The effectiveness of intersection attack countermeasures for graphical passwords

Rosanne English, Ron Poet

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

5 Citations (Scopus)

Abstract

Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.

LanguageEnglish
Title of host publication2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Place of PublicationPiscataway, N.J.
PublisherIEEE
Number of pages8
ISBN (Print)9780769547459
DOIs
Publication statusPublished - 6 Sep 2012
Externally publishedYes
Event11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom
Duration: 25 Jun 201227 Jun 2012

Conference

Conference11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
CountryUnited Kingdom
CityLiverpool
Period25/06/1227/06/12

Fingerprint

Authentication

Keywords

  • authentication
  • intersect attacks
  • recognition-based graphical passwords
  • simulation

Cite this

English, R., & Poet, R. (2012). The effectiveness of intersection attack countermeasures for graphical passwords. In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) Piscataway, N.J.: IEEE. https://doi.org/10.1109/TrustCom.2012.271
English, Rosanne ; Poet, Ron. / The effectiveness of intersection attack countermeasures for graphical passwords. 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Piscataway, N.J. : IEEE, 2012.
@inproceedings{e3e9d3a3cc6c4d34a8a3966adcd4e064,
title = "The effectiveness of intersection attack countermeasures for graphical passwords",
abstract = "Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.",
keywords = "authentication, intersect attacks, recognition-based graphical passwords, simulation",
author = "Rosanne English and Ron Poet",
year = "2012",
month = "9",
day = "6",
doi = "10.1109/TrustCom.2012.271",
language = "English",
isbn = "9780769547459",
booktitle = "2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)",
publisher = "IEEE",

}

English, R & Poet, R 2012, The effectiveness of intersection attack countermeasures for graphical passwords. in 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, Piscataway, N.J., 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012, Liverpool, United Kingdom, 25/06/12. https://doi.org/10.1109/TrustCom.2012.271

The effectiveness of intersection attack countermeasures for graphical passwords. / English, Rosanne; Poet, Ron.

2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Piscataway, N.J. : IEEE, 2012.

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - The effectiveness of intersection attack countermeasures for graphical passwords

AU - English, Rosanne

AU - Poet, Ron

PY - 2012/9/6

Y1 - 2012/9/6

N2 - Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.

AB - Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.

KW - authentication

KW - intersect attacks

KW - recognition-based graphical passwords

KW - simulation

UR - http://www.scopus.com/inward/record.url?scp=84868123906&partnerID=8YFLogxK

U2 - 10.1109/TrustCom.2012.271

DO - 10.1109/TrustCom.2012.271

M3 - Conference contribution book

SN - 9780769547459

BT - 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

PB - IEEE

CY - Piscataway, N.J.

ER -

English R, Poet R. The effectiveness of intersection attack countermeasures for graphical passwords. In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Piscataway, N.J.: IEEE. 2012 https://doi.org/10.1109/TrustCom.2012.271