Graphical User Authentication System Resistant to Shoulder Surfing Attack

Osunade, O.; Oloyede, Iyanuoluwa A.; Azeez, Titilayo O.

doi:10.9734/air/2019/v19i430126

Cited by 7 publications

(9 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Shoulder surfing refers to someone using direct observation techniques to capture passwords 29 . For example, someone watches over the user's shoulder because the user enters a password or records the user's input with an external device, like video cameras 28,30‐32 . Graphical authentication is generally more susceptible to shoulder surfing attacks than text‐based passwords.…”

Section: Simulation Resultsmentioning

confidence: 99%

Secure graphical password based on cued click points using fuzzy logic

Ghiyamipour

2020

Security and Privacy

View full text Add to dashboard Cite

Nowadays authentication technology is the most important means to ensure security. Alphanumeric username and password procedure is the most common authentication method. Users typically choose memorable passwords that are easy for attackers to guess, and assigned passwords by the system are difficult for users to remember. We present a graphical password based on cued recall in which is secured from shoulder surfing attack. Also, we propose an image encryption technique using a 2D cat map and edge detection technique in which it uses fuzzy logic inference to detect the edge of images. Then the user password is encrypted before storing it in the database using this method. Experiments illustrate that the proposed method has good performance in usability and security.

show abstract

Section: Simulation Resultsmentioning

confidence: 99%

Secure graphical password based on cued click points using fuzzy logic

Ghiyamipour

2020

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Typically, password entropy does not measure the generated password security. But it's conceptually related to the difficulty of the password random guessing [16], [25]. And it's usually calculated as:…”

Section: Password Entropymentioning

confidence: 99%

“…where N represents the number of the digits in the password, L represents the number of possible digits that can be used to create the password [16], [25].…”

Section: Password Entropymentioning

confidence: 99%

“…In general, the password is the first defense line of user authenticity, but the use of alphanumeric-based passwords is still widely used, even with the existence of alternatives designed to overcome its issues and weakness [11]- [14]. Graphical-based Password is one of the practical solutions developed to improve the security of the user authentication process in the IoT resources [14]- [16]. Graphical-based password using images as a password instead of the text depending on the reality that people can easily remember images more than text [17]- [19].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Graphical-based password for user authentication in internet of things

Alshahrani

Abdullah

2022

IJEECS

View full text Add to dashboard Cite

Internet of Things has become a significant and evolving technology that cannot be avoidable in most of the sectors. However, the Internet of Things security became a concern due to the huge amount of the sensitive data that transferring through IoT resources. Secure the users' authentication process of the IoT is the first line of defense to protect the users' data from violation. Typically, the alphanumeric-based password is the popular method to authenticate the users of the IoT. But it is a vulnerable mechanism that can be violated easily. For that, this research aims to develop a graphical-based password scheme to support the traditional text password in the IoT technology. The proposed scheme is a hybrid (Two-factor) approach, based on two types of Knowledge-based Authentication method (alphanumeric-based password and graphical-based password) naming as IoT-GP. IoT-GP aims to improve the users' authentication security considering the usability enhancement. The results obtain from the conducted field study indicated that IoT-GP significantly improved the security and the usability. The results of the password entropy and password space indicated that IoT-GP obtained a high rate comparing to another schemes, which reflected on the IoT-GP ability to resist the guessing and brute force attacks.

show abstract

“…With the advancement of the technologies, several other similar schemes are proposed, such as PassPoints [11], V-Go [12], PassMap [13], and so on. Among them, in the proposed scheme, PassPoints has been chosen to integrate with the PTC due to: i) human being can remember click-points more precisely over texts, which alleviate the memorability issue of the users and ii) it provides a larger password space; and thus, can tackle the brute force attack and guessing attack.…”

Section: Related Workmentioning

confidence: 99%

A Secure Hybrid Authentication Scheme Using Passpoints and Press Touch Code

et al. 2019

View full text Add to dashboard Cite

With the increasing capabilities of smart devices, keeping them secure has become a major concern. To mitigate that concern, over the last few years, several new classes of authentication schemes have been proposed. Graphical Authentication (GA) is one of those classes and is the focus of this paper. The GA schemes are more popular and preferable for smart devices due to their: heavily graphics-oriented nature, higher memorability over text-based schemes, and no additional hardware requirement. However, most of these GA schemes are unable to resist several prominent attacks, namely shoulder surfing, smudge, and brute force. Therefore, in this paper, a new hybrid authentication scheme is proposed which seamlessly integrates two independent yet popular authentication schemes-Passpoints and Press Touch Code or PTC. The purpose of this new scheme is to ensure a higher level of security by resisting those prominent attacks. The proposed scheme is implemented on the Android operating system and is tested on Huawei P9 plus device, a pressure sensitivity screen enabled device, which is compulsory for the PTC scheme. The performance of the proposed technique is evaluated for security, functionality, and usability. When it is compared with other similar schemes, it outperforms the existing schemes.

show abstract

Graphical User Authentication System Resistant to Shoulder Surfing Attack

Cited by 7 publications

References 6 publications

Secure graphical password based on cued click points using fuzzy logic

Secure graphical password based on cued click points using fuzzy logic

Graphical-based password for user authentication in internet of things

A Secure Hybrid Authentication Scheme Using Passpoints and Press Touch Code

Contact Info

Product

Resources

About