Abstract
In last few years, information world has come across one of the most appealing paradigms, namely Internet-of-Things (IoT). Both the industry as well as the academia is fascinated by the open issues and research challenges of Internet-of-Things. The enormity in the development, expansion, and advantages of the paradigm is unbelievable, and this results in the transition of the information world to this paradigm. At the same time, it raises the security concerns along with many other open issues towards the paradigm. This paper specifically focuses on the confidentiality component out of the three components of security triad, namely confidentiality, integrity and availability. Although researchers have high interest towards all the three components, but the questions posed by many researchers, academicians and end users raise major issues over ‘confidentiality’. Confidentiality is all about guaranteeing the authentic access to a piece of information or a service or even a resource, to a particular individual or computing device. The resource in question may be one of the resources of an IoT system. This can be achieved by deploying some authentication techniques. Here we discuss various types of authentication techniques, purposely putting our emphasis on one of the well-known authentication technique, viz. passwords. This work reviews the existing techniques, their drawbacks and claimed advantages of the upcoming password techniques. It also surveys some of the supportive methods for the naïve users of password techniques. This paper aims at classifying, comparing and encapsulating the problems, demanded solutions and suggestions from relevant published technical and review articles in the field of authentication. This paper particularly highlights graphical password schemes. This proposes a naïve graphical password scheme to assure the authentic access of IoT resources, namely TCpC. At the end we have mentioned the advantages of TCpC over other authentication schemes. We have also compared and analyzed the different proposed password schemes with our technique.
Similar content being viewed by others
References
News Search and Analytics. [Online]. http://www.ooyuz.com/geturl?aid=8626407. Accessed 21 April 2017
Wikipedia [online]. https://en.wikipedia.org/wiki/Information_security. Accessed 27 April 2017
Feruza YS, Kim T (2007) IT security review: privacy, protection, access control, assurance and system security. Int J Multimed Ubiquitous Eng 2(2):17–31
Wikipedia [online]. https://en.wikipedia.org/wiki/Confidentiality. Accessed 27 April 2017
Bridges K (2006) Illustrated dictionary of information system management. Lotus Press
TechTarget [online]. http://searchsecurity.techtarget.com/definition/authentication. Accessed 25 March 2017
Patel DR (2008) Information security: theory and practice. PHI Learning Pvt. Ltd., New Delhi
Alsulaiman AF, Saddik AE (2008) Three-dimensional password for more secure authentication. IEEE Trans Instrum Meas 57(9):1929–1938
Waern Y, McDonald S, Cockton G (2000) People and computers XIV—usability or else! In: Proceedings of HCI, Springer, Berlin
Corn TS, Juels A, Triandopoulos N (2015b) Methods and apparatus for knowledge-based authentication using historically-aware questionnaires, Patent publication number:US 9009844 B1, 14 April 2015
Corn TS, Juels A, Triandopoulos A (2015a) Methods and apparatus for fraud detection and remediation in knowledge-based authentication, Patent publication number: US 9021553 B1, 28 Apr 2015
Zimmerman M (2002) Biometrics and user authentication [online]. SANS Institute InfoSec Reading Room, Version 1.2f, SANS Institute. https://www.sans.org/reading-room/whitepapers/authentication/biometrics-user-authentication-122
Brostoff S, Sasse MA(2000) Are passfaces more usable than passwords? A field trial investigation. Department of computer science, University College London, London, WC1E 6BT
Zhu J, Hu H, Hu S, Wu P, Zhang JY (2013) Mobile behaviometrics: models and applications. In: IEEE/CIC International Conf. on Communications in China (ICCC), pp 117–123
Spafford EH, Stephen AW (1996) User authentication and related topics: An annotated bibliography [online]. Technical Report 91–086, Purdue University, Department of Computer Sciences. http://docs.lib.purdue.edu/cstech/924/
Kessler GC (1996) Passwords—strengths and weaknesses [Online]. http://www.garykessler.net/library/password.html
https://en.wikipedia.org/wiki/Alphanumeric. Accessed 7 April 2017
Sobrado L, Birget JC (2002) Graphical passwords, vol 4, The Rutgers Scholar, Department of Computer Science, Rutgers University
Klein DV (1990) Foiling the cracker: a survey of, and improvement to passwords security. In: USENIX Security Workshop, pp 5–14
Spafford EH (1992) Opus: preventing weak password choices. Comput Secur 11(3):273–278
Blonder G (1996) “Graphical password”. U.S. Patent, 5 559 961
Jermyn I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: proceedings of 8th USENIX Security Symposium
Man S, Hong D, Mathews M (2003) A shoulder-surfing resistant graphical password scheme.In: Proceedings of International conference on security and management, Las Vegas, NV
Zhao H, Li X (2007) S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. Adv Inf Netw Appl Workshops 2:21–23
Chiasson S, Stobert E, Forget A, Biddle R, Oorscho PCV (2012) Persuasive cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans Dependable Secure Comput 9(2):222–235
Sun HM, Chen YH, Lin YH (2012) oPass: a user authentication protocol resistant to password stealing and password reuse attacks. IEEE Trans Inf Forensics Secur 7(2):651–663
Zhu BB, Yan J, Bao G, Yang M, Xu N (2014) Captcha as graphical passwords: a new security primitive based on hard AI problems. IEEE Trans Inf Forensics Secur 9(6):891–904
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Matta, P., Pant, B. TCpC: a graphical password scheme ensuring authentication for IoT resources. Int. j. inf. tecnol. 12, 699–709 (2020). https://doi.org/10.1007/s41870-018-0142-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-018-0142-z