Simulating and modelling the effectiveness of graphical password intersection attacks

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Summary Recognition-based graphical passwords (RBGPs) are often proposed as an alternative user authentication mechanism. However, discussion of attack resistance often lacks quantitative examination. Establishing the efficacy of countermeasures could allow selection of an appropriate countermeasure for the level of security required by a given system. Furthermore, this information could be used to construct a model to estimate the number of intersection attacks required before success. This research contributes to these goals by establishing effective countermeasures and a model for intersection attacks. The approach involves creating a simulation of intersection attacks using five possible countermeasures and performing analysis to determine efficacy. Results show that using dummy screens does not increase the number of attacks required. It is also shown that increasing the number of challenge screens can increase and reduce the number of attacks required. Also presented is a model for RBGP schemes that can be used to estimate the number of intersection attacks required for a RBGP scheme when configuration values such as the number of challenge screens are known. This allows a quantitative choice of countermeasure for intersection attacks and a calculation that can provide a basis of comparison with other RBGP schemes, which was previously not possible.

LanguageEnglish
Pages3089-3107
Number of pages19
JournalConcurrency and Computation: Practice and Experience
Volume27
Issue number12
Early online date18 Dec 2013
DOIs
Publication statusPublished - 25 Aug 2015
Externally publishedYes

Fingerprint

Password
Intersection
Attack
Countermeasures
Modeling
Efficacy
Authentication
User Authentication
Graphics
Estimate
Model
Configuration
Alternatives

Keywords

  • authentication
  • intersect attacks
  • recognition-based graphical passwords
  • simulation

Cite this

@article{8a6cb248b1bc43daa9f6fc454120b07c,
title = "Simulating and modelling the effectiveness of graphical password intersection attacks",
abstract = "Summary Recognition-based graphical passwords (RBGPs) are often proposed as an alternative user authentication mechanism. However, discussion of attack resistance often lacks quantitative examination. Establishing the efficacy of countermeasures could allow selection of an appropriate countermeasure for the level of security required by a given system. Furthermore, this information could be used to construct a model to estimate the number of intersection attacks required before success. This research contributes to these goals by establishing effective countermeasures and a model for intersection attacks. The approach involves creating a simulation of intersection attacks using five possible countermeasures and performing analysis to determine efficacy. Results show that using dummy screens does not increase the number of attacks required. It is also shown that increasing the number of challenge screens can increase and reduce the number of attacks required. Also presented is a model for RBGP schemes that can be used to estimate the number of intersection attacks required for a RBGP scheme when configuration values such as the number of challenge screens are known. This allows a quantitative choice of countermeasure for intersection attacks and a calculation that can provide a basis of comparison with other RBGP schemes, which was previously not possible.",
keywords = "authentication, intersect attacks, recognition-based graphical passwords, simulation",
author = "Rosanne English",
year = "2015",
month = "8",
day = "25",
doi = "10.1002/cpe.3196",
language = "English",
volume = "27",
pages = "3089--3107",
journal = "Concurrency and Computation: Practice and Experience",
issn = "1532-0626",
number = "12",

}

Simulating and modelling the effectiveness of graphical password intersection attacks. / English, Rosanne.

In: Concurrency and Computation: Practice and Experience, Vol. 27, No. 12, 25.08.2015, p. 3089-3107.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Simulating and modelling the effectiveness of graphical password intersection attacks

AU - English, Rosanne

PY - 2015/8/25

Y1 - 2015/8/25

N2 - Summary Recognition-based graphical passwords (RBGPs) are often proposed as an alternative user authentication mechanism. However, discussion of attack resistance often lacks quantitative examination. Establishing the efficacy of countermeasures could allow selection of an appropriate countermeasure for the level of security required by a given system. Furthermore, this information could be used to construct a model to estimate the number of intersection attacks required before success. This research contributes to these goals by establishing effective countermeasures and a model for intersection attacks. The approach involves creating a simulation of intersection attacks using five possible countermeasures and performing analysis to determine efficacy. Results show that using dummy screens does not increase the number of attacks required. It is also shown that increasing the number of challenge screens can increase and reduce the number of attacks required. Also presented is a model for RBGP schemes that can be used to estimate the number of intersection attacks required for a RBGP scheme when configuration values such as the number of challenge screens are known. This allows a quantitative choice of countermeasure for intersection attacks and a calculation that can provide a basis of comparison with other RBGP schemes, which was previously not possible.

AB - Summary Recognition-based graphical passwords (RBGPs) are often proposed as an alternative user authentication mechanism. However, discussion of attack resistance often lacks quantitative examination. Establishing the efficacy of countermeasures could allow selection of an appropriate countermeasure for the level of security required by a given system. Furthermore, this information could be used to construct a model to estimate the number of intersection attacks required before success. This research contributes to these goals by establishing effective countermeasures and a model for intersection attacks. The approach involves creating a simulation of intersection attacks using five possible countermeasures and performing analysis to determine efficacy. Results show that using dummy screens does not increase the number of attacks required. It is also shown that increasing the number of challenge screens can increase and reduce the number of attacks required. Also presented is a model for RBGP schemes that can be used to estimate the number of intersection attacks required for a RBGP scheme when configuration values such as the number of challenge screens are known. This allows a quantitative choice of countermeasure for intersection attacks and a calculation that can provide a basis of comparison with other RBGP schemes, which was previously not possible.

KW - authentication

KW - intersect attacks

KW - recognition-based graphical passwords

KW - simulation

UR - http://www.scopus.com/inward/record.url?scp=84937724631&partnerID=8YFLogxK

U2 - 10.1002/cpe.3196

DO - 10.1002/cpe.3196

M3 - Article

VL - 27

SP - 3089

EP - 3107

JO - Concurrency and Computation: Practice and Experience

T2 - Concurrency and Computation: Practice and Experience

JF - Concurrency and Computation: Practice and Experience

SN - 1532-0626

IS - 12

ER -