Modelling the security of recognition-based graphical passwords

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.

LanguageEnglish
Title of host publicationProceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014
Place of PublicationPlymouth
Pages112-121
Number of pages10
Publication statusPublished - 1 Jul 2014
Externally publishedYes
Event8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014 - Plymouth, United Kingdom
Duration: 8 Jul 20149 Jul 2014

Conference

Conference8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014
CountryUnited Kingdom
CityPlymouth
Period8/07/149/07/14

Fingerprint

quantitative method
Research
Authentication
Theoretical Models
Mathematical models

Keywords

  • metrics
  • recognition-based graphical passwords
  • security

Cite this

English, R. (2014). Modelling the security of recognition-based graphical passwords. In Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014 (pp. 112-121). Plymouth.
English, R. / Modelling the security of recognition-based graphical passwords. Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014. Plymouth, 2014. pp. 112-121
@inproceedings{bee08beeeef7484bae8faa609f50e4b3,
title = "Modelling the security of recognition-based graphical passwords",
abstract = "Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.",
keywords = "metrics, recognition-based graphical passwords, security",
author = "R. English",
year = "2014",
month = "7",
day = "1",
language = "English",
isbn = "9781841023755",
pages = "112--121",
booktitle = "Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014",

}

English, R 2014, Modelling the security of recognition-based graphical passwords. in Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014. Plymouth, pp. 112-121, 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014, Plymouth, United Kingdom, 8/07/14.

Modelling the security of recognition-based graphical passwords. / English, R.

Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014. Plymouth, 2014. p. 112-121.

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Modelling the security of recognition-based graphical passwords

AU - English, R.

PY - 2014/7/1

Y1 - 2014/7/1

N2 - Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.

AB - Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.

KW - metrics

KW - recognition-based graphical passwords

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85026663610&partnerID=8YFLogxK

UR - http://haisa.org/

M3 - Conference contribution book

SN - 9781841023755

SP - 112

EP - 121

BT - Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014

CY - Plymouth

ER -

English R. Modelling the security of recognition-based graphical passwords. In Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014. Plymouth. 2014. p. 112-121