An Algorithm for Automatically Choosing Distractors for Recognition Based Authentication using Minimal Image Types

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

2013

Self Cite

Recognition-based graphical password have been proposed as an alternative to overcome the drawbacks of the alphanumeric password in user authentication. A web-based study was performed to determine the cultural impact on the usability of recognition-based graphical password. A number of participants (Saudi and British) selected their graphical passwords from a set of pictures representing different cultures. After three months, they were asked to login using their graphical passwords.For the registration stage, our results show that users were highly affected by their culture when they chose pictures for their graphical password. However, Saudis were significantly more affected by their culture than British. Also, there was no evidence that gender can affect the participant's choice when it comes to select graphical password from pictures belonging to their culture.For the authentication stage, the main results show that the memorability rate for graphical passwords consisting of only pictures belonging to participants' culture was higher than the memorability rate for graphical passwords consisted of pictures which did not belong to participants' culture. Also, there was no evidence that the participants, who had graphical passwords based on their cultures, will have less time to login than other participants, who had non-cultural based graphical passwords.

Section: Types Of Pictures Used For Recognition-based Graphical Pmentioning

confidence: 99%

The Affect of Familiarity on the Usability of Recognition-Based Graphical Passwords: Cross Cultural Study between Saudi Arabia and the United Kingdom

Aljahdali

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

2013

Self Cite

“…An intersection attack, as defined by Dhamija et al [7] (and discussed in [8], [13] ) is an attack in which the at- • Use the same decoy images and pass images for each session.…”

Section: Observability: Intersection Attackmentioning

confidence: 99%

Towards a metric for recognition-based graphical password security

English

2011 5th International Conference on Network and System Security

2011

Self Cite

Abstract-Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognitionbased graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

“…The first is the "Doodles" scheme [11] where black and white user drawings (doodles) are used for authentication. This was selected as an example of a recognition-based graphical password scheme where the user is involved in the creation of the passimage.…”

Section: A Recognition-based Graphical Password Schemesmentioning

confidence: 99%

“…The purpose was to minimize any ambiguity over doodle content. The following descriptions were used to define equivalence (taken from the categories of classification as discussed by Poet and Renaud [11]) same word; same concept, different word ; different levels of category, same concept.Doodle descriptions were deemed distinct if they fell into the following categories: whole picture vs. detail; different perspective; completely different concepts. Each doodle then had multiple classifications, these were then further refined into categories by applying a majority ruling.…”

Section: E Categorisation Of Doodle Passwords -Name That Doodle!mentioning

confidence: 99%

Measuring the revised guessability of graphical passwords

English

2011 5th International Conference on Network and System Security

2011

Self Cite

Abstract-There is no widely accepted way of measuring the level of security of a recognition-based graphical password against guessing attacks. We aim to address this by examining the influence of predictability of user choice on the guessability and proposing a new measure of guessability. Davis et al. showed that these biases exist for schemes using faces and stories, we support this result and show these biases exist in other recognitionbased schemes. In addition, we construct an attack exploiting predictability, which we term "Semantic Ordered Guessing Attack" (SOGA). We then apply this attack to two schemes (the Doodles scheme and a standard recognition-based scheme using photographic images) and report the results. The results show that predictability when users select graphical passwords influence the level of security to a varying degree (dependent on the distractor selection algorithm). The standard passimages scheme show an increase on guessability of up to 18 times more likely than the usual reported guessability, with a similar set up of nine images per screen and four screens, the doodles scheme shows a successful guessing attack is 3.3 times more likely than a random guess. Finally, we present a method of calculating a more accurate guessability value, which we call the revised guessability of a recognition-based scheme. Our conclusion is that to maximise the security of a recognition-based graphical password scheme, we recommend disallowing user choice of images.