Towards a metric for recognition-based graphical password security

English, R. and Poet, R. (2011) Towards a metric for recognition-based graphical password security. In: 5th International Conference on Network and System Security (NSS), Milan, Italy, 6-8 Sep 2011, pp. 239-243. (doi: 10.1109/ICNSS.2011.6060007)

[img]
Preview
Text
71250.pdf

458kB

Publisher's URL: http://dx.doi.org/10.1109/ICNSS.2011.6060007

Abstract

Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

Item Type:Conference Proceedings
Additional Information:(c) 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting / republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Poet, Dr Ron and English, Dr Rosanne
Authors: English, R., and Poet, R.
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2011 IEEE
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record