g-RAT | A Novel Graphical Randomized Authentication Technique for Consumer Smart Devices

User authentication is the process that is exercised millions of times around the globe by using different techniques and methods. The most prominent way of authentication is alphanumerical password forms that have been used for decades. Authorized access is becoming a challenging issue because of the introduction of modern technologies. In addition, traditional alphanumerical passwords have significant security issues, for example, humans forget the combination of keys due to the selection of a difficult key combination. Moreover, when they choose an easy key combination, this helps hackers to crack their passwords easily. Traditional passwords are also vulnerable to several types of attacks, for example, dictionary attack, brute force attack, and malware. To provide an easy and more secure authentication technique, a graphical password has been introduced in this paper for consumer electronic devices, which uses an image or a set of images for authentication. We have categorized the existing graphical password methods into recognition-based, cued-recall-based, pure-recall-based, and hybrid techniques. Due to the limitations of the existing graphical passwords, we have introduced a new technique, named graphical random authentication technique (gRAT), which generates a randomized set of images every time a user tries to authenticate him/herself by maintaining the security and usability at the same time. The gRAT technique is also tested by user-centric evaluation in terms of security, usability, usefulness, and utility, and the experimental results show that the proposed technique is more secure and useful in the real-life authentication applications.

[1]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[2]  Kai Wang,et al.  Reconsidering physical key secrecy: teleduplication via optical decoding , 2008, CCS.

[3]  Kemal Bicakci,et al.  Towards Usable Solutions to Graphical Password Hotspot Problem , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[4]  Paul C. van Oorschot,et al.  TwoStep: An Authentication Method Combining Text and Graphical Passwords , 2009, MCETECH.

[5]  Muhammad Khurram Khan,et al.  A software agent enabled biometric security algorithm for secure file access in consumer storage devices , 2017, IEEE Transactions on Consumer Electronics.

[6]  Daphna Weinshall,et al.  Cognitive authentication schemes safe against spyware , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Robert Simon Sherratt,et al.  Efficient biometric and password based mutual authentication for consumer USB mass storage devices , 2015, IEEE Transactions on Consumer Electronics.

[8]  Partha Pratim Ray,et al.  Ray's Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices , 2012 .

[9]  Nicolas Christin,et al.  Use Your Illusion: secure authentication usable anywhere , 2008, SOUPS '08.

[10]  Haichang Gao,et al.  A new graphical password scheme against spyware by using CAPTCHA , 2009, SOUPS.

[11]  Robert Simon Sherratt,et al.  A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB Mass Storage Devices , 2016, IEEE Transactions on Consumer Electronics.

[12]  Arjun Jaiswal,et al.  Graphical Password Authentication using Cued Click Points , 2014 .

[13]  Alexander De Luca,et al.  PassShapes: utilizing stroke based authentication to increase password memorability , 2008, NordiCHI.

[14]  Patrick Olivier,et al.  Graphical passwords & qualitative spatial relations , 2007, SOUPS '07.

[15]  Richard P. Ayers,et al.  Picture Password: A Visual Login Technique for Mobile Devices , 2003 .

[16]  Larry Rudolph,et al.  Passdoodles; a Lightweight Authentication Method , 2004 .

[17]  Christian S. Jensen,et al.  UFace: Your Universal Password That No One Can See , 2017, IACR Cryptol. ePrint Arch..

[18]  Xiaoping Chen,et al.  YAGP: Yet Another Graphical Password Strategy , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[19]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[20]  Haichang Gao,et al.  A Novel Cued-recall Graphical Password Scheme , 2011, 2011 Sixth International Conference on Image and Graphics.

[21]  Mukesh Singhal,et al.  Password-Based Authentication: Preventing Dictionary Attacks , 2007, Computer.

[22]  S. RAJARAJAN,et al.  GRAMAP: THREE STAGE GRAPHICAL PASSWORD AUTHENTICATION SCHEME , 2014 .

[23]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[24]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[25]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[26]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[27]  Roy Want,et al.  Photographic Authentication through Untrusted Terminals , 2003, IEEE Pervasive Comput..

[28]  J. Kase Graphical Passwords , 2008 .

[29]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..