Security Analysis of the Graphical Password-Based Authentication Systems with Different Attack Proofs

Authors

  • Priti C. Golar Research scholar Department of Computer Science & Engineering Amity University Raipur, (Chhattisgarh), India
  • Rika Sharma Associate Professor Department of Computer Science & Engineering Amity University Raipur, (Chhattisgarh), India

Keywords:

Security, authentication, graphical password, recognition based graphical password, recall based graphical password, attack proof, shoulder surfing, zero knowledge proof

Abstract

Graphical password authentication is an effective alternative to the textual based password as the text based passwords are difficult to be remembered. One of the disadvantage is that there are several attacks existing in these schemes that disrupts the integrity of the websites. In this paper, a detailed security analysis for various kinds of attacks existing in a graphical password authentication system is presented. Initially, the scenario of graphical authentication system along with its types are narrated. Then, the major security threats encountered in the graphical password authentication systems till date are explored. Based on the security threats arising in the authentication systems, the zero knowledge attack proof is formulated and the analysis is explained. More importance is given to the shoulder surfing attack and the proof is explained with the help of an application scenario. The introduced application scenario includes a 3D graphical password authentication system for website login. The scenario is proved to be shoulder surfing resistance using the zero knowledge proof protocol. With the analysis, it is proved that the graphical passwords are highly significant in maintaining the integrity of the websites.

Downloads

Download data is not yet available.

References

Faraji, Sepideh, and Kooroush Manochehri. "Attack Resistant Graphical Password Authentication Method Against Shoulder Surfing, Smudge and Brute Force Attacks." Smudge and Brute Force Attacks.

Ho, Yean Li, Siong Hoe Lau, and Afizan Azman. "Comparison Between BlindLogin and Other Graphical Password Authentication Systems." In International Conference on Advances in Cyber Security, pp. 235-246. Springer, Singapore, 2019.

Kovalan, Krishnapriyaa, Siti Zobidah Omar, Lian Tang, Jusang Bolong, Rusli Abdullah, Akmar Hayati Ahmad Ghazali, and Muhammad Adnan Pitchan. "A Systematic Literature Review of the Types of Authentication Safety Practices among Internet Users." International Journal of Advanced Computer Science and Applications 12, no. 7 (2021).

Kamegne, Yvonne, Eric Owusu, and Joyram Chakraborty. "Bridging the Gap Between Usability and Security: Cultural Adaptation of a Graphical User Authentication." In International Conference on Human-Computer Interaction, pp. 260-269. Springer, Cham, 2022.

Edward, Audu Lovingkindness, Hassan Umar Suru, and Jasmyne Okudo. "Position-Based Multi-Layer Graphical User Authentication System." American Journal of Software Engineering and Applications 11, no. 1 (2022): 1-11.

Khodadadi, Touraj, Yashar Javadianasl, Faranak Rabiei, Mojtaba Alizadeh, Mazdak Zamani, and Saman ShojaeChaeikar. "A Novel Graphical Password Authentication Scheme with Improved Usability." In 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pp. 01-04. IEEE, 2021.

Shah, Abhishek Narayan, Dipti Anand, Sabyasachi Samanta, and Dipankar Dey. "Graphical Password Authentication System Using Modified Intuitive Approach." Int. J. HIT. TRANSC: ECCN. Vol 7, no. 2A (2021): 64-71.

Yadav, Bipin, Kaptan Singh, and Amit Saxena. "Video Based Graphical Password Authentication System." In International Conference on Network Security and Blockchain Technology, pp. 78-90. Springer, Singapore, 2022.

Sreelekshmi, K. U., Soja Sam, T. T. Samjeevan, and Sneha Mathew. "Web based Graphical Password Authentication System."

Arun Kumar, S., R. Ramya, R. Rashika, and R. Renu. "A survey on graphical authentication system resisting shoulder surfing attack." In Advances in Artificial Intelligence and Data Engineering, pp. 761-770. Springer, Singapore, 2021.

Isah Atsu, Sani Suleman, John Kolo Alhassan, and Abdulmalik Danlami Mohammed. "A SURVEY ON GRAPHICAL BASED AUTHENTICATION MODEL FOR SECURE ELECTRONIC PAYMENT." International Conference on Emerging Applications and Technologies for Industry 4.0| EATI 2020, 2020.

Patel, Shikhar Singh, Akarsh Jaiswal, Yash Arora, and Bharti Sharma. "Survey on Graphical Password Authentication System." Data Intelligence and Cognitive Informatics (2021): 699-708.

Ho, Yean Li, Siong Hoe Lau, and Afizan Azman. "Comparison Between BlindLogin and Other Graphical Password Authentication Systems." In International Conference on Advances in Cyber Security, pp. 235-246. Springer, Singapore, 2019.

Juneja, Kapil. "An XML transformed method to improve effectiveness of graphical password authentication." Journal of King Saud University-Computer and Information Sciences 32, no. 1 (2020): 11-23.

Parish, Zach, Amirali Salehi-Abari, and Julie Thorpe. "A study on priming methods for graphical passwords." Journal of Information Security and Applications 62 (2021): 102913.

Yang, Gi-Chul. "Development status and prospects of graphical password authentication system in Korea." KSII Transactions on Internet and Information Systems (TIIS) 13, no. 11 (2019): 5755-5772.

Abdalkareem, Zahraa A., Omar Z. Akif, Firas A. Abdulatif, A. Amiza, and PhaklenEhkan. "Graphical password based mouse behavior technique." In Journal of Physics: Conference Series, vol. 1755, no. 1, p. 012021. IOP Publishing, 2021.

Abass, Islam Abdalla Mohamed, Loay F. Hussein, and Anis Ben Aissa. "New Textual Authentication Method to Resistant Shoulder-Surfing Attack." International Journal of Advanced Computer Science and Applications 13, no. 1 (2022).

Gopali, Saroj, Pranaya Sharma, Praveen Kumar Khethavath, and Doyel Pal. "HyPA: A Hybrid Password-Based Authentication Mechanism." In Future of Information and Communication Conference, pp. 651-665. Springer, Cham, 2021.

Zouave, Erik, Marc Bruce, Kajsa Colde, Margarita Jaitner, Ioana Rodhe, and Tommy Gustafsson. "Artificially intelligent cyberattacks." (2020): 50.

Biddle, Robert, Sonia Chiasson, and Paul C. Van Oorschot. "Graphical passwords: Learning from the first generation." Ottawa, Canada: School of Computer Science, Carleton University (2009).

Dhamija, Rachna, and Adrian Perrig. "Deja {Vu--A} User Study: Using Images for Authentication." In 9th USENIX Security Symposium (USENIX Security 00). 2000.

Wiedenbeck, Susan, Jim Waters, Leonardo Sobrado, and Jean-Camille Birget. "Design and evaluation of a shoulder-surfing resistant graphical password scheme." In Proceedings of the working conference on Advanced visual interfaces, pp. 177-184. 2006.

Mihajlov, Martin, Borka Jerman-Blazic, and Marko Ilievski. "Recognition-based graphical authentication with single-object images." In 2011 Developments in E-systems Engineering, pp. 203-208. IEEE, 2011.

Jansen, Wayne. "Authenticating users on handheld devices." In Proceedings of the Canadian Information Technology Security Symposium, pp. 1-12. 2003.

Khot, Rohit Ashok, Ponnurangam Kumaraguru, and Kannan Srinathan. "WYSWYE: shoulder surfing defense for recognition based graphical passwords." In Proceedings of the 24th Australian Computer-Human Interaction Conference, pp. 285-294. 2012.

Varenhorst, Christopher, M. V. Kleek, and Larry Rudolph. "Passdoodles: A lightweight authentication method." Research Science Institute (2004): 1-11.

Jermyn, Ian, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel Rubin. "The design and analysis of graphical passwords." In 8th USENIX Security Symposium (USENIX Security 99). 1999.

Lin, Di, Paul Dunphy, Patrick Olivier, and Jeff Yan. "Graphical passwords & qualitative spatial relations." In Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 161-162. 2007.

Eljetlawi, Ali Mohamed. "Study and develop a new graphical password system." PhD diss., UniversitiTeknologi Malaysia, 2008.

Wiedenbeck, Susan, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. "PassPoints: Design and longitudinal evaluation of a graphical password system." International journal of human-computer studies 63, no. 1-2 (2005): 102-127.

Dunphy, Paul, and Jeff Yan. "Do background images improve" draw a secret" graphical passwords?." In Proceedings of the 14th ACM conference on Computer and communications security, pp. 36-47. 2007.

Hafiz, Muhammad Daniel, Abdul Hanan Abdullah, NorafidaIthnin, and Hazinah Kutty Mammi. "Towards identifying usability and security features of graphical password in knowledge based authentication technique." In 2008 Second Asia International Conference on Modelling & Simulation (AMS), pp. 396-403. IEEE, 2008.

Li, Zhi, Qibin Sun, Yong Lian, and Daniele D. Giusto. "An association-based graphical password design resistant to shoulder-surfing attack." In 2005 IEEE international conference on multimedia and expo, pp. 245-248. IEEE, 2005.

Gamby, Ask Neve, and Jyrki Katajainen. "Convex-hull algorithms: Implementation, testing, and experimentation." Algorithms 11, no. 12 (2018): 195.

Mr. Rahul Sharma. (2018). Monitoring of Drainage System in Urban Using Device Free Localization Neural Networks and Cloud computing. International Journal of New Practices in Management and Engineering, 7(04), 08 - 14. https://doi.org/10.17762/ijnpme.v7i04.69

Mwangi , J., Cohen, D., Silva, C., Min-ji, K., & Suzuki, H. Improving Fraud Detection in Financial Transactions with Machine Learning. Kuwait Journal of Machine Learning, 1(4). Retrieved from http://kuwaitjournals.com/index.php/kjml/article/view/148

Kathole, A. B., Katti, J., Dhabliya, D., Deshpande, V., Rajawat, A. S., Goyal, S. B., .Suciu, G. (2022). Energy-aware UAV based on blockchain model using IoE application in 6G network-driven cybertwin. Energies, 15(21)

doi:10.3390/en15218304

Downloads

Published

16.08.2023

How to Cite

Golar, P. C. ., & Sharma, R. . (2023). Security Analysis of the Graphical Password-Based Authentication Systems with Different Attack Proofs. International Journal of Intelligent Systems and Applications in Engineering, 11(10s), 155–165. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/3242

Issue

Vol. 11 No. 10s (2023)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.