English, R. and Poet, R. (2012) The effectiveness of intersection attack countermeasures for graphical passwords. In: 11th IEEE Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, UK, 25-27 June 2012, (doi: 10.1109/TrustCom.2012.271)
|
Text
71251.pdf 246kB |
Publisher's URL: http://dx.doi.org/10.1109/TrustCom.2012.271
Abstract
Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.
Item Type: | Conference Proceedings |
---|---|
Additional Information: | (c) 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting / republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. |
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Poet, Dr Ron and English, Dr Rosanne |
Authors: | English, R., and Poet, R. |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
College/School: | College of Science and Engineering > School of Computing Science |
Copyright Holders: | Copyright © 2012 IEEE |
Publisher Policy: | Reproduced in accordance with the copyright policy of the publisher |
University Staff: Request a correction | Enlighten Editors: Update this record