A Review on Shoulder Surfing Attack in Authentication Technique using Cued Click Point (CCP)

Security important now a days. Users of primary preference to security. Authentication process provide security to the user. Authentication process of identifying the person’s identity or conforming the identity of person. There are various authentication method, but most commonly used method is textual password. Combination of alphabet and number create a secure password. But some drawbacks i.e. it easily guess by also called attacker. If it make complex then it hard to memorize. Also various attacks brute force attack, dictionary attack, social engineering attack, evesdropping, etc. of textual password graphical password system introduced. Graphical system is easy to memorize but it undergo shoulder surfing attack which big problem. any entity or person can observe users password directly or by using any device. So as an alternative Graphical Passwords are introduced to resist the Shoulder surfing attack. the above mentioned attacks the new scheme highlights cued click point (CCP), Using graphical password as input and grid lines for image point verification. This paper survey shoulder surfing attacks in graphical password approach.

Download Full-text

Research and Development of User Authentication using Graphical Passwords: A Prospective Methodology

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i3071.0789s319 ◽

2019 ◽

Vol 8 (9S3) ◽

pp. 385-390

Keyword(s):

User Authentication ◽

Brute Force ◽

Computer User ◽

Dictionary Attack ◽

Password Authentication ◽

Graphical Password ◽

Graphical Passwords ◽

A New Technique ◽

Guessing Attack ◽

Brute Force Attack

Nowadays in information security user authentication is a very important task. In most of the computer, user authentication depends on the alphanumeric username and password. It means text-based password. But, this is not highly secure because of hackers can easily break the password. Brute force attack, dictionary attack, guessing attack etc. these all are some possible attacks on the password. If the user chooses a difficult password to prevent the system from the attackers which is very much harder for the user to remember such a difficult password. So, to resolve this problem introduced a new technique called graphical password authentication. This paper presents a detailed survey of user authentication techniques using a graphical password. It contains basically two type approaches. They are recognition-based and recall-based approaches. This survey discusses the different techniques about Graphical password authentication and their advantages and limitations. The survey provides a roadmap for the development of new graphical authentication scheme.

Download Full-text

Attacks on Graphical Password: A Study on Defense Mechanisms and Limitations

International Journal of Information Technology and Applied Sciences (IJITAS) ◽

10.52502/ijitas.v3i4.201 ◽

2021 ◽

Vol 3 (4) ◽

pp. 180-183

Author(s):

Indrani Roy ◽

Ajmerry Hossain ◽

SARKER TANVEER AHMED RUMEE

Keyword(s):

Defense Mechanisms ◽

State Of The Art ◽

User Authentication ◽

Social Engineering ◽

Brute Force ◽

Graphical Password ◽

Shoulder Surfing ◽

User Friendly

User authentication is mostly reliant on password-based based verification. Users generally used text-based passwords, which are user-friendly but often predictable and vulnerable to some common attacks. To overcome these shortcomings, graphical authentication methods have emerged. Here, users choose a sequence of images as passwords. Though such methods help users to better remember their passwords, they too suffer from attacks seen in the case of textual passwords. This paper presents a comprehensive summary of the vulnerabilities state of the art graphical password schemes against the following well-known attacks - Dictionary, Guessing, Brute force, Shoulder surfing, Spyware, and Social engineering. We believe the findings of this study can help researchers design more secure graphical password schemes making them more usable and a realistic replacement for text-based passwords.

Download Full-text

Shoulder-Surfing Resistant Smartphone Authentication Scheme Using Virtual Joystick

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.284-287.3497 ◽

2013 ◽

Vol 284-287 ◽

pp. 3497-3501 ◽

Cited By ~ 1

Author(s):

Si Wan Kim ◽

Hyun Yi Yi ◽

Gun Il Ma ◽

Jeong Hyun Yi

Keyword(s):

Mobile Device ◽

User Authentication ◽

Authentication Scheme ◽

Brute Force ◽

Password Authentication ◽

Graphical Password ◽

Shoulder Surfing ◽

Authentication Schemes ◽

Brute Force Attack

User authentication techniques such as the setting of passwords are gradually gaining importance as a means of managing important information stored in smartphones. Existing text–based password authentication schemes have the advantages of being quick and easy to use. However, they are problematic in that passwords are easily exposed to shoulder-surfing attack. In addition, a graphical password authentication scheme has the limitation of being difficult to apply to mobile device environments, in which a lot of information must be remembered and small-sized screens are provided. Therefore, in this paper, we propose a new hybrid password authentication scheme using a pocket billiard and a virtual joystick, which is secure against shoulder-surfing, brute force attack, and smudge attack and has excellent usability.

Download Full-text

Multi-level Scalable Textual-Graphical Password Authentication Scheme for Web based Applications

REV Journal on Electronics and Communications ◽

10.21553/rev-jec.64 ◽

2014 ◽

Vol 3 (3-4) ◽

Cited By ~ 1

Author(s):

Umedha Behl ◽

Divya Bhat ◽

Neha Ubhaykar ◽

Vaibhav Godbole ◽

Saurabh Kulkarni

Keyword(s):

Level Scheme ◽

User Authentication ◽

Authentication Scheme ◽

Password Authentication ◽

Web Based ◽

Graphical Password ◽

Security Authentication ◽

Shoulder Surfing ◽

Multi Level ◽

Better Than

Nowadays, user authentication is one of the important topics in information security. Authentication is necessary in multi-user systems. User name and password are used to authenticate a user. Text-based strong password scheme can provide security to a certain degree. Users tend to pick short passwords or passwords that are easy to remember, which makes the passwords vulnerable for attackers to break. Furthermore, textual password is vulnerable to shoulder-surfing, hidden camera and spy-ware attacks. Graphical authentication has been proposed as a possible alternative solution to text-based authentication, motivated particularly by the fact that humans can remember images better than text. However, they are mostly vulnerable to shoulder surfing. In this paper, we propose a Multi-level Scalable Textual-Graphical Password Authentication Scheme for web based applications. This scheme integrates both graphical and textual password schemes, and provides multi-level authentication scheme as compared to previously proposed single level scheme. In this scheme multi-level authentication is obtained by making use of SMS service, hence provides more secure service. This scheme shows significant potential bridging the gap between conventional textual password and graphical password. Further enhancements of this scheme are proposed and briefly discussed.

Download Full-text

A Pattern-Based Multi-Factor Authentication System

Scalable Computing Practice and Experience ◽

10.12694/scpe.v20i1.1460 ◽

2019 ◽

Vol 20 (1) ◽

pp. 101-112 ◽

Cited By ~ 1

Author(s):

Pankhuri . ◽

Akash Sinha ◽

Gulshan Shrivastava ◽

Prabhat Kumar

Keyword(s):

Artificial Intelligence ◽

User Authentication ◽

Authentication Scheme ◽

Brute Force ◽

Security Attacks ◽

Graphical Password ◽

Efficient Strategy ◽

Shoulder Surfing ◽

Different Types ◽

Authentication System

User authentication is an indispensable part of a secure system. The traditional authentication methods have been proved to be vulnerable to different types of security attacks. Artificial intelligence is being applied to crack textual passwords and even CAPTCHAs are being dismantled within few attempts. The use of graphical password as an alternate to the textual passwords for user authentication can be an efficient strategy. However, they have been proved to be susceptible to shoulder surfing like attacks. Advanced authentication systems such as biometrics are secure but require additional infrastructure for efficient implementation. This paper proposes a novel pattern-based multi-factor authentication scheme that uses a combination of text and images resulting for identifying the legitimate users. The proposed system has been mathematically analyzed and has been found to provide much larger password space as compared to simple text based passwords. This renders the proposed system secure against brute force and other dictionary based attacks. Moreover, the use of text along with the images also mitigates the risk of shoulder surfing.

Download Full-text

Polynomial-Based Google Map Graphical Password System against Shoulder-Surfing Attacks in Cloud Environment

Complexity ◽

10.1155/2019/2875676 ◽

2019 ◽

Vol 2019 ◽

pp. 1-8 ◽

Cited By ~ 4

Author(s):

Zhili Zhou ◽

Ching-Nung Yang ◽

Yimin Yang ◽

Xingming Sun

Keyword(s):

Human Brain ◽

Identity Authentication ◽

Long Term Memory ◽

Cloud Environment ◽

Term Memory ◽

Specific Location ◽

Graphical Password ◽

Graphical Passwords ◽

Shoulder Surfing

Text password systems are commonly used for identity authentication to access different kinds of data resources or services in cloud environment. However, in the text password systems, the main issue is that it is very hard for users to remember long random alphanumeric strings due to the long-term memory limitation of the human brain. To address this issue, graphical passwords are accordingly proposed based on the fact that humans have better memory for images than alphanumeric strings. Recently, a Google map graphical password (GMGP) system is proposed, in which a specific location of Google Map is preset as a password for authentication. Unfortunately, the use of graphical passwords increases the risk of exposing passwords under shoulder-surfing attacks. A snooper can easily look over someone’s shoulder to get the information of a location on map than a text password from a distance, and thus the shoulder-surfing attacks are more serious for graphical passwords than for text passwords. To overcome this issue, we design a polynomial-based Google map graphical password (P-GMGP) system. The proposed P-GMGP system can not only resist the shoulder-surfing attacks effectively, but also need much fewer challenge-response rounds than the GMGP system for authentication. Moreover, the P-GMGP system is extended to allow a user to be authenticated in cloud environment effectively and efficiently.

Download Full-text

A study on usability and security features of the Android pattern lock screen

Information and Computer Security ◽

10.1108/ics-01-2015-0001 ◽

2016 ◽

Vol 24 (1) ◽

pp. 53-72 ◽

Cited By ~ 6

Author(s):

Panagiotis Andriotis ◽

George Oikonomou ◽

Alexios Mylonas ◽

Theo Tryfonas

Keyword(s):

Mobile Device ◽

User Authentication ◽

Hard Copy ◽

Security Assessment ◽

Android Application ◽

Content Type ◽

Graphical Passwords ◽

Shoulder Surfing ◽

Survey Results ◽

Future Work

Purpose – The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern. Design/methodology/approach – The authors conducted a survey to study the users’ understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surveys). Findings – The findings verify and enrich previous knowledge for graphical passwords, namely, that users mostly prefer usability than security. Using the survey results, the authors demonstrate how biased input impairs security by shrinking the available password space. Research limitations/implications – The sample’s demographics may affect our findings. Therefore, future work can focus on the replication of our work in a sample with different demographics. Originality/value – The authors define metrics that measure the usability of a pattern (handedness, directionality and symmetry) and investigate their impact to its formation. The authors propose a security assessment scheme using features in a pattern (e.g. the existence of knight moves or overlapping nodes) to evaluate its security strengths.

Download Full-text

Evaluation of Recognition-Based Graphical Password Schemes in Terms of Usability and Security Attributes

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v6i6.11227 ◽

2016 ◽

Vol 6 (6) ◽

pp. 2939

Author(s):

Touraj Khodadadi ◽

A.K.M. Muzahidul Islam ◽

Sabariah Baharun ◽

Shozo Komaki

Keyword(s):

User Authentication ◽

User Studies ◽

Research Review ◽

Critical Component ◽

Success Rates ◽

Graphical Password ◽

Graphical Passwords ◽

Single Method ◽

The Common ◽

Comparison Table

<p>User Authentication is a critical component in information security. Several widely used mechanisms for security to protect services from illegal access include alphanumerical usernames passwords. However, there are several drawbacks attached in this method. For instance, the users themselves usually those passwords that are easy to guess. As difficult passwords are difficult to recall. A new alternative is the graphic-based password and there has been a growing trend in the use of such a password. The human psychology study reveals that humans find it easier to remember pictures as opposed to words. There are two main aspects to the graphical password scheme, namely security and usability. This study comprises of a comprehensive research in the current Recognition-Based graphical password schemes. The common usability attributes and possible attacks on the Recognition-Based graphical password are reviewed, identified and examined in detail. There are several previous surveys on the graphical passwords. The latest research review and summarize graphical password systems concisely and at the same time, analyze usability features for every design. However it was found that there is not a single method that has the most resounding usability attributes. Therefore, this research suggests a set of usability attributes that can be applied into a single Recognition-Based graphical password system. In addition, this study examines and compares success rates on login, login time and memorability of existing systems which are the usability measures most often reported in user studies of graphical passwords. Lastly, a comparison table is revealed to put forth the limitations and strengths of each approach in terms of security and usability.</p>

Download Full-text