Towards a metric for recognition-based graphical password security

Rosanne English, Ron Poet

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

9 Citations (Scopus)

Abstract

Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

Original languageEnglish
Title of host publication5th International Conference on Network and System Security
EditorsPierangela Samarati, Sara Foresti, Jiankun Hu, Giovanni Livraga
Place of PublicationPiscataway
PublisherIEEE
Pages239-243
Number of pages5
ISBN (Print)9781457704598
DOIs
Publication statusPublished - 27 Oct 2011
Externally publishedYes
Event2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy
Duration: 6 Sep 20118 Sep 2011

Conference

Conference2011 5th International Conference on Network and System Security, NSS 2011
CountryItaly
CityMilan
Period6/09/118/09/11

Keywords

  • recognition-based graphical password (RBGP)
  • security
  • guessing attack
  • capture attack
  • authentication schemes

Fingerprint Dive into the research topics of 'Towards a metric for recognition-based graphical password security'. Together they form a unique fingerprint.

  • Cite this

    English, R., & Poet, R. (2011). Towards a metric for recognition-based graphical password security. In P. Samarati, S. Foresti, J. Hu, & G. Livraga (Eds.), 5th International Conference on Network and System Security (pp. 239-243). Piscataway: IEEE. https://doi.org/10.1109/ICNSS.2011.6060007