Secure multi-factor access control mechanism for pairing blockchains

Addobea, Abigail Akosua; Li, Qianmu; Obiri, Isaac Amankona; Hou, Jun

doi:10.1016/j.jisa.2023.103477

Cited by 6 publications

(4 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authentication traditionally relies on three elements: something you know (knowledge elements), something you own (ownership factors), and something you are (inheritance elements) [7,8]. Knowledge factors, also known as knowledge-based authentication, involve elements such as passwords, personal identification numbers (PINs), challenge-response mechanisms, or security questions [6][7][8][9][10]. Ownership factors, known as token-based authentication, rely on possessions such as ID cards, ATM cards, cryptographic keys, security tokens, and more [6][7][8][9][10].…”

Section: Introductionmentioning

confidence: 99%

“…Knowledge factors, also known as knowledge-based authentication, involve elements such as passwords, personal identification numbers (PINs), challenge-response mechanisms, or security questions [6][7][8][9][10]. Ownership factors, known as token-based authentication, rely on possessions such as ID cards, ATM cards, cryptographic keys, security tokens, and more [6][7][8][9][10]. Inherence factors, or biometric-based authentication, leverage unique user characteristics or behaviors, including fingerprints, retinal patterns, DNA sequences, signatures, faces, voices, bio-electrical signals, and others [6][7][8][9][10].…”

Section: Introductionmentioning

confidence: 99%

“…Ownership factors, known as token-based authentication, rely on possessions such as ID cards, ATM cards, cryptographic keys, security tokens, and more [6][7][8][9][10]. Inherence factors, or biometric-based authentication, leverage unique user characteristics or behaviors, including fingerprints, retinal patterns, DNA sequences, signatures, faces, voices, bio-electrical signals, and others [6][7][8][9][10].…”

Section: Introductionmentioning

confidence: 99%

“…Graphical passwords leverage visual objects in the authentication process, capitalizing on the human ability to remember images more easily than alphanumeric data [16,17]. Different methods have emerged, including recall-based methods, cued-recall-based methods, and recognition-based methods (RBMs) [8,14,[18][19][20]. Recall-based methods involve reproducing a drawing, while cued-recall-based methods require selecting points on displayed images.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

Adebimpe,

Ng,

Idris

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

The rapid advancement of information technology (IT) has given rise to a new era of efficient and fast communication and transactions. However, the increasing adoption of and reliance on IT has led to the exposure of personal and sensitive information online. Safeguarding this information against unauthorized access remains a persistent challenge, necessitating the implementation of improved computer security measures. The core objective of computer security is to ensure the confidentiality, availability, and integrity of data and services. Among the mechanisms developed to counter security threats, authentication stands out as a pivotal defense strategy. Graphical passwords have emerged as a popular authentication approach, yet they face vulnerability to shoulder-surfing attacks, wherein an attacker can clandestinely observe a victim’s actions. Shoulder-surfing attacks present a significant security challenge within the realm of graphical password authentication. These attacks occur when an unauthorized individual covertly observes the authentication process of a legitimate user by shoulder surfing the user or capturing the interaction through a video recording. In response to this challenge, various methods have been proposed to thwart shoulder-surfing attacks, each with distinct advantages and limitations. This study thus centers on reviewing the resilience of existing recognition-based graphical password techniques against shoulder-surfing attacks by conducting a comprehensive examination and evaluation of their benefits, strengths, and weaknesses. The evaluation process entailed accessing pertinent academic resources through renowned search engines, including Web of Science, Science Direct, IEEE Xplore, ProQuest, Scopus, Springer, Wiley Online Library, and EBSCO. The selection criteria were carefully designed to prioritize studies that focused on recognition-based graphical password methods. Through this rigorous approach, 28 studies were identified and subjected to a thorough review. The results show that fourteen of them adopted registered objects as pass-objects, bolstering security through object recognition. Additionally, two methods employed decoy objects as pass-objects, enhancing obfuscation. Notably, one technique harnessed both registered and decoy objects, amplifying the security paradigm. The results also showed that recognition-based graphical password techniques varied in their resistance to different types of shoulder-surfing attacks. Some methods were effective in preventing direct observation attacks, while others were vulnerable to video-recorded and multiple-observation attacks. This vulnerability emerged due to attackers potentially extracting key information by analyzing user interaction patterns in each challenge set. Notably, one method stood out as an exception, demonstrating resilience against all three types of shoulder-surfing attacks. In conclusion, this study contributes to a comprehensive understanding of the efficacy of recognition-based graphical password methods in countering shoulder-surfing attacks by analyzing the diverse strategies employed by these methods and revealing their strengths and weaknesses.

show abstract