Abstract
This chapter describes various complementary approaches of passwords, namely, Honeywords, Cracking-Resistant Password Vaults using Natural Encoders, Bloom Filter, and non-textual and graphical passwords to protect user identities against any type of credential breaches. At the end, a comparison of various non-textual passwords is provided by highlighting their strength and weaknesses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rivest RL (1990) The MD4 message digest algorithm. In: Proceeding proceedings of the 10th annual international cryptology conference on advances in cryptology (CRYPTO’90), 11–15 Aug 1990, pp 303–311
Stevens M (2013) New collision attacks on SHA-1 based on optimal joint local-collision analysis. A chapter in advances in cryptology (EUROCRYPTO), Volume 7881 of the series lecture notes in computer science, pp 245–261
Google security blog (2017) Announcing the first SHA-1 collision, 23 Feb 2017. https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Juels A, Rivest RL (2013) Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, pp 145–160, ACM, 2013
Bojinov H, Bursztein E, Boyen X, Boneh D (2010) Kamouflage: loss-resistant password management. In: European symposium on research in computer security, 2010, pp 286–302
Yuill J, Zappe M, Denning D, Feer F (2004) Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the fifth annual IEEE SMC information assurance workshop, June 2004
Rao S (2006) Data and system security with failwords. U.S. Patent Application US2006/0161786A1, U.S.PatentOffice. http://www.google.com/patents/US20060161786. 20 July 2006
Chatterjee R, Bonneau J, Juels A, Ristenpart T (2015) Cracking-resistant password vaults using natural language encoders. In: IEEE symposium on security and privacy, IEEE, 2015, pp 481–498
Bonneau J, Herley C, Van Oorschot PC, Stajano F (2012) The quest to replace passwords: a framework for comparative evaluation of web authentication schemes, In: IEEE symposium on security and privacy, May 2012
Whitney L (2011) LastPass CEO reveals details on security breach, CNet, May 2011
Li Z, He W, Akhawe D, Song D (2014) The emperor’s new password manager: security analysis of web-based password managers. In: 23rd USENIX security symposium (USENIX security), 2014
Bonneau J (2012) The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE symposium on security and privacy, 2012, pp 538–552
Hoover D, Kausik B (1999) Software smart cards via cryptographic camouflage, In: IEEE symposium on security and privacy, IEEE 1999, pp 208–215
Juels A, Ristenpart T (2014) Honey Encryption: beyond the brute-force barrier. In: Advances in Cryptology—EUROCRYPT, Springer, pp 523–540
Kelley P, Komanduri S, Mazurek M, Shay R, Vidas T, Bauer L, Christin N, Cranor L, Lopez J (2012) Guess again (and again and again): measuring password strength by simulating password-cracking algorithms, In: IEEE symposium on security and privacy (SP), 2012, pp 523–537
Ma J, Yang W, Luo M, Li N (2014) A study of probabilistic password models, In: Proceedings of the 2014 IEEE symposium on security and privacy, IEEE computer society, 2014, pp 689–704
Castelluccia C, Durmuth M, Perito D (2012) Adaptive password-strength meters from markov models. In: NDSS 2012
Devillers MM (2010) Analyzing password strength. Radboud University Nijmegen, Tech. Rep, 2010
Weir M, Aggarwal S, De Medeiros B, Glodek B (2009) Password cracking using probabilistic context-free grammars. In: IEEE symposium on security and privacy (SP), 2009, pp 162–175
Bloom B (1970) Space/time tradeoffs in hash coding with allowable errors. Commun ACM 13(7):422–426
Spafford Eugene H (1992) Opus: preventing weak password choices. Comput Secur 11(3):273–278
Mullin JK (1983) A second look at bloom filters. Commun ACM 26(8):570–571
Deng F, Rafiei D (2006) Approximately detecting duplicates for streaming data using stable bloom filters. In: ACM SIGMOD international conference on management of data (SIGMOD ‘06), New York, NY, USA: ACM, 2006, pp 25–36
Agarwal S, Trachtenberg A (2006) Approximating the number of differences between remote sets. In: Information theory workshop, Punta del Este, Uruguay, 2006, pp 217–221
Bonomi F, Mitzenmacher M, Panigrahy R, Singh S, Varghese G (2006) An improved construction for counting bloom filters. In: Azar Y, Erlebach T (eds) A book chapter in Algorithms ESA 2006 Springer Berlin Heidelberg, 2006, pp 684–695
Biddle R, Chiasson S, Van Oorschot PC (2012) Graphical passwords: learning from the first twelve years. ACM Comput Surv (CSUR) 44(4), 2012
Jermyn I, Mayer AJ, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: Usenix Security, 1999, pp 1–14
Werner S, Hauck C, Masingale M (2016) Password entry times for recognition-based graphical passwords. In: Proceedings of the human factors and ergonomics society annual meeting, 60(1), 2016
Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: 21st annual computer security applications conference, IEEE, 2005, pp 10–pp
Sreelatha M, Shashi M, Anirudh M, Ahamer MS, Kumar VM (2011) Authentication schemes for session passwords using color and images. Int J Netw Secur Appl 3(3):111–119
Towhidi F, Masrom M (2009) A survey on recognition based graphical user authentication algorithms, arXiv preprint arXiv: 0912. 0942 (2009)
Dunphy P, Heiner AP, Asokan N (2010) A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the sixth symposium on usable privacy and security, ACM, 2010, pp 3
Lin PL, Weng LT, Huang PW (2008) Graphical passwords using images with random tracks of geometric shapes. 2008 Congr Images Sig Process, 2008
Dhamija R, Perrig A (2000) Deja Vu: a user study using images for authentication, In: Proceedings of 9th USENIX security symposium, 2000
Perrig A, Song D (1999) Hash visualization: a new technique to improve real-world security. In: International workshop on cryptographic techniques and E-commerce, 1999, pp 131–138
Akula S, Devisetty V (2004) Image based registration and authentication system. In: Proceedings of midwest instruction and computing symposium, 2004
Sobrado L Birget JC (2002) Graphical passwords, The rutgers scholar, An electronic bulletin for undergraduate research, 4, 2002
Man S, Hong D, Mathews M (2003) A shoulder-surfing resistant graphical password scheme. In: Proceedings of international conference on security and management, Las Vegas, NV, 2003
Valentine T (1998) An evaluation of the passface personal authentication system, technical report. Goldsmiths College, University of London 1998
Valentine T (1999) Memory for passfaces after a long delay, technical report. Goldsmiths College, University of London 1999
Davis D, Monrose F, Reiter MK (2004) On user choice in graphical password schemes. In: Proceedings of the 13th usenix security symposium. San Diego, CA, 2004
Jansen W (2004) Authenticating mobile device users through image selection, in data security, 2004
Jansen W, Gavrila S, Korolev V, Ayers R, Swanstrom R (2003) Picture password: a visual login technique for mobile devices, National Institute of Standards and Technology Interagency Report NISTIR 7030, 2003
Jansen WA (2003) Authenticating users on handheld devices. In: Proceedings of Canadian information technology security symposium, 2003
Takada T, Koike H, Awase-E: Image-based authentication for mobile phones using user’s favorite images. In: Human-computer interaction with mobile devices and services, Springer-Verlag GmbH, 2003, 2795:347–351
Jermynv I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: Proceedings of the 8th USENIX security symposium, 1999
Thorpe J, van Oorschot PC (2004) Graphical dictionaries and the memorable space of graphical passwords. In: Proceedings of the 13th USENIX security symposium. San Deigo, USA: USENIX, 2004
Thorpe J, van Oorschot PC (2004) Towards secure design choices for implementing graphical passwords. In: Proceedings of the 20th annual computer security applications conference. Tucson, Arizona, 2004
Goldberg J, Hagman J, Sazawal V (2002) Doodling our way to better authentication. In: Presented at proceedings of human factors in computing systems (CHI), Minneapolis, Minnesota, USA, 2002
Nali D, Thorpe J (2004) Analyzing user choice in graphical passwords, technical report. School of Information Technology and Engineering, University of Ottawa, Canada May 27 2004
Syukri AF, Okamoto E, Mambo M (1998) A user identification system using signature written with mouse. In: Third Australasian conference on information security and privacy (ACISP): Springer-Verlag Lecture Notes in Computer Science (1438), 1998, pp 403–441
Blonder GE (1996) Graphical passwords, in Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States, 1996
PassLogix. http://www.oracle.com/us/corporate/Acquisitions/passlogix/passlogix-general-presentation-189464.pdf Date Accessed: September 01, 2016
Paulson LD (2002) Taking a graphical approach to the password. Computer 35:19
Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) Authentication using graphical passwords: basic results, In: Human-Computer Interaction International. Las Vegas, NV
Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) Authentication using graphical passwords: effects of tolerance and image choice. In: Proceedings of the 2005 symposium on usable privacy and security, ACM, 2005, pp 1–12
Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) PassPoints: design and longitudinal evaluation of a graphical password system. Int J Hum Comput Stud 63(1):102–127
Birget JC, Hong D, Memon N. (2003) Robust discretization, with an application to graphical passwords, Cryptology ePrint archive 2003
Hong D, Man S, Hawes B, Mathews M, A password scheme strongly resistant to spyware. In: Proceedings of international conference on security and management. Las Vergas, NV, 2004
Passfaces: two factor authentication for the enterprise. Available at “www.realuser.com,” last accessed in March 2017
Author information
Authors and Affiliations
Corresponding author
Review Questions
Review Questions
-
1.
Explain the concept of the «Honeyword» approach.
-
2.
Describe an algorithm for «Honeyword» generation.
-
3.
Illustrate Honey checker systems with diagram.
-
4.
Explain the n-gram model related to non-password system (Resistant Password Vaults using Natural Language Encoders).
-
5.
What is Bloom Filter? Explain its working principles.
-
6.
Give a qualitative comparison of NAS, Honeywords, and Bloom Filter.
-
7.
Describe different graphical password-based approaches.
-
8.
Mention some possible attacks on graphical passwords.
-
9.
Make a comparative table of graphical passwords in terms of usability and security issues.
-
10.
Provide a qualitative comparison among different non-password-based authentication methods.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Dasgupta, D., Roy, A., Nag, A. (2017). Pseudo-Passwords and Non-textual Approaches. In: Advances in User Authentication. Infosys Science Foundation Series(). Springer, Cham. https://doi.org/10.1007/978-3-319-58808-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-58808-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58806-3
Online ISBN: 978-3-319-58808-7
eBook Packages: Computer ScienceComputer Science (R0)