Skip to main content
SpringerLink
Log in

TCpC: a graphical password scheme ensuring authentication for IoT resources

  • Original Research
  • Published:
International Journal of Information Technology Aims and scope Submit manuscript

Abstract

In last few years, information world has come across one of the most appealing paradigms, namely Internet-of-Things (IoT). Both the industry as well as the academia is fascinated by the open issues and research challenges of Internet-of-Things. The enormity in the development, expansion, and advantages of the paradigm is unbelievable, and this results in the transition of the information world to this paradigm. At the same time, it raises the security concerns along with many other open issues towards the paradigm. This paper specifically focuses on the confidentiality component out of the three components of security triad, namely confidentiality, integrity and availability. Although researchers have high interest towards all the three components, but the questions posed by many researchers, academicians and end users raise major issues over ‘confidentiality’. Confidentiality is all about guaranteeing the authentic access to a piece of information or a service or even a resource, to a particular individual or computing device. The resource in question may be one of the resources of an IoT system. This can be achieved by deploying some authentication techniques. Here we discuss various types of authentication techniques, purposely putting our emphasis on one of the well-known authentication technique, viz. passwords. This work reviews the existing techniques, their drawbacks and claimed advantages of the upcoming password techniques. It also surveys some of the supportive methods for the naïve users of password techniques. This paper aims at classifying, comparing and encapsulating the problems, demanded solutions and suggestions from relevant published technical and review articles in the field of authentication. This paper particularly highlights graphical password schemes. This proposes a naïve graphical password scheme to assure the authentic access of IoT resources, namely TCpC. At the end we have mentioned the advantages of TCpC over other authentication schemes. We have also compared and analyzed the different proposed password schemes with our technique.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. News Search and Analytics. [Online]. http://www.ooyuz.com/geturl?aid=8626407. Accessed 21 April 2017

  2. Wikipedia [online]. https://en.wikipedia.org/wiki/Information_security. Accessed 27 April 2017

  3. Feruza YS, Kim T (2007) IT security review: privacy, protection, access control, assurance and system security. Int J Multimed Ubiquitous Eng 2(2):17–31

    Google Scholar 

  4. Wikipedia [online]. https://en.wikipedia.org/wiki/Confidentiality. Accessed 27 April 2017

  5. Bridges K (2006) Illustrated dictionary of information system management. Lotus Press

  6. TechTarget [online]. http://searchsecurity.techtarget.com/definition/authentication. Accessed 25 March 2017

  7. Patel DR (2008) Information security: theory and practice. PHI Learning Pvt. Ltd., New Delhi

    Google Scholar 

  8. Alsulaiman AF, Saddik AE (2008) Three-dimensional password for more secure authentication. IEEE Trans Instrum Meas 57(9):1929–1938

    Article  Google Scholar 

  9. Waern Y, McDonald S, Cockton G (2000) People and computers XIV—usability or else! In: Proceedings of HCI, Springer, Berlin

  10. Corn TS, Juels A, Triandopoulos N (2015b) Methods and apparatus for knowledge-based authentication using historically-aware questionnaires, Patent publication number:US 9009844 B1, 14 April 2015

  11. Corn TS, Juels A, Triandopoulos A (2015a) Methods and apparatus for fraud detection and remediation in knowledge-based authentication, Patent publication number: US 9021553 B1, 28 Apr 2015

  12. Zimmerman M (2002) Biometrics and user authentication [online]. SANS Institute InfoSec Reading Room, Version 1.2f, SANS Institute. https://www.sans.org/reading-room/whitepapers/authentication/biometrics-user-authentication-122

  13. Brostoff S, Sasse MA(2000) Are passfaces more usable than passwords? A field trial investigation. Department of computer science, University College London, London, WC1E 6BT

  14. Zhu J, Hu H, Hu S, Wu P, Zhang JY (2013) Mobile behaviometrics: models and applications. In: IEEE/CIC International Conf. on Communications in China (ICCC), pp 117–123

  15. Spafford EH, Stephen AW (1996) User authentication and related topics: An annotated bibliography [online]. Technical Report 91–086, Purdue University, Department of Computer Sciences. http://docs.lib.purdue.edu/cstech/924/

  16. Kessler GC (1996) Passwords—strengths and weaknesses [Online]. http://www.garykessler.net/library/password.html

  17. https://en.wikipedia.org/wiki/Alphanumeric. Accessed 7 April 2017

  18. Sobrado L, Birget JC (2002) Graphical passwords, vol 4, The Rutgers Scholar, Department of Computer Science, Rutgers University

  19. Klein DV (1990) Foiling the cracker: a survey of, and improvement to passwords security. In: USENIX Security Workshop, pp 5–14

  20. Spafford EH (1992) Opus: preventing weak password choices. Comput Secur 11(3):273–278

    Article  Google Scholar 

  21. Blonder G (1996) “Graphical password”. U.S. Patent, 5 559 961

  22. Jermyn I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: proceedings of 8th USENIX Security Symposium

  23. Man S, Hong D, Mathews M (2003) A shoulder-surfing resistant graphical password scheme.In: Proceedings of International conference on security and management, Las Vegas, NV

  24. Zhao H, Li X (2007) S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. Adv Inf Netw Appl Workshops 2:21–23

    Google Scholar 

  25. Chiasson S, Stobert E, Forget A, Biddle R, Oorscho PCV (2012) Persuasive cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans Dependable Secure Comput 9(2):222–235

    Article  Google Scholar 

  26. Sun HM, Chen YH, Lin YH (2012) oPass: a user authentication protocol resistant to password stealing and password reuse attacks. IEEE Trans Inf Forensics Secur 7(2):651–663

    Article  Google Scholar 

  27. Zhu BB, Yan J, Bao G, Yang M, Xu N (2014) Captcha as graphical passwords: a new security primitive based on hard AI problems. IEEE Trans Inf Forensics Secur 9(6):891–904

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Graphic Era University, 566/6, Bell Road, Clement Town, Dehradun, India

    Priya Matta & Bhasker Pant

Authors
  1. Priya Matta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bhasker Pant
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Priya Matta.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Matta, P., Pant, B. TCpC: a graphical password scheme ensuring authentication for IoT resources. Int. j. inf. tecnol. 12, 699–709 (2020). https://doi.org/10.1007/s41870-018-0142-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-018-0142-z

Keywords

Search

Navigation