Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

There are many applications which require the user to be authenticated before being permitted to perform certain tasks. Text password-based authentication is a popularly used authentication mechanism. Despite having greater security, text-passwords are characterized by selection of a weak and easy to remember passwords. Users also tend to write them down and share them with friends, family members and colleagues defeating the security provided by text-passwords. Graphical passwords offer an alternative to text passwords as the password space is typically higher, less prone to dictionary attacks and easier to remember visually. However, they suffer from shoulder-surfing attacks. In this paper, we propose two authentication schemes that support keyboard as well as graphical mouse-based input that map password characters to other regions of the password space. This shields the user’s password from being known to the adversary thus deflecting shoulder-surfing and spyware attacks. The schemes include both single and multi color input images consisting of printable characters. An analysis of security, usability, memorability and social engineering aspects of the proposed schemes is presented. Future research directions are also presented

[1]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[2]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[3]  Dawei Hong,et al.  A Shoulder-Surfing Resistant Graphical Password Scheme - WIW , 2003, Security and Management.

[4]  Alain Forget,et al.  Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords , 2010, CHI.

[5]  Hideki Koike,et al.  Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[6]  Abdul Hanan Abdullah,et al.  Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique , 2008, 2008 Second Asia International Conference on Modelling & Simulation (AMS).

[7]  Wayne Jansen,et al.  Authenticating Mobile Device Users Through Image Selection | NIST , 2004 .

[8]  Arash Habibi Lashkari,et al.  Shoulder Surfing attack in graphical password authentication , 2009, ArXiv.

[9]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[10]  Eiji Okamoto,et al.  A User Identification System Using Signature Written with Mouse , 1998, ACISP.

[11]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[12]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[13]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[14]  W. Jansen,et al.  Authenticating Mobile Device UsersThrough Image Selection , 2004 .

[15]  Vibha Sazawal,et al.  Doodling our way to better authentication , 2002, CHI Extended Abstracts.

[16]  Robert Biddle,et al.  Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[17]  Uwe Aickelin,et al.  A New Graphical Password Scheme Resistant to Shoulder-Surfing , 2010, 2010 International Conference on Cyberworlds.

[18]  Xiaolin Li,et al.  S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[19]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[20]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[21]  Arash Habibi Lashkari,et al.  A survey on usability and security features in graphical user authentication algorithms , 2009 .