Shoulder-surfing-proof graphical password authentication scheme

Wu, Tsan-Ming; Lee, Ming-Lun; Lin, Han-Yu; Wang, Chaoyuan

doi:10.1007/s10207-013-0216-7

Cited by 42 publications

(28 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This makes it difficult for a peeper to identify the user's password. Later Wu et al [72] designed a method that combines the Convex Hull click method [67], [68] with the eye-tracker input method [71] in order to provide better security as compared to the individual techniques.…”

Section: A Existing Authentication Systemsmentioning

confidence: 99%

A High-Security EEG-Based Login System with RSVP Stimuli and Dry Electrodes

Chen

Atnafu

Schlattner

et al. 2016

IEEE Trans.Inform.Forensic Secur.

160

View full text Add to dashboard Cite

Lately, EEG-based authentication has received considerable attention from the scientific community. However, the limited usability of wet EEG electrodes as well as low accuracy for large numbers of users have so far prevented this new technology to become commonplace. In this study a novel EEGbased authentication system is presented, which is based on the RSVP paradigm and uses a knowledge-based approach for authentication. 29 subjects' data were recorded and analyzed with wet EEG electrodes as well as dry ones. A true acceptance rate of 100% can be reached for all subjects with an average required login time of 13.5 s for wet and 27.0 s for dry electrodes. Average false acceptance rates for the dry electrode setup were estimated to be 3.33·10 -5 .

show abstract

Section: A Existing Authentication Systemsmentioning

confidence: 99%

A High-Security EEG-Based Login System with RSVP Stimuli and Dry Electrodes

Chen

Atnafu

Schlattner

et al. 2016

IEEE Trans.Inform.Forensic Secur.

160

View full text Add to dashboard Cite

show abstract

“…For example, if there is someone stands beside the user during their login process. Therefore, in order to cope with shoulder surfing problem, the blurring methods is included in the system to prevent any attempt to steal password through shoulder surfing [5,14]. Once the images loaded into the system, it will immediately become blurred this can prevent the particular images seen by others.…”

Section: Proposed Login Flow Chartmentioning

confidence: 99%

“…In addition to this, scholars showed that legitimate users always tend to choose an easy password [2,14,15] On the other hand, to avoid some of the above issues, researchers proposed to apply a policy when a legitimate user creates his/her password; as an example asking a user to choose a password which consists of a combination of numbers and alphanumerical and then provides information about how strength and secure the chosen password. Despite these policies, users often tend to choose an easy password.…”

Section: Introductionmentioning

confidence: 99%

“…In addition, graphical passwords are introduced to emphasize and capitalized this human characteristics so that it can utilizes and then reduce memory burden on the users, enhanced security (e.g., longer , or complex) and to avoid legitimate user to choose an easy password or practice unsafe policy. However, shoulder surfing needs to be considered when working in graphical password [14].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Conceptual framework for high-end graphical password

Hui

Bashier

Lau

et al. 2014

2014 2nd International Conference on Information and Communication Technology (ICoICT)

View full text Add to dashboard Cite

User authentication depends largely on the concept of passwords. However, users find it difficult to remember alphanumerical passwords over time. When user is required to choose a secure password, they tend to choose an easy, short and insecure password. Graphical password method is proposed as an alternative solution to text-based alphanumerical passwords. The reason of such proposal is that human brain is better in recognizing and memorizing pictures compared to traditional alphanumerical string. Therefore, in this paper, we propose a conceptual framework to better understand the user performance for new high-end graphical password method. Our proposed framework is based on hybrid approach combining different features into one. The user performance experimental analysis pointed out the effectiveness of the proposed framework.

show abstract

“…Unauthorized access to such devices could put huge amounts of sensitive information at the risks of misuse. Traditional user verification solutions mainly rely on passwords or graphical patterns [29,52], which suffer from various attacks including password theft, shoulder surfing [53] and smudge attacks [9]. Biometric-based user verification opens up a new pathway to secure mobile devices, especially fingerprint-based solutions [7,31], which are widely deployed in many premium smartphones (e.g., iPhones and Samsung phones) and offer a more secured way to access mobile and smart devices.…”

Section: Introductionmentioning

confidence: 99%

CardioCam

Liu

Shi

Chen

et al. 2019

Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradientbased technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving 25 subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over 99% average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as 4%. * Both authors contributed equally to this research.

show abstract

Shoulder-surfing-proof graphical password authentication scheme

Cited by 42 publications

References 23 publications

A High-Security EEG-Based Login System with RSVP Stimuli and Dry Electrodes

A High-Security EEG-Based Login System with RSVP Stimuli and Dry Electrodes

Conceptual framework for high-end graphical password

CardioCam

Contact Info

Product

Resources

About