论文信息 - Pass-image authentication method tolerant to video-recording attacks

Pass-image authentication method tolerant to video-recording attacks

User authentication is widely used in automatic teller machines (ATMs) and Internet services. Recently, ATM passwords have been increasingly stolen using small charge-coupled device cameras. This article discusses a user authentication method in which graphical passwords instead of alphabetic ones are used as passwords in order for it to be tolerant to observation attacks. Several techniques for password authentications have been discussed in various studies. However, there has not been sufficient research on authentication methods that use pass-images instead of pass-texts. This article proposes a user authentication method that is tolerant to attacks when a user's pass-image selection operation is video recorded twice. In addition, usage guidelines recommending eight pass-images are proposed, and its security is evaluated.

Kazuo Ohzeki | Yutaka Hirakawa | Hiroyuki Take

[1] Roy Want,et al. Photographic Authentication through Untrusted Terminals , 2003, IEEE Pervasive Comput..

[2] J. Kase. Graphical Passwords , 2008 .

[3] Hideki Koike,et al. Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[4] Wei-Chi Ku,et al. A Remote User Authentication Scheme Using Strong Graphical Passwords , 2005, LCN.

[5] Xiaolin Li,et al. S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[6] Adrian Perrig,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[7] Volker Roth,et al. A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[8] I. Scott MacKenzie,et al. KSPC (Keystrokes per Character) as a Characteristic of Text Entry Techniques , 2002, Mobile HCI.

[9] Ying Zhu,et al. Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).