PassGrid: Towards Graph-Supplemented Textual Shoulder Surfing Resistant Authentication

With the rapid development of intelligent mobile devices and network applications, user authentication plays an important role to help protect people’s privacy and sensitive information. A large number of authentication textual and graphical schemes have been proposed in the literature, but the majority of them are vulnerable to shoulder surfing attacks, or have to sacrifice usability. Motivated by this challenge, we propose a graph-supplemented textual shoulder surfing resistant authentication system, called PassGrid. With a series of one-time login indicators and cyclic movable blocks with textual elements, PassGrid prevents attackers from guessing the passwords even with the help of a camera. To reduce users’ workload, they only have to memorize one set of the password. Our user study shows that PassGrid can achieve good performance regarding security and usability, i.e., average login time consumption of 22s with a small password length.

[1]  Man Ho Au,et al.  Exploring Effect of Location Number on Map-Based Graphical Password Authentication , 2017, ACISP.

[2]  Wenjuan Li,et al.  Enhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones , 2013, SEC.

[3]  Hung-Min Sun,et al.  A Shoulder Surfing Resistant Graphical Authentication System , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Chunhua Su,et al.  CPMap: Design of Click-Points Map-Based Graphical Password Authentication , 2018, SEC.

[5]  Ian Oakley,et al.  PassBYOP: Bring Your Own Picture for Securing Graphical Passwords , 2016, IEEE Transactions on Human-Machine Systems.

[6]  Johnny Long,et al.  No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing , 2008 .

[7]  Yingjiu Li,et al.  EvoPass: Evolvable graphical password against shoulder-surfing attacks , 2017, Comput. Secur..

[8]  Uwe Aickelin,et al.  Against Spyware Using CAPTCHA in Graphical Password Scheme , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[9]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[10]  Desney S. Tan,et al.  Spy-Resistant Keyboard: Towards More Secure Password Entry on Publicly Observable Touch Screens , 2005 .

[11]  Kim-Kwang Raymond Choo,et al.  Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones , 2017, Comput. Secur..

[12]  Weizhi Meng,et al.  RouteMap: A Route and Map Based Graphical Password Scheme for Better Multiple Password Memory , 2015, NSS.

[13]  Xiaolin Li,et al.  S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[14]  T. Takada FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras , 2008, 2008 The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[15]  Weizhi Meng Evaluating the effect of multi-touch behaviours on Android unlock patterns , 2016, Inf. Comput. Secur..

[16]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[17]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[18]  Zhe Liu,et al.  TMGMap: Designing Touch Movement-Based Geographical Password Authentication on Smartphones , 2018, ISPEC.

[19]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[20]  Taekyoung Kwon,et al.  Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[21]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[22]  Duncan S. Wong,et al.  TMGuard: A Touch Movement-Based Security Mechanism for Screen Unlock Patterns on Smartphones , 2016, ACNS.