Abstract
Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014 |
| Place of Publication | Plymouth |
| Pages | 112-121 |
| Number of pages | 10 |
| Publication status | Published - 1 Jul 2014 |
| Externally published | Yes |
| Event | 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014 - Plymouth, United Kingdom Duration: 8 Jul 2014 → 9 Jul 2014 |
Conference
| Conference | 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014 |
|---|---|
| Country | United Kingdom |
| City | Plymouth |
| Period | 8/07/14 → 9/07/14 |
Keywords
- metrics
- recognition-based graphical passwords
- security