A Hybrid Graphical Password Based System

  • Wazir Zada Khan
  • Yang Xiang
  • Mohammed Y. Aalsalem
  • Quratulain Arshad
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7017)


In this age of electronic connectivity, where we all face viruses, hackers, eavesdropping and electronic fraud, there is indeed no time when security is not critical. Passwords provide security mechanism for authentication and protection services against unwanted access to resources. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, we have proposed a new hybrid graphical password based system, which is a combination of recognition and recall based techniques that offers many advantages over the existing systems and may be more convenient for the user. Our scheme is resistant to shoulder surfing attack and many other attacks on graphical passwords. This resistant scheme is proposed for small mobile devices (like smart phones i.e. ipod, iphone, PDAs etc) which are more handy and convenient to use than traditional desktop computer systems.


Graphical passwords Authentication Network Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    van Oorschot Tao Wan, P.C.: TwoStep: An Authentication Method Combining Text and Graphical Passwords. In: 4th International Conference, MCETECH 2009, Ottawa, Canada (May 4-6, 2009)Google Scholar
  2. 2.
    Authentication, (last visited on May 15, 2011)
  3. 3.
    Sobrado, L., Birget, J.C.: Graphical Passwords, The Rutgers Schloar, An Electronic Bulletin for Undergraduate Research, vol. 4 (2002),
  4. 4.
    Elftmann, P.: Diploma Thesis, Secure Alternatives to Password-Based Authentication Mechanisms, Aachen, Germany (October 2006) Google Scholar
  5. 5.
    Blonder, G.E.: Graphical password. U.S. Patent 5559961, Lucent Technologies, Inc., Murray Hill, NJ (August 1995) Google Scholar
  6. 6.
    Suo, X., Zhu, Y., Owen, G.S.: Graphical Passwords: A Survey. In: Proceedings of Annual Computer Security Applications Conference (2005) Google Scholar
  7. 7.
  8. 8.
    Roman, V.Y.: User authentication via behavior based passwords. In: Systems, Applications and Technology Conference, Farmingdale, NY (2007)Google Scholar
  9. 9.
    Biometric Authentication, (last visited on May 02, 11)
  10. 10.
    Gao, H., Ren, Z., Chang, X., Liu, X., Aickelin, U.: A New Graphical Password Scheme Resistant to Shoulder-Surfing. In: 2010 International Conference on CyberWorlds, Singapore (October 20-22, 2010)Google Scholar
  11. 11.
    Perrig, A., Song, D.: Hash Visualization: A New Technique to improve Real-World Security. In: International Workshop on Cryptographic Techniques and E-Commerce, pp. 131–138 (1999)Google Scholar
  12. 12.
    Davis, D., Monrose, F., Reiter, M.K.: On User Choice in Graphical Password Schemes. In: 13th USENIX Security Symposium (2004)Google Scholar
  13. 13.
    Leung, W.H., Chen, T.: Hierarchical Matching For Retrieval of Hand Drawn Sketches. In: Proceeding of International Conference on Multimedia and Expo (ICME 2003), vol. 2 (2003)Google Scholar
  14. 14.
    Khan, H.Z.U.: Comparative Study Of Authentication Techniques. International Journal of Video & Image Processing and Network Security IJVIPNS 10(04)Google Scholar
  15. 15.
    Token Based Authentication, (last visited on May 02, 2011)
  16. 16.
    Knowledge Based Authentication, (last visited on May 02, 2011)
  17. 17.
    Knowledge based Authentication, (last visited on May 02, 2011)
  18. 18.
    A Survey on Recognition based Graphical User Authentication Algorithms, (last Visited on May 02, 2011)
  19. 19.
    Jain, A., Bolle, R., Pankanti, S. (eds.): Biometrics: personal identification in networked society. Kluwer Academic, Boston (1999)Google Scholar
  20. 20.
    Hurson, A.R., Ploskonka, J., Jiao, Y., Haridas, H.: Security issues and Solutions in Distributed heterogeneous Mobile Database Systems. In: Advances in Computers, vol. 61, pp. 107–198 (2004)Google Scholar
  21. 21.
    Biddle, R., Chiasson, S., van Oorschot, P.C.: Graphical Passwords: Learning from the First Twelve Years, Carleton University - School of Computer Science, Technical Report TR-11-01 (January 4, 2011)Google Scholar
  22. 22.
    Weinshall, D.: Cognitive authentication schemes safe against spyware, (short paper). In: IEEE Symposium on Security and Privacy (May 2006)Google Scholar
  23. 23.
    Hayashi, E., Christin, N., Dhamija, R., Perrig, A.: Use Your Illusion: Secure authentication usable anywhere. In: 4th ACM Symposium on Usable Privacy and Security (SOUPS), Pittsburgh (July 2008)Google Scholar
  24. 24.
    Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: 13th USENIX Security Symposium (2004)Google Scholar
  25. 25.
    Passfaces Corporation. The science behind Passfaces, White paper, (last visited on May 05, 11)
  26. 26.
    De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63(1-2), 128–152 (2005)CrossRefGoogle Scholar
  27. 27.
    Moncur, W., Leplatre, G.: Pictures at the ATM: Exploring the usability of multiple graphical passwords. In: ACM Conference on Human Factors in Computing Systems (CHI) (April 2007)Google Scholar
  28. 28.
    Pering, T., Sundar, M., Light, J., Want, R.: Photographic authentication through untrusted terminals. In: Pervasive Computing, pp. 30–36 (January-March 2003)Google Scholar
  29. 29.
    Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.: Design and evaluation of a shoulder-surfng resistant graphical password scheme. In: International Working Conference on Advanced Visual Interfaces (AVI) (May 2006)Google Scholar
  30. 30.
    Bicakci, K., Atalay, N.B., Yuceel, M., Gurbaslar, H., Erdeniz, B.: Towards usable solutions to graphical password hotspot problem. In: 33rd Annual IEEE International Computer Software and Applications Conference (2009)Google Scholar
  31. 31.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: 8th USENIX Security Symposium (August 1999)Google Scholar
  32. 32.
    Valentine, T.: An Evaluation of the PassfaceTM Personal Authentication System, Technical Report. Goldmsiths College University of London, London (1998) (the first report known in the literature) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Wazir Zada Khan
    • 1
  • Yang Xiang
    • 2
  • Mohammed Y. Aalsalem
    • 1
  • Quratulain Arshad
    • 1
  1. 1.School of Computer ScienceJazan UniversitySaudi Arabia
  2. 2.School of Information TechnologyDeakin UniversityAustralia

Personalised recommendations