Time evolving graphical password for securing mobile devices

Increasingly widespread use of mobile devices for processing monetary transactions and accessing business secrets has created a great demand on securing mobile devices. Poorly designed authentication mechanisms (e.g., screen lock and SIM card lock) on mobile devices either make users feel a hassle to lock the devices, or are vulnerable to attacks, such as shoulder surfing and smudge attack. In this paper, we propose a new login option for unlocking mobile devices called Time-Evolving Graphical Password (TEGP), which improves the strength of the password gradually over time by evolving the distortion degree of the images in the challenge portfolio without changing the pass images. By taking advantage of the extraordinary human ability to recall images, TEGP authenticates users by asking them to recognize the pass images which are transformed from the images uploaded by the user at registration. To achieve desired security and remain the usability, we present two metrics, Information Retention Rate (IRR) and Password Diversity Score (PDS), to advise the selection and distortion of the pass images and decoy images. Our experimental results show the memorability from the perspective of users, and the ability of TEGP to defend against various attacks.

[1]  K. Srinathan,et al.  MARASIM: a novel jigsaw based authentication scheme using tagging , 2011, CHI.

[2]  Alain Forget,et al.  User interface design affects security: patterns in click-based graphical passwords , 2009, International Journal of Information Security.

[3]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[4]  Nicolas Christin,et al.  Use Your Illusion: secure authentication usable anywhere , 2008, SOUPS '08.

[5]  Roy Want,et al.  Photographic Authentication through Untrusted Terminals , 2003, IEEE Pervasive Comput..

[6]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[7]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[8]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[9]  T. Takada,et al.  Awase-E: Recognition-based Image Authentication Scheme Using Users' Personal Photographs , 2006, 2006 Innovations in Information Technology.

[10]  Antti Oulasvirta,et al.  Habits make smartphone use more pervasive , 2011, Personal and Ubiquitous Computing.

[11]  Alain Forget,et al.  Multiple password interference in text passwords and click-based graphical passwords , 2009, CCS.

[12]  Sonia Chiasson,et al.  Usable authentication and click-based graphical passwords , 2009 .

[13]  Wazir Zada Khan,et al.  A Graphical Password Based System for Small Mobile Devices , 2011, ArXiv.

[14]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[15]  John F. Canny,et al.  A Computational Approach to Edge Detection , 1986, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[16]  Daphna Weinshall,et al.  Passwords you'll never forget, but can't recall , 2004, CHI EA '04.