Towards a metric for recognition-based graphical password security

Rosanne English, Ron Poet

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

9 Citations (Scopus)

Abstract

Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

LanguageEnglish
Title of host publication5th International Conference on Network and System Security
EditorsPierangela Samarati, Sara Foresti, Jiankun Hu, Giovanni Livraga
Place of PublicationPiscataway
PublisherIEEE
Pages239-243
Number of pages5
ISBN (Print)9781457704598
DOIs
Publication statusPublished - 27 Oct 2011
Externally publishedYes
Event2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy
Duration: 6 Sep 20118 Sep 2011

Conference

Conference2011 5th International Conference on Network and System Security, NSS 2011
CountryItaly
CityMilan
Period6/09/118/09/11

Fingerprint

Authentication

Keywords

  • recognition-based graphical password (RBGP)
  • security
  • guessing attack
  • capture attack
  • authentication schemes

Cite this

English, R., & Poet, R. (2011). Towards a metric for recognition-based graphical password security. In P. Samarati, S. Foresti, J. Hu, & G. Livraga (Eds.), 5th International Conference on Network and System Security (pp. 239-243). Piscataway: IEEE. https://doi.org/10.1109/ICNSS.2011.6060007
English, Rosanne ; Poet, Ron. / Towards a metric for recognition-based graphical password security. 5th International Conference on Network and System Security. editor / Pierangela Samarati ; Sara Foresti ; Jiankun Hu ; Giovanni Livraga. Piscataway : IEEE, 2011. pp. 239-243
@inproceedings{0c5671c98cf64c93a4e9b58bf102546e,
title = "Towards a metric for recognition-based graphical password security",
abstract = "Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.",
keywords = "recognition-based graphical password (RBGP), security , guessing attack, capture attack, authentication schemes",
author = "Rosanne English and Ron Poet",
year = "2011",
month = "10",
day = "27",
doi = "10.1109/ICNSS.2011.6060007",
language = "English",
isbn = "9781457704598",
pages = "239--243",
editor = "Pierangela Samarati and Sara Foresti and Jiankun Hu and Giovanni Livraga",
booktitle = "5th International Conference on Network and System Security",
publisher = "IEEE",

}

English, R & Poet, R 2011, Towards a metric for recognition-based graphical password security. in P Samarati, S Foresti, J Hu & G Livraga (eds), 5th International Conference on Network and System Security. IEEE, Piscataway, pp. 239-243, 2011 5th International Conference on Network and System Security, NSS 2011, Milan, Italy, 6/09/11. https://doi.org/10.1109/ICNSS.2011.6060007

Towards a metric for recognition-based graphical password security. / English, Rosanne; Poet, Ron.

5th International Conference on Network and System Security. ed. / Pierangela Samarati; Sara Foresti; Jiankun Hu; Giovanni Livraga. Piscataway : IEEE, 2011. p. 239-243.

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Towards a metric for recognition-based graphical password security

AU - English, Rosanne

AU - Poet, Ron

PY - 2011/10/27

Y1 - 2011/10/27

N2 - Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

AB - Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

KW - recognition-based graphical password (RBGP)

KW - security

KW - guessing attack

KW - capture attack

KW - authentication schemes

UR - http://www.scopus.com/inward/record.url?scp=81055139566&partnerID=8YFLogxK

UR - http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6044613

U2 - 10.1109/ICNSS.2011.6060007

DO - 10.1109/ICNSS.2011.6060007

M3 - Conference contribution book

SN - 9781457704598

SP - 239

EP - 243

BT - 5th International Conference on Network and System Security

A2 - Samarati, Pierangela

A2 - Foresti, Sara

A2 - Hu, Jiankun

A2 - Livraga, Giovanni

PB - IEEE

CY - Piscataway

ER -

English R, Poet R. Towards a metric for recognition-based graphical password security. In Samarati P, Foresti S, Hu J, Livraga G, editors, 5th International Conference on Network and System Security. Piscataway: IEEE. 2011. p. 239-243 https://doi.org/10.1109/ICNSS.2011.6060007