English, R. (2014) Modelling the security of recognition-based graphical passwords. In: 8th International Symposium on Human Aspects of Information Security, Plymouth, UK, 8-9 Jul 2014,
Full text not currently available from Enlighten.
Publisher's URL: http://haisa.org/
Abstract
Recognition-based graphical passwords are a suggested alternative authentication mechanism which have received attention in recent research. The research often presents new schemes, usability studies or proposes countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This paper contributes a proposed solution to this problem. Presented here are mathematical models for estimating the number of attacks required before success for four aspects of the security of a recognition-based graphical password scheme. This includes two types of guessing attacks and two types of observation attacks. These models combine to provide an overall metric of the security of recognition-based graphical password schemes. The metric presented provides a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes which was not previously possible.
| Item Type: | Conference Proceedings |
|---|---|
| Status: | Published |
| Refereed: | Yes |
| Glasgow Author(s) Enlighten ID: | English, Dr Rosanne |
| Authors: | English, R. |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| College/School: | College of Science and Engineering > School of Computing Science |
University Staff: Request a correction | Enlighten Editors: Update this record
Deposit and Record Details
Deposit and Record Details