English, R. and Poet, R. (2011) Towards a metric for recognition-based graphical password security. In: 5th International Conference on Network and System Security (NSS), Milan, Italy, 6-8 Sep 2011, pp. 239-243. (doi: 10.1109/ICNSS.2011.6060007)
|
Text
71250.pdf 458kB |
Publisher's URL: http://dx.doi.org/10.1109/ICNSS.2011.6060007
Abstract
Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing, intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.
Item Type: | Conference Proceedings |
---|---|
Additional Information: | (c) 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting / republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. |
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Poet, Dr Ron and English, Dr Rosanne |
Authors: | English, R., and Poet, R. |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
College/School: | College of Science and Engineering > School of Computing Science |
Copyright Holders: | Copyright © 2011 IEEE |
Publisher Policy: | Reproduced in accordance with the copyright policy of the publisher |
University Staff: Request a correction | Enlighten Editors: Update this record