Abstract
Objectives: To provide a swift and simple mobile authentication method which are highly secured, easily remembered and prevents shoulder surfing attacks to improve existing mobile authentication methods. Methods: This paper is written using a problem-oriented research in improving the existing mobile authenticator which are vulnerable to shoulder surfing attack. Several qualitative researches are done by analyzing other related work done in the graphical authenticator field which are solving the same problem. A quantitative experiment method is used to test the proposed solution. Findings: Currently, most mobile devices are protected by a six pins numerical passcode authentication layer which is extremely vulnerable to Shoulder Surfing attacks and Spyware attacks. This paper proposes a multi-elemental graphical password authentication model for mobile devices that are resistant to shoulder surfing attacks and spyware attacks. The proposed Coin Passcode model simplifies the complex user interface issues that previous graphical password models have, which work as a swift passcode security mechanism for mobile devices. The Coin Passcode model also has a high memorability rate compared to the existing numerical and alphanumerical passwords, as psychology studies suggest that humans are better at remembering graphics than words. Novelty: Implementing multiple hidden elements in one button passcode which shuffles randomly to prevent shoulder surfing attack in mobile authenticator.
Both A. Abdullah and H. R. Boveiri are identically the corresponding authors.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
N.L. Clarke, S.M. Furnell, Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6(1), 1–14 (2007). Springer, New York
C. Giuffrida, K. Majdanik, M. Conti, H. Bos, I sensed it was you: authenticating mobile users with sensor-enhanced keystroke dynamics, in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, ed. by L. Cavallaro (Springer, New York, 2014 July), pp. 92–111
V.D. Stanciu, R. Spolaor, M. Conti, C. Giuffrida, On the effectiveness of sensor-enhanced keystroke dynamics against statistical attacks, in Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, ed. by C. Busch, A. Brömme (ACM, New York, 2016 March), pp. 105–112
N. Zheng, K. Bai, H. Huang, H. Wang, You are how you touch: user verification on smartphones via tapping behaviors, in 2014 IEEE 22nd International Conference on Network Protocols, ed. by J. Kaur, G. Rouskas (IEEE, New York, 2014 October), pp. 221–232
A. De Luca, A. Hang, F. Brudy, C. Lindner, H. Hussmann, Touch me once and I know it’s you: implicit authentication based on touch screen patterns, in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ed. by J.A. Konstan, E.H. Chi, Kristina Höök (ACM, New York, 2012 May), pp. 987–996
A. De Luca, M. Harbach, E. von Zezschwitz, M.E. Maurer, B.E. Slawik, H. Hussmann, M. Smith, Now you see me, now you don’t: protecting smartphone authentication from shoulder surfers, in Proceedings of the 32nd annual ACM conference on Human factors in computing systems, ed. by M. Jones, P. Palanque (ACM, New York, 2014 April), pp. 2937–2946
J. Mantyjarvi, M. Lindholm, E. Vildjiounaite, S.M. Makela, H.A. Ailisto, Identifying users of portable devices from gait pattern with accelerometers, in Proceedings (ICASSP’05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005, vol. 2, ed. by Petropulu (IEEE, New York, 2005 March), pp. ii–973
M.O. Derawi, C. Nickel, P. Bours, C. Busch, Unobtrusive user authentication on mobile phones using biometric gait recognition, in Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), ed. by D.W. Fellner, X. Niu (IEEE, New York, 2010 October), pp. 306–311
E. Shi, Y. Niu, M. Jakobsson, R. Chow, Implicit authentication through learning user behavior, in International Conference on Information Security, ed. by S.K. Bandyopadhyay, W. Adi (Springer, Berlin, Heidelberg, 2010 October), pp. 99–113
L. De Angeli, G.J. Coventry, K. Renaud, Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum.-Comput. Stud. 63(1–2), 128–152 (2005)
Kirkpatrick, An experimental study of memory. Psychol. Rev. 1, 602–609 (1894)
K. Renaud, E. Smith, Jiminy: helping user to remember their passwords. Technical Report, School of Computing, University of South Africa (2001)
R. Dhamija, A. Perrig, Déjà Vu: a user study using images for authentication, in 9th USENIX Security Symposium (2000)
T. Grinal, T. Aakriti, S. Akshata, R. Malvina, S. Aishwarya, Graphical password authentication using Pass faces. Int. J. Eng. Res. Appl. 5(3), Part 5, 60–64 (2015 March)
H. Gao, X. Liu, R. Dai. Design and analysis of a graphical password scheme, in International Conference on Innovative Computing, Information and Control (ICICIC) (2009), pp. 675–678
A.M. Eilejtlawi, Study and development of a new graphical password system (2008 May)
S. Chiasson, P.C. van Oorschot, R. Biddle, Graphical password authentication using Cued Click Points, in European Symposium on Research in Computer Security (ESORICS), LNCS 4734 (2007 September), pp. 359–374
H. Zhao, X. Li, S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme, in 21st International Conference on Advanced Information Networking and Applications Workshops, vol. 2 (Canada, 2007), pp. 467–472
R.A. Radhi, Z.J. Mohd, ChoCD: usable and secure graphical password authentication scheme. Indian J. Sci. Technol. 10(4) (2017 January). 10.17485
K. Ronald, F. Ivan, A.W. Roscoe, Security and Usability: Analysis and Evaluation (Oxford University Computing Laboratory, 2010)
A. Narayanan, V. Shmatikov, Fast dictionary attacks on passwords using time-space tradeoff, in Proceedings of the 12th ACM Conference on Computer and Communications Security, Series CCS ’05 (ACM, New York, NY, USA, 2005), pp. 364–372
C. Castelluccia, C. Abdelberi, M. Durmuth, D. Perito, When privacy meets security: leveraging personal information for password cracking. CoRR, abs/1304.6584 (2013)
M. Weir, S. Aggarwal, B. de Medeiros, B. Glodek, Password cracking using probabilistic context-free grammars, in Proceedings of the IEEE Symposium on Security and Privacy (2009 May), pp. 391– 405
Z. Li, W. Han, W. Xu, A large-scale empirical analysis of chinese web passwords, in Proceedings of 23rd USENIX Security Symposium, USENIX Security (2014 August)
R. Veras, C. Collins, J. Thorpe, On the semantic patterns of passwords and their security impact, in Proceedings of the Network and Distributed System Security Symposium (NDSS’14) (2014)
J. Ma, W. Yang, M. Luo, N. Li, A study of probabilistic password models, in Proceedings of the IEEE Symposium on Security and Privacy (2014 May), pp. 689–704
B. Ur, S.M. Segreti, L. Bauer, N. Christin, L.F. Cranor, S. Komanduri, D. Kurilova, M.L. Mazurek, W. Melicher, R. Shay, Measuring real-world accuracies and biases in modeling password guessability, in 24th USENIX Security Symposium (USENIX Security 15) (USENIX Association, Washington, D.C., 2015 August 2015), pp. 463–481
M. Dell’Amico, P. Michiardi, Y. Roudier, Password strength: an empirical analysis, in INFOCOM, 2010 Proceedings IEEE (2010 March), pp. 1–9
C. Castelluccia, M. Durmuth, D. Perito, Adaptive password-strength meters from markov models, in Proceedings of the Network and Distributed System Security Symposium (NDSS) (2012)
J. Bonneau, The science of guessing: analyzing an anonymized corpus of 70 million passwords, in Proceedings of the IEEE Symposium on Security and Privacy (2012 May), pp. 538–552
M.L. Mazurek, S. Komanduri, T. Vidas, L. Bauer, N. Christin, L.F. Cranor, P.G. Kelley, R. Shay, B. Ur, Measuring password guessability for an entire university, in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Series CCS ’13 (ACM, New York, NY, USA, 2013), pp. 173–186
X. de Carne de Carnavalet, M. Mannan, From very weak to very strong: analyzing password-strength meters, in Network and Distributed System Security (NDSS) Symposium 2014 (Internet Society, 2014 February)
Passfault, http://www.passfault.com/
D. Florencio, C. Herley, A large-scale study of web password habits, in Proceedings of the 16th International Conference on World Wide Web, Series WWW ’07 (ACM, New York, NY, USA, 2007), pp. 657–666
B. Ur, P.G. Kelley, S. Komanduri, J. Lee, M. Maass, M.L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer et al., How does your password measure up? The effect of strength meters on password creation, in USENIX Security Symposium (2012), pp. 65–80
M. Weir, S. Aggarwal, M. Collins, H. Stern, Testing metrics for password creation policies by attacking large sets of revealed passwords, in Proceedings of the 17th ACM Conference on Computer and Communications Security, Series CCS ’10 (ACM, New York, NY, USA, 2010), pp. 162–175
R. Shay, S. Komanduri, P.G. Kelley, P.G. Leon, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, Encountering stronger password requirements: user attitudes and behaviors, in Proceedings of the Sixth Symposium on Usable Privacy and Security, Series SOUPS ’10 (ACM, New York, NY, USA, 2010), pp. 2:1–2:20
S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, S. Egelman, Of passwords and people: measuring the effect of password-composition policies, in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Series CHI ’11 (ACM, New York, NY, USA, 2011), pp. 2595–2604
R. Shay, P.G. Kelley, S. Komanduri, M.L. Mazurek, B. Ur, T. Vidas, L. Bauer, N. Christin, L.F. Cranor, Correct horse battery staple: exploring the usability of system-assigned passphrases, in Proceedings of the Eighth Symposium on Usable Privacy and Security, Seres SOUPS ’12 (ACM, New York, NY, USA, 2012), pp. 1–20
P. Kelley, S. Komanduri, M. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. Cranor, J. Lopez, Guess again (and again and again): measuring password strength by simulating password cracking algorithms, in 2012 IEEE Symposium on Security and Privacy (SP) (2012 May), pp. 523–537
R. Shay, S. Komanduri, A.L. Durity, P.S. Huh, M.L. Mazurek, S.M. Segreti, B. Ur, L. Bauer, N. Christin, L.F. Cranor, Can long passwords be secure and usable? in Proceedings of the 32Nd Annual ACM Conference on Human Factors in Computing Systems, Seres CHI ’14 (ACM, New York, NY, USA, 2014), pp. 2927–2936
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Fong, T.J., Abdullah, A., Boveiri, H.R. (2019). A Next Generation Hybrid Scheme Mobile Graphical Authenticator. In: Elhoseny, M., Singh, A. (eds) Smart Network Inspired Paradigm and Approaches in IoT Applications. Springer, Singapore. https://doi.org/10.1007/978-981-13-8614-5_14
Download citation
DOI: https://doi.org/10.1007/978-981-13-8614-5_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-8613-8
Online ISBN: 978-981-13-8614-5
eBook Packages: Computer ScienceComputer Science (R0)