ChoCD: Usable and Secure Graphical Password Authentication Scheme

Similar documents
Authentication schemes for session password using color and special characters

Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points

Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm

Graphical User Authentication Using Random Codes

Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication

Graphical Password to Increase the Capacity of Alphanumeric Password

A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method

Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2

Authentication Using Grid-Based Authentication Scheme and Graphical Password

A Text based Authentication Scheme for Improving Security of Textual Passwords

Recall Based Authentication System- An Overview

MULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION

CARP: CAPTCHA as A Graphical Password Based Authentication Scheme

Cued Click Point Technique for Graphical Password Authentication

A GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES

KNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER

A Hybrid Password Authentication Scheme Based on Shape and Text

An Ancient Indian Board Game as a Tool for Authentication

MIBA: Multitouch Image-Based Authentication on Smartphones

DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS

Usable Privacy and Security, Fall 2011 Nov. 10, 2011

3LAS (Three Level Authentication Scheme)

International Journal of Pure and Applied Sciences and Technology

Image Password Based Authentication in an Android System

Innovative Graphical Passwords using Sequencing and Shuffling Together

A Survey on Recall-Based Graphical User Authentications Algorithms

ENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION

Quantifying the Effect of Graphical Password Guidelines for Better Security

Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique

Graphical Password Authentication: Methods and Schemes

M.Ashwini 1,K.C.Sreedhar 2

Enhancing CAPTCHA based Image Authentication for ID and Password

USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDS

A Multi-Grid Graphical Password Scheme

Survey on Various Techniques of User Authentication and Graphical Password

KNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS

A STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES

A Survey on Different Graphical Password Authentication Techniques

NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION

Graphical Password or Graphical User Authentication as Effective Password Provider

CARP-A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS

SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

Implementation and Design of Graphical Password System Using Image Fusion

Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

A Novel Graphical Password Authentication Scheme

Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006

Enhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones

Captcha as Textual Passwords with Click Points to Protect Information

Captcha as Graphical Password Authentication System with IP Blacklisting

Randomized Image Passwords and A QR Code based Circumnavigation Mechanism for Secure Authentication

A Novel Method for Graphical Password Mechanism

A New Graphical Password: Combination of Recall & Recognition Based Approach

Highly Secure Authentication Scheme: A Review

Pixel Value Graphical Password Scheme: Fake Passpix Attempt on Hexadecimal Password Style

COMPARATIVE STUDY OF GRAPHICAL USER AUTHENTICATION APPROACHES

Pixel Value Graphical Password Scheme-Graphical Password Scheme Literature Review

Design & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique

Enhanced Textual Password Scheme for Better Security and Memorability

An image edge based approach for image password encryption

Address for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune

Journal of Global Research in Computer Science PASSWORD IN PRACTICE: AN USABILITY SURVEY

Graphical password authentication using Pass faces

AN IMPROVED MAP BASED GRAPHICAL ANDROID AUTHENTICATION SYSTEM

A Novel Approach for Software Implementation of Graphical Authentication Methodology

Graphical Password Using Captcha

Graphical Password Authentication with Cloud Securing Method

The Design and Implementation of Background Pass-Go Scheme Towards Security Threats

Secure Usable Authentication Using Strong Pass text Passwords

User Authentication Protocol

Recording end-users security events: A step towards increasing usability

A Survey on Graphical Passwords in Providing Security

Simple Text Based Colour Shuffling Graphical Password Scheme

Keywords security model, online banking, authentication, biometric, variable tokens

A new algorithm on Graphical User Authentication (GUA) based on multi-line grids

3D PASSWORD AUTHENTICATION FOR WEB SECURITY

Graphical User Authentication

Available Online through

Issues, Threats and Future Trend for GSP

Presented By: Miss Samya Ashraf Want Student ID

Implementation of Knowledge Based Authentication System Using Persuasive Cued Click Points

MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE

Implementing a Secure Authentication System

Captcha as Graphical Password- Based AI Problems

Revealing Hidden Context Improving Users Mental Models of Personal Firewalls

Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme

Captcha as Graphical Passwords (Security Primitive Based On Hard Ai Problems)

A Graphical PIN Authentication Mechanism for Smart Cards and Low-Cost Devices

MULTI-FACTOR AUTHENTICATION BASED ON GAME MODE FOR ANDROID APPLICATION

Experimental study of CAPTCHA: A Security Primitive

Graphical Authentication System

International Journal of Scientific & Engineering Research, Volume 4, Issue 12, December ISSN

Usable Security Introduction to User Authentication and Human Interaction Proof Research

Ray s Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices

USING EMOJI PICTURES TO STRENGTHEN THE IMMUNITY OF PASSWORDS AGAINST ATTACKERS

International Journal of Advances in Engineering Research

User Authentication + Other Human Aspects

Transcription:

Indian Journal of Science and Technology, Vol 10(4), DOI: 10.17485/ijst/2017/v10i4/110885, January 2017 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 ChoCD: Usable and Secure Graphical Password Authentication Scheme Radhi Rafiee Afandi * and Mohd Zalisham Jali Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Nilai - 71800, Negeri Sembilan, Malaysia; mr.didie92@gmail.com, zalisham@usim.edu.my Abstract Since designing effective graphical password authentication schemes is of vital important, this paper attempts to address the need by providing a new way for designing and developing hybrid graphical scheme named ChoCD. ChoCD combines the method of "Click-based, Choice-based, and Draw-based. By combining these, it is anticipated that it will offer better usability and security. An evaluation towards ChoCD was conducted to measure its viability and practicality as the alternative user authentication. From these conduct of evaluations, it was found that ChoCD is easy to use and provides more security than other existing schemes and thus potentially be used for user authentication. Keywords: Graphical Password, Password, User Authentication Security, Usability 1. Introduction Nowadays, all of the user authentication purpose in computer security depends on password 1. In this regards, the main method that can be used to guarantee information security is authentication and password authentication is the most often used and handy method of authentication. Password refers to the secret use for authentication 2. This is the most frequently used method for authentication by identifying a computer system s users. In this light, Graphical password is also known as Graphical User Authentication (GUA) which refers system used for authentication where the users will have to choose images in a particular sequence, which is presented through a GUI (Graphical User Interface). Inherently, GUA ad GUI can replace the conventional alphanumeric passwords where instead of typing alphanumeric strings, the users will authenticate themselves by clicking on images. This paper is arranged as follows, it starts with a review of graphical password. The next section describes ChoCD design and development which is the core of this paper. Then, the next section explains initial evaluation of ChoCD based on its security level and usability from the perspective of the users. Finally, the last section summarizes the proposed scheme and conduct of experiments. 2. Graphical Password Classifications This paper proposes the Graphical-based password technique as a prospective substitute to the text-based techniques. In this regard, this proposal is based on the well known fact that images can be remembered by humans compared to the text-based 3. Thus, it is believed that schemes with graphical-based authentication, compared to the present method for authentication, will have higher level of memorability. Furthermore, compared with the token-based and text-based authentications, graphical passwords are more difficult to break through the use of normal attacks such as brute force, dictionary attack, and spyware 4. Consequently, it is claimed that this method has a higher level of security compared to others 5. In the graphical passwords scheme, the user is required to select memorable images. The process of selecting memorable images is based on the disposition of image processing and the precise click location s sequence. Therefore, image content should meaningful so that it is memorized by the user, as random content may be less memorable. In this regards, this paper proposes graphicalbased passwords as an alternative to the conventional password method. This is because, compared to texts, * Author for correspondence

ChoCD: Usable and Secure Graphical Password Authentication Scheme pictures are easier to remember. Consequently, past researchers coined this as picture superiority effect 6. From our findings, majority of literatures on graphical password (1994- January 2016) mentioned that graphical password authentication can be put into three groups. This group is based on memory classification. In the pure Recall-Based category, users are required to recall their passwords without any form of gestures, reminder or hints. This category can be perceived as convenient and simple, however, at times, the users are having difficulty in remembering their passwords. Such scheme includes the Draw A Secret (DAS) and qualitative DAS 7. Meanwhile, the Cued Recall Based category outlines a framework which comprise of strategies that can assist the users to recall their passwords or to make more accurate recall such as hints, reminder, and gestures. Examples of authentication belong to this category are Blonder algorithm 8 and Pass point 9. Other category known as Recognition-based, where users select icons, symbols or pictures from the set of given images. In this regard, the users are required to identify their registration choice from a set of prospective images during the authentication process 10. Meanwhile, authentication using the hybrid schemes category typically combine two or more schemes which are adopted to overcome the limitation of a single scheme, which might not able to single handedly protect against spyware, guessing attack, brute force search and shoulder surfing. The example of hybrid scheme is the authentication for online banking system, which the combine graphical images authentication and textualbased password 11. Another classification for graphical password is based on the users action: named as click-based, draw based and choice-based. Briefly, the user of a choice based scheme needs to memorize a set of images in a prescribed category. Meanwhile, the click based scheme entails the user to set a password by choosing certain spot on a prescribed image. As they log in, the user needs to re-click the spot they clicked either randomly or in a sequential order. Finally, draw based scheme requires user to sketch, draw on given image background. rather than using conventional text-based passwords. It is intended not only for desktop use, but it can also be used in the mobile devices. ChoCD s generic conception comprise of three forms of authentication, starting from choice-based, followed by the click-based and finally, draw based authentication. The flow is generally easy and uncomplicated to construct. Consequently, it can be used to guide the users to easily use and implement this scheme. There are two steps in the whole process, password creation and login. For the basic scheme, a simple example can be used to describe both stages. This authentication is beneficial as only the correct user would remember the passwords (graphical images, positionfor-click and pattern draw). In this light, as the users memory can be triggered by the images, this method is more memorable and secure as compared to other types of graphical password. Figures 1 and 2 present the illustration of the interface of the ChoCD prototype. Figure 1. Screenshot of the password creation step. 3. ChoCD Motivated by the hybrid scheme, the graphical password authentication system named ChoCD is developed. The idea of ChoCD is to give an experience to user to log into their accounts using username and graphical password Figure 2. Screenshot of the login step. 2 Vol 10 (4) January 2017 www.indjst.org Indian Journal of Science and Technology

Radhi Rafiee Afandi and Mohd Zalisham Jali 4. Evaluation will better match to the intuitive meaning of middle. Evaluations towards ChoCD authentication were conducted with regards to its usability and security. It was tested by a number of participants from various backgrounds and having a number of years using computer within authors institution. All of them were given a set of questionaries to answer after they used the ChoCD prototype. 4.1 Procedures and Steps Participants in the study were requested to read the briefing sheet before embarking into the actual test. Once completed, they were requested to register into the ChoCD system. Each of the participants had to follow these following steps: Step 1: Training Phase The participants were briefed about the primary purpose of this research, as well as what they were expected to do. The briefing covers definitions of the range of different schemes such as token, biometric, text-based and graphical password schemes. Later, they were presented with an overview of the testing steps, ChoCD itself, and questionnaire. The participants were also presented with a number of graphical images and were briefed on how to draw a pattern on the image. A discussion session was also held. Step 2: Testing Phase Two sessions involved. First session dealt with registration and the second session focused on login. Times taken for both phases were recorded through the system prototype. The participants were asked to register before they could login. The questionnaire for the prototype was presented to each participant. Briefly, participants were requested to answer the questionnaire related to the security and usability of the scheme. 4.2 Results The evaluation involved 41 participants from the IT background and 44 participants from non-it background; as presented in the Figure 3. In the Figure 4, it can be seen that the median time taken for participants was 17.50 seconds for password creation and 15.66 seconds for login. Basically, the default measure of centrality is the mean, but when the distribution is skewed, the median Figure 3. Figure 4. Number of participants participated. Median time for register and login. 4.3 Usability Perception towards ChoCD Usability means how easy it is to learn, to use a system and the extent of how it can fulfil users needs 12. Despite there are various authentication schemes proposed that claimed to increase the strength of a password, these systems usability is still unexplored. Thus, a scale was used to investigate users feedback on a range of authentication schemes. This scale is split into five stages: very easy, easy, moderate, difficult, and very difficult. ChoCD was included in the survey and was explained to measure other authentication schemes. Figure 5 results indicated that ChoCD is perceived as an easy authentication method by the participants. When asked which part they liked most of ChoCD, participants responded that they like the user interface as it quite user friendly. Vol 10 (4) January 2017 www.indjst.org Indian Journal of Science and Technology 3

ChoCD: Usable and Secure Graphical Password Authentication Scheme general, participants think that ChoCD is most secure scheme. Moreover, it shows that ChoCD authentication system prototype scheme and scored an acceptable level of security. This further indicates that in comparison to the text-based password, the entropy of password in graphical password schemes is longer. Therefore, ChoCD has shown an anticipated balance between security and usability that can be used as a new enhancement of authentication scheme. Figure 5. The comparison of usability between existing authentication schemes and ChoCD. 4.5 Pattern of ChoCD In term of secret chosen by the participants, it was observed that the chosen image was predominantly affected by the sequence that appeared earlier. For the first graphical image secret, the participants most probably select lemon, grape and strawberry images, while for the second graphical image secret, participants most likely to select the image from the next row or grid. They would choose the image by sequence. For example, they would choose the image from top to bottom or from left to right grid. Table 1 shows popular images chosen by participants. Figure 6. The comparison of security between existing authentication schemes and ChoCD. 4.4 Security Perception towards ChoCD The participants thought on the different authentication schemes security level was prompted in this survey. The participants were given these options; Not Secure, Secure, Moderate, Very Secure and Strongly Secure. ChoCD, along with present online banking authentication schemes were included to see the authentication scheme, which is deemed to be the most secure. Then, the stages were reviewed and rearranged into three stages, Moderate is considered as Average, Secure and Very Secure means Above Average, Not Secure and Less Secure is indicated as below average. In this light, the above average (secure and very secure) values were used to evaluate particular schemes security level. Figure 6 shows that ChoCD authentication scheme is deemed as the most secure by 77 participants. Meanwhile, 75 participants ranked the present authentication system as the most secure. These responses indicate that in Figure 7. Figure 8. 5x5 Grid of graphical images. Samples of clicks and draws. 4 Vol 10 (4) January 2017 www.indjst.org Indian Journal of Science and Technology

Radhi Rafiee Afandi and Mohd Zalisham Jali Table 1. Popular image picked by participants 1 st Graphical image Frequency of participants Lemon 40 Grape 14 Strawberry 31 2 nd Graphical image No. of participants Strawberry 12 Banana 25 Apple 37 Coconut 11 For the click-based secret, which requires the participants to select any click-points on the 3x3 pattern draw given, it was found that most of the participants preferred to click on left side first. For the draw-based secret, where they were required to draw a line on the screen, it was found that participants drawing secret were similar to the pattern during the click-based secret. For example, participants chose to start click the dot from the left side then they would draw a pattern from the left side too. Figures 7 and 8 show examples of click and draw made by a number of participants. 5. Conclusion This paper presents a new graphical scheme based on the hybrid scheme combination named ChoCD. The prototype of ChoCD authentication system was developed and gave to users to test the prototype. Based on the evaluations, findings suggest that majority of participants agreed ChoCD prototype is user friendly and the secrets is easy to remember. In addition to this, ChoCD is said to maintain the usability and security simultaneously. For the future, we will conduct more users testing on ChoCD scheme and analyze extensively all of the data from the result in order to make further enhancement. We hope that the new hybrid scheme, ChoCD will be used widely for all system s user according to the accomplishment of usability and security perspectives in this scheme. 6. Acknowledgements Authors wish to thank all participants who participated in the study. This research is funded by the Ministry of Higher Education of Malaysia and Research Management Centre of USIM via grant research with code USIM/ FRGS/FST/32/50315. 7. References 1. Banne SS, Shedge KN. CARP: CAPTCHA as a graphical password based authentication scheme. International Journal of Advanced Research in Computer and Communication Engineering. 2016 Jan; 5(1). 2. Renaud K. Evaluating authentication mechanisms. In: Cranor L, Garnkel S, editors. Security and Usability: Designing Secure Systems That People Can Use. O Reilly Media; 2005. p. 103-28. 3. Xiaoyuan S, Ying Z, et al. Graphical passwords: A survey. 21st Annual Computer Security Applications Conference; 2005. p. 463 72. 4. Wells J, Hutchinson D, Pierce J. Enhanced security for preventing man-in-the-middle attacks in authentication, data entry and transaction verification. Australian Information Security Management Conference; 2008. p. 58. 5. Almuairfi S, Veeraraghavan P, Chilamkurti N. IPAS: User test phase and evaluation. Frontier and Innovation in Future Computing and Communications, Lecture Notes in Electrical Engineering. Dordrecht: Springer Science+Business Media; 2014. p. 301. doi:10.1007/978-94-017-8798-7_2 6. Chiasson S, Forget A, Biddle R, van Oorschot PC. Influencing users towards better passwords: Persuasive Cued Click- Points. Human Computer Interaction (HCI): The British Computer Society; 2008 Sept. 7. Jermyn I, Mayer A, Monrose F, Reiter M, Rubin A. The design and analysis of graphical passwords. Proceedings of the 8 th USENIX Security Symposium; 1999 Aug. 8. Blonder GE. Graphical passwords. Murray Hill, NJ, United States: Lucent Technologies, Inc.; 1996. 9. Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N. Authentication using graphical passwords: Basic results. Human-Computer Interaction International (HCII); Las Vegas, NV. 2005. 10. Gao HC, Liu XY, Wang SD, Dai RY. A new graphical password scheme against spyware by using CAPTCHA. Proceedings of the Symposium on Usable Privacy and Security; 2009 Jul 15-17. 11. Alsaiari H, Papadaki M, Dowland PS, Furnell SM. Alternative graphical authentication for online banking environments. Proceedings of the 8 th International Symposium on Human Aspects of Information Security & Assurance (HAISA); 2014. 12. Chiasson S, van Oorschot P, Biddle R. A usability study and critique of two password managers. 15th USENIX Security Symposium; 2006 Aug. Vol 10 (4) January 2017 www.indjst.org Indian Journal of Science and Technology 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback