Effectiveness of Some Tests of Spatial Randomness in the Detection of Weak Graphical Passwords in Passpoint

Herrera-Macías, Joaquín A.; Suárez-Plasencia, Lisset; Legón-Pérez, Carlos Miguel; Piñeiro-Díaz, Luis R.; Rojas, Omar; Sosa-Gómez, Guillermo

doi:10.1007/978-3-030-69839-3_12

Cited by 5 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [10] and [11], two spatial randomness tests were introduced to identify non-random, clustered, and regular graphical passwords in Passpoints. These tests were developed in response to the limited effectiveness of traditional tests in verifying complete spatial randomness in this specific scenario [10,12]. Recently, the joint application of the previously mentioned tests has been proposed by [13], making it the most effective alternative currently available as of the time of writing this article.…”

Section: Of 12mentioning

confidence: 99%

New Test to Detect Graphic Passwords Clustered in Passpoints, Based on the Perimeter of the Convex Hull

Herrera-Macías,

Suárez-Plasencia,

Legón-Pérez

et al. 2024

Preprint

View full text Add to dashboard Cite

This research paper presents a new test based on a novel approach for identifying clustered graphical passwords within the Passpoints scenario. Graphical authentication methods serve as a viable alternative to the conventional alphanumeric password-based authentication method, which is susceptible to known weaknesses arising from user-generated passwords of this nature. The test proposed in this study is based on estimating the distributions of the perimeter of the convex hull. This perimeter is calculated based on the points users select as passwords within an image measuring 1920 × 1080 pixels. The test is formulated once the optimal theoretical distributions that fit the data are identified. Evaluating the proposed test’s effectiveness involves estimating type I and II errors. In this study, we compare the effectiveness and efficiency of the proposed test with existing tests from the literature that can detect this type of pattern in Passpoints graphic passwords. Our findings indicate that the new test demonstrates a significant improvement in effectiveness compared to previously published tests. Furthermore, the joint application of the two tests also shows improvement. Depending on the significance level determined by the user or system, the enhancement results in a higher detection rate of clustered passwords, ranging from 0.1% to 8% compared to the most effective previous methods. This improvement leads to a decrease in the estimated probability of committing a type II error. In terms of efficiency, the proposed test outperforms several previous tests; however, it falls short of being the most efficient. It can be concluded that the newly developed test demonstrates the highest effectiveness and the second-highest efficiency level compared to other tests available in the existing literature for the same purpose.

show abstract

Section: Of 12mentioning

confidence: 99%

New Test to Detect Graphic Passwords Clustered in Passpoints, Based on the Perimeter of the Convex Hull

Herrera-Macías,

Suárez-Plasencia,

Legón-Pérez

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…From the results carried out in [38], it is known that the K-Ripley function tests and those of the distance to the nearest neighbor are ineffective in detecting graphic passwords formed by patterns clustered in PassPoint; however, the experiments were performed for a relatively large number of Monte Carlo simulations. is article analyzes three of the classic tests most used in CSR, including the two tests mentioned above, in detecting nonrandomness in PassPoint passwords, but with a smaller number of Monte Carlo simulations.…”

Section: Detection Of Weak Graphicalmentioning

confidence: 99%

Weak PassPoint Passwords Detected by the Perimeter of Delaunay Triangles

Suárez-Plasencia

Legón-Pérez

Herrera-Macías

et al. 2022

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

PassPoint is a graphical authentication technique that is based on the selection of five points in an image. A detected vulnerability lies in the possible existence of a pattern in the points that make up the password. The objective of this work is to detect nonrandom graphical passwords in the PassPoint scenario. A spatial randomness test based on the average of Delaunay triangles’ perimeter is proposed, given the ineffectiveness of the classic tests in this scenario, which only consists of five points. A state-of-the-art of various applications of Voronoi polygons and Delaunay triangulations are presented to detect clustered and regular patterns. The distributions of the averages of the triangles’ perimeters in the PassPoint scenario for various sizes of images are disclosed, which were unknown. The test’s decision criterion was constructed from one of the best distributions to which the data were adjusted. Type I and type II errors were estimated, and it was concluded that the proposed test could detect clustered and regular graphical passwords in PassPoint, therefore being more effective in detecting clustering than regularity.

show abstract

New Test to Detect Clustered Graphical Passwords in Passpoints Based on the Perimeter of the Convex Hull

Herrera-Macías,

Suárez-Plasencia,

Legón-Pérez

et al. 2024

Information

View full text Add to dashboard Cite

This research paper presents a new test based on a novel approach for identifying clustered graphical passwords within the Passpoints scenario. Clustered graphical passwords are considered a weakness of graphical authentication systems, introduced by users during the registration phase, and thus it is necessary to have methods for the detection and prevention of such weaknesses. Graphical authentication methods serve as a viable alternative to the conventional alphanumeric password-based authentication method, which is susceptible to known weaknesses arising from user-generated passwords of this nature. The test proposed in this study is based on estimating the distributions of the perimeter of the convex hull, based on the hypothesis that the perimeter of the convex hull of a set of five clustered points is smaller than the one formed by random points. This convex hull is computed based on the points that users select as passwords within an image measuring 1920 × 1080 pixels, using the built-in function convhull in Matlab R2018a relying on the Qhull algorithm. The test was formulated by choosing the optimal distribution that fits the data from a total of 54 distributions, evaluated using the Kolmogorov–Smirnov, Anderson–Darling, and Chi-squared tests, thus achieving the highest reliability. Evaluating the effectiveness of the proposed test involves estimating type I and II errors, for five levels of significance α∈{0.01,0.02,0.05,0.1,0.2}, by simulating datasets of random and clustered graphical passwords with different levels of clustering. In this study, we compare the effectiveness and efficiency of the proposed test with existing tests from the literature that can detect this type of pattern in Passpoints graphical passwords. Our findings indicate that the new test demonstrates a significant improvement in effectiveness compared to previously published tests. Furthermore, the joint application of the two tests also shows improvement. Depending on the significance level determined by the user or system, the enhancement results in a higher detection rate of clustered passwords, ranging from 0.1% to 8% compared to the most effective previous methods. This improvement leads to a decrease in the estimated probability of committing a type II error. In terms of efficiency, the proposed test outperforms several previous tests; however, it falls short of being the most efficient, using computation time measured in seconds as a metric. It can be concluded that the newly developed test demonstrates the highest effectiveness and the second-highest efficiency level compared to the other tests available in the existing literature for the same purpose. The test was designed to be implemented in graphical authentication systems to prevent users from selecting weak graphical passwords, enhance password strength, and improve system security.

show abstract

Effectiveness of Some Tests of Spatial Randomness in the Detection of Weak Graphical Passwords in Passpoint

Cited by 5 publications

References 14 publications

New Test to Detect Graphic Passwords Clustered in Passpoints, Based on the Perimeter of the Convex Hull

New Test to Detect Graphic Passwords Clustered in Passpoints, Based on the Perimeter of the Convex Hull

Weak PassPoint Passwords Detected by the Perimeter of Delaunay Triangles

New Test to Detect Clustered Graphical Passwords in Passpoints Based on the Perimeter of the Convex Hull

Contact Info

Product

Resources

About