Abstract
Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014 |
| Place of Publication | Plymouth |
| Pages | 112-121 |
| Number of pages | 10 |
| Publication status | Published - 1 Jul 2014 |
| Externally published | Yes |
| Event | 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014 - Plymouth, United Kingdom Duration: 8 Jul 2014 → 9 Jul 2014 |
Conference
| Conference | 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014 |
|---|---|
| Country | United Kingdom |
| City | Plymouth |
| Period | 8/07/14 → 9/07/14 |
Fingerprint
Keywords
- metrics
- recognition-based graphical passwords
- security
Cite this
}
Modelling the security of recognition-based graphical passwords. / English, R.
Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014. Plymouth, 2014. p. 112-121.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution book
TY - GEN
T1 - Modelling the security of recognition-based graphical passwords
AU - English, R.
PY - 2014/7/1
Y1 - 2014/7/1
N2 - Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.
AB - Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.
KW - metrics
KW - recognition-based graphical passwords
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85026663610&partnerID=8YFLogxK
UR - http://haisa.org/
M3 - Conference contribution book
SN - 9781841023755
SP - 112
EP - 121
BT - Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014
CY - Plymouth
ER -