Cued Recall on Image Recognition
Full text | |||
Source | Journal of Information Systems Security Volume 12, Number 2 (2016)
Pages 91–107
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | Kanthima Kongsathitsuwan — School of Applied Statistics, National Institute of Development Administration, Bangkok, Thailand
Vichit Lorchirachoonkul — School of Applied Statistics, National Institute of Development Administration, Bangkok, Thailand
|
||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
This research introduces a graphical password with cue to improve the recall rate and to shorten the login time without sacrificing the security against the educated attacker. The proposed authentication scheme integrates the recognition-based graphical password and cued-recall based graphical passwords by utilizing a novel cued graphical password to improve the authentication performance. The performances of the proposed scheme and the Use Your Illusion (UYI) scheme are compared in terms of three indicators: recall rate, login time and rate of successful educated guessing attack. A simulation is designed to evaluate the performances of the two authentication schemes at two different times: within one day after creating the user’s portfolio and approximately 4 weeks after the first evaluation. The numerical results from the simulation show that the proposed authentication scheme clearly outperforms the UYI in terms of recall rate and login time with the similar level of successful educated guessing attack rate.
Keywords
Graphical Password, Authentication Scheme, Performance Comparison
References
Brown, A.S., Bracken, E., Zoccoli, S. and Doughlas, K. (2004). Generating and Remembering Passwords, Applied Cognitive Psychology, 18(6): 641-651.
Bicakci, K., Atalay, N.B., Yuceel, M., Gurbaslar, H. and Erdeniz, B. (2009). Towards Usable Solutions to Graphical Password Hotspot Problem. Computer Software and Applications Conference COMPSAC’09 33rd Annual IEEE International, 2: 318-323.
Biddle, R., Mannan, M., Van Oorschot, P.C. and Whalen, T. (2011). User Study, Analysis and Usable Security of Passwords Based on Digital Objects, Information Forensics and Security, 6: 970-979.
Chiasson, S., Biddle, R. and Van Oorschot, P.C. (2007). A Second Look at the Usability of Click-Based Graphical Passwords. In Proceedings of ACM Symposium on Usable Privacy and Security (SOUPS’07). July 18-20. Carnegie Mellon University in Pittsburgh, PA.
Chiasson, S., Biddle, R. and Van Oorschot, P.C. (2008). Influencing Users Towards Better Passwords: Persuasive Cued Click-Points, BCS-HCI’08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction, 1:121-130.
Chiasson, S., Biddle, R. and Van Oorschot, P.C. (2009). Multiple Password Interference in Text Passwords and Click-Based Graphical Password. CCS’09 Proceedings of the 16th ACM Conference on Computer and Communication Security. Nov 9-13. Chicago, IL.
Davis, D., Monrose, F. and Ritter, M. (2004). On user choice in graphical password schemes. Proceedings of the 13th USENIX Security Symposium, 13: 11-11.
De Angeli, A., Coventry, L., Johnson, G. and Renaud, K. (2005). Is a Picture Really Worth a Thousand Words? Exploring the Feasibility of Graphical Authentication Systems, International Journal of Human-Computer Studies, 63(1-2):128-152.
Dhamija, R. and Perrig, A. (2000). Déjà vu: A User Study Using Images for Authentication. SSYM’00 Proceedings of the 9th USENIX Security Symposium, 9: 4-4.
Dirik, A., Menon, N. and Birget, J. (2007). Modeling User Choice in the Passpoints Graphical Password Scheme. In Proceedings of ACM Symposium on Usable Privacy and Security (SOUPS’07). July 18-20. Carnegie Mellon University in Pittsburgh, PA.
Dunphy, P. and Yan, J. (2007). Do Background Images Improve “Draw a Secret” Graphical Passwords? CCS’07 Proceedings of the 14th ACM Conference on Computer and Communication Security. Oct 29 - Nov 2. Alexandria, VA.
Gao, H., Guo, X., Chen, X., Wang, L. and Liu, X. (2008). YAGP: Yet Another Graphical Password Strategy. ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference. Washington, DC.
Goldberg, J., Hagman, J. and Sazawal, V. (2002). Doodling Our Way to Better Authentication. Proceedings of Human Factors in Computing Systems (CHI’2002). April 20-25. Minneapolis, Minnesota.
Hayashi, E., Christin, N., Dhamja, R. and Perrig, A. (2008). Use Your Illusion: Secure Authentication Usable Anywhere. SOUP’08 Proceedings of the 4th ACM Symposium on Usable Privacy and Security. July 23-25. Pittsburgh, PA.
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K. and Rubin, A.D. (1999). The Design and Analysis of Graphical Passwords. Proceedings of the 8th USENIX Security Symposium. Aug 23-36. Washington, D.C.
Menkus, B. (1988). Understanding the Use of Passwords, Computers and Security, 7(2): 132-136.
PASSFACES Corporation (2013). The Science behind Passfaces, http://www.passfaces.com/enterprise/resources/white_papers.htm, 15 May 2013.
Pering, T., Sundar, M., Light, J. and Want, R. (2003). Photographic Authentication Through Untrusted Terminals, IEEE Pervasive Computing, 2(1): 30-36.
Perrig, A. and Song, D. (1999). Hash Visualization: A New Technique to Improve Real-World Security. Proceedings of the 1999 International Workshop on Cryptographic Techniques and e-Commerce, Dec 12-14. Kanazawa, Japan.
Ray, P.P. (2012). Ray’s Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices, International Journal of Computer Trend and Technology, 3(2): 230-236.
Robert, B., Sonia, C. and Van, P.C. (2012). Graphical Passwords: Learning from the First Twelve Years, ACM Computing Surveys (CSUR), 44(4): Article 19.
Smith, R.E. (2002). Handbook of Authentication: From Passwords to Public Keys, Addison-Wesley, New York.
Standing, L., Conezio, J. and Haber, R. (1970). Perception and Memory for Pictures: Single- Trial Learning of 2500 Visual Stimuli, Psychologic Science, 19(2): 73-74.
Tao, H. and Adams, C. (2008). Pass-Go: A Proposal to Improve the Usability of Graphical Passwords, International Journal of Network Security, 7(2):273-292.
Weinshall, D. (2006). Cognitive Authentication Schemes Safe against Spyware (short paper). IEEE Symposium on Security and Privacy. May 21-24. Berkeley/Oakland, CA.
Weiss, R. and De Luca, A. (2008). PassShapes-Utilizing Stroke Based Authentication to Increase Password Memorability. Proceedings of the 5th Nordic Conference on Human-Computer Interactions: Building Bridge. Oct 20-22. Lund, Sweden.
Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A. and Memon, N. (2005). Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. SOUP’05 Proceedings of the 2005 Symposium on Usable Privacy and Security. July 23-25. Pittsburgh, PA.
Wiedenbeck, S., Waters, J., Sobrado, L. and Birget, J. (2006). Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme. AVI’06 Proceeding of the Working Conference on Advanced Visual Interfaces. May 23 – 26. Venice, Italy.
Zvrian, M. and Haga, W.J. (1990). User Authentication by Cognitive Passwords: An Empirical Assessment. JCIT Proceedings of the Fifth Jerusalem Conference on Information Technology. Oct 22-25. Jerusalem, Israel.