Please wait a minute...
Shopping Cart Email List Chinese
Advanced Search Fig/Tab
Frontiers of Computer Science

ISSN 2095-2228

ISSN 2095-2236(Online)

CN 10-1014/TP

Postal Subscription Code 80-970

2018 Impact Factor: 1.129

Featured Articles  |  Most Downloaded  |  Most Reading
Online Submission Subscribe to Our RSS Content Feed
Front. Comput. Sci.
RESEARCH ARTICLE
Graphical password: prevent shoulder-surfing attack using digraph substitution rules
Lip Yee POR(), Chin Soon KU1,2, Amanul ISLAM1, Tan Fong ANG1
1. Department of Computer Science and Information Technology, University of Malaya, Kuala Lumpur 50603, Malaysia
2. Department of Computer Science, Universiti Tunku Abdul Rahman (Jalan Universiti), Kampar 31900, Malaysia
 Download: PDF(953 KB)  
 Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks
Abstract

In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity required to derive password-images is proposed. In the proposed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each challenge set for three consecutive sets.While this activity is simple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowledge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the proposed method, the scenario information used in each challenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks.
Keywords graphical password      authentication      shouldersurfing      data and computer security      digraph substitution rules     
Corresponding Author(s): Lip Yee POR   
Just Accepted Date: 19 October 2016   Online First Date: 01 December 2017    Issue Date: 07 December 2017
 Cite this article:   
Lip Yee POR,Chin Soon KU,Amanul ISLAM, et al. Graphical password: prevent shoulder-surfing attack using digraph substitution rules[J]. Front. Comput. Sci., 01 December 2017. [Epub ahead of print] doi: 10.1007/s11704-016-5472-z.
 URL:  
https://academic.hep.com.cn/fcs/EN/10.1007/s11704-016-5472-z
https://academic.hep.com.cn/fcs/EN/Y2017/V11/I6/1098
1 Jiang P, Wen Q Y, Li W M, Jin Z P, Zhang H. An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Frontiers of Computer Science, 2015, 9(1): 142–156
https://doi.org/10.1007/s11704-014-3125-7
2 Sasse M A, Brostoff S, Weirich D. Transforming the “weakest link”: a human-computer interaction approach for usable and effective security. BT Technology Journal, 2001, 19(3): 122–131
https://doi.org/10.1023/A:1011902718709
3 Herley C, Oorschot P C, Patrick A S. Passwords: if we’re so smart, why are we still using them?. In: Proceedings of the 13th International Conference on Financial Cryptography and Data Security. 2009, 23–26
https://doi.org/10.1007/978-3-642-03549-4_14
4 Renaud K, De-Angeli A. Visual Passwords: cure-all or snake-oil?. Communications of the ACM, 2009, 52(12): 135–140
https://doi.org/10.1145/1610252.1610287
5 De-Angeli A, Coventry L, Johnson G, Renaud K. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 2005, 63(1): 128–152
https://doi.org/10.1016/j.ijhcs.2005.04.020
6 Forget A, Chiasson S, Biddle R. Shoulder-surfing resistance with eyegaze entry in cued-recall graphical passwords. In: Proceedings of the 28th Annual CHI Conference on Human Factors in Computing Systems. 2010, 1107–1110
7 Biddle R, Chiasson S, Van Oorschot P. Graphical passwords: learning from the first twelve years. Journal of ACM Computing Surveys (CSUR), 2012, 44(4): 19–41
https://doi.org/10.1145/2333112.2333114
8 Davis D, Monrose F, Reiter M. On user choice in graphical password schemes. In: Proceedings of the 13th USENIX Security Symposium. 2004, 151–164
9 Por L Y, Lim X T. Issues, threats and future trend for GSP. In: Proceedings of the 7thWSEAS International Conference on Applied Computer & Applied Computational Science. 2008, 627–633
10 Por L Y, Lim X T. Multi-grid background Pass-Go. WSEAS Transactions on Information Science & Applications, 2008, 5(7): 1137–1148
11 Wiedenbeck S,Waters J, Sobrado L, Birget J. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces. 2006, 177–184
https://doi.org/10.1145/1133265.1133303
12 Gao H C, Liu X Y, Wang S D, Liu H G, Dai R Y. Design and analysis of a graphical password scheme. In: Proceedings of the 4th International Conference on Innovative Computing, Information and Control. 2009, 675–678
https://doi.org/10.1109/ICICIC.2009.158
13 Por L Y. Frequency of occurrence analysis attack and its countermeasure. The International Arab Journal of Information Technology, 2013, 10(2): 189–197
14 Manjunath G, Satheesh K, Saranyadevi C, Nithya M. Text-based shoulder surfing resistant graphical password scheme. International Journal of Computer Science and Information Technologies, 2014, 5(2): 2277–2280
15 Shaikh J, Pawar C C, Jadhav V S, Sindhu M R. User authentication using graphical system. Progress in Science and Engineering Research Journal, 2015, 17(3): 56–61
16 Gao H C, Wei J, Ye F, Ma L C. A survey on the use of graphical passwords in security. Journal of Software, 2013, 8(7): 1678–1698
https://doi.org/10.4304/jsw.8.7.1678-1698
17 Sobrado L, Birget J C. Graphical passwords. The Ruthgers Scholar, 2002, 4
18 Ion I, Reeder R, Consolvo S. “⋯no one can hack my mind”: comparing expert and non-expert security practices. In: Proceedings of Symposium on Usable Privacy and Security (SOUPS). 2015, 327–346
19 Gao S, Ma W P, Zhuo Z P, Wang F H. On cross-correlation indicators of an S-box. Frontiers of Computer Science in China, 2011, 5(4): 448–453
https://doi.org/10.1007/s11704-011-0177-9
20 Por L Y, Kiah M L M. Shoulder surfing resistance using penup event and neighbouring connectivity manipulation. Malaysian Journal of Computer Science, 2010, 23(2): 121–140
21 Por L Y, Delina B. Information hiding: a new approach in text steganography. In: Proceedings of the 7th WSEAS International Conference on Applied Computer and Applied Computational Science. 2008, 689–695
22 Por L Y, Delina B, Ang T F, Ong S Y. An enchanced mechanism for image steganography using sequential colour cycle algorithm. The International Arab Journal of Information Technology, 2013, 10(1): 51–60
23 Por L Y, Lai W K, Alireza Z, Delina B. StegCure: an amalgamation of different steganographic methods in GIF image. In: Proceedings of the 12th WSEAS International Conference on Computers. 2008, 420–425
24 Por L Y, Wong K, Chee K O. UniSpaCh: a text-based data hiding method using Unicode space characters. Journal of Systems and Software, 2012, 85(5): 1075–1082
https://doi.org/10.1016/j.jss.2011.12.023
25 Feng D, Wu C. Advances in cryptography and information security — introduction of 2002–2006 progress of SKLOIS. Frontiers of Computer Science in China, 2007, 1(4): 385–396
https://doi.org/10.1007/s11704-007-0037-9
[1] FCS-1098-15472-LYR_suppl_1 Download
[2] Download
[1] Nilesh CHAKRABORTY, Samrat MONDAL. On designing an unaided authentication service with threat detection and leakage control for defeating opportunistic adversaries[J]. Front. Comput. Sci., 2021, 15(2): 152803-.
[2] Peng JIANG,Qiaoyan WEN,Wenmin LI,Zhengping JIN,Hua ZHANG. An anonymous and efficient remote biometrics user authentication scheme in a multi server environment[J]. Front. Comput. Sci., 2015, 9(1): 142-156.
[3] Xixiang LV,Hui LI. Error- and loss-tolerant bundle fragment authentication for space DTNs[J]. Front. Comput. Sci., 2014, 8(6): 1012-1023.
[4] Boyang WANG, Hui LI, Jin CAO. An efficient MAC scheme for secure network coding with probabilistic detection[J]. Front Comput Sci, 2012, 6(4): 429-441.
[5] Anh Tuan LUU, Jun SUN, Yang LIU, Jin Song DONG, Xiaohong LI, Thanh Tho QUAN. SeVe: automatic tool for verification of security protocols[J]. Front Comput Sci, 2012, 6(1): 57-75.
[6] Jiqiang LIU, Xun CHEN, Zhen HAN, . Full and partial deniability for authentication schemes[J]. Front. Comput. Sci., 2010, 4(4): 516-521.
[7] WANG Lingling, ZHANG Guoyin, MA Chunguang. ID-based deniable ring authentication with constant-size signature[J]. Front. Comput. Sci., 2008, 2(1): 106-112.
[8] LUO Weiqi, QU Zhenhua, PAN Feng, HUANG Jiwu. A survey of passive technology for digital image forensics[J]. Front. Comput. Sci., 2007, 1(2): 166-179.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed