT) devices. In this method the user draws doodles on-air for authentication. On-air drawing, refers to virtually drawing free hand-drawn doodles passwords through hand gestures on the air without touching anything which is recommended during COVID-19. This work uses Google Quick Draw doodles dataset for password doodles. The proposed method is based on a usual video camera, two lightweight Convolutional Neural Networks (CNN) and Kalman filter. The first CNN for hand gestures classification to overcome dynamic hand gestures challenges on the air. The second CNN for authentication verification. Kalman filter is used to correct and smooth the drawn line path on the air. To accept the new authentication method, it must achieve two main goals security and usability. The evaluation of the usability was based on ISO 9241-11:2018 standards usability model. The results revealed that the accuracy of the proposed authentication method is 95% and, the efficiency is 94% and user satisfaction is accepted. The evaluation of the security was based on two threats related to IoT devices which are guessing and physical observation. The results showed that the password strength of the proposed authentication method is stronger than the traditional 4-digits PIN password. The proposed authentication method is also resistant to physical observation threats.

show abstract

“…Often these systems rely on highly specific software dependencies which are not always viable for wider implementation. While graphical passwords may circumvent many issues native to alphanumeric passwords—such as brute-forcing, key-logging, and dictionary cyber-attacks—through its introduction of CAPTCHA-based elements, graphical passwords introduce their own set of native issues [ 8 , 11 , 17 , 22 , 23 , 24 , 25 ]. Primarily, deployability of graphical passwords is a continuous topic of debate; while it is usually accepted for ease of implementation on mobile devices, their implementation on web browsers or desktop systems has received scrutiny [ 8 ].…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

“…Primarily, deployability of graphical passwords is a continuous topic of debate; while it is usually accepted for ease of implementation on mobile devices, their implementation on web browsers or desktop systems has received scrutiny [ 8 ]. Depending on the category of graphical passwords implemented, inflation of user responsibility is another serious concern, especially for higher security patterns [ 8 , 23 , 24 ]. Much like biometric passwords, graphical password systems also face the threat of false positives [ 17 , 24 ].…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

View full text Add to dashboard Cite

A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client–server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client–server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

show abstract

A New Password Authentication Mechanism Using 2D Shapes

Cited by 7 publications

References 16 publications

A survey of biometric approaches of authentication

A survey of biometric approaches of authentication

On-Air Hand-Drawn Doodles for IoT Devices Authentication During COVID-19

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Contact Info

Product

Resources

About