The effectiveness of intersection attack countermeasures for graphical passwords

English, R. and Poet, R. (2012) The effectiveness of intersection attack countermeasures for graphical passwords. In: 11th IEEE Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, UK, 25-27 June 2012, (doi: 10.1109/TrustCom.2012.271)

[img]
Preview
Text
71251.pdf

246kB

Publisher's URL: http://dx.doi.org/10.1109/TrustCom.2012.271

Abstract

Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.

Item Type:Conference Proceedings
Additional Information:(c) 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting / republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Poet, Dr Ron and English, Dr Rosanne
Authors: English, R., and Poet, R.
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2012 IEEE
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record