Modelling the security of recognition-based graphical passwords

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

Recognition-based graphical passwords have received attention in recent research as an alternative authentication mechanism. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four attack types. These models combine to provide an overall metric of the security of recognitionbased graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was previously not possible.

Original languageEnglish
Title of host publicationProceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014
Place of PublicationPlymouth
Pages112-121
Number of pages10
Publication statusPublished - 1 Jul 2014
Externally publishedYes
Event8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014 - Plymouth, United Kingdom
Duration: 8 Jul 20149 Jul 2014

Conference

Conference8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014
CountryUnited Kingdom
CityPlymouth
Period8/07/149/07/14

    Fingerprint

Keywords

  • metrics
  • recognition-based graphical passwords
  • security

Cite this

English, R. (2014). Modelling the security of recognition-based graphical passwords. In Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance (HAISA) 2014 (pp. 112-121). Plymouth.