Graphical User Authentication Algorithms Based on Recognition:

Zena M. Saadi; Ahmed T. Sadiq; Omar Z.  Akif

doi:10.14500/aro.11603

Zena M. Saadi Department of Computer Science, University of Technology,Baghdad, Iraq https://orcid.org/0009-0005-3919-6666
Ahmed T. Sadiq Department of Computer Science, University of Technology, Baghdad, Iraq https://orcid.org/0000-0002-4217-1321
Omar Z. Akif Department of Computer Science, College of Education for Pure Science (Ibn al-Haitham), University of Baghdad, Baghdad, Iraq https://orcid.org/0000-0003-1773-103X

Keywords: Graphical Password, Graphical User Authentication, ISO usability, Possible attacks, Recognition, Security

Abstract

In cyber security, the most crucial subject in information security is user authentication. Robust text-based password methods may offer a certain level of protection. Strong passwords are hard to remember, though, so people who use them frequently write them on paper or store them in file for computer .Numerous of computer systems, networks, and Internet-based environments have experimented with using graphical authentication techniques for user authentication in recent years. The two main characteristics of all graphical passwords are their security and usability. Regretfully, none of these methods could adequately address both of these factors concurrently. The ISO usability standards and associated characteristics for graphical user authentication and possible attacks on nineteen recognition-based authentication systems were discussed. In this study, differentiation table of attack patterns for all recognition-based techniques is shown. Finally, the positive and negative aspects of nineteen methods were explained in the form of a detailed table.

Downloads

Download data is not yet available.

Author Biographies

Zena M. Saadi , Department of Computer Science, University of Technology,Baghdad, Iraq

Zena M. Saadi is a Ph.D. student at the Department of Computer Sciences, University of Technology, Baghdad, Iraq. She got the B.Sc. degree in Computer Science and the M.Sc. degree in Systems Software. Her research interests are in artificial intelligence, cyber security, and chaos theory.

Ahmed T. Sadiq , Department of Computer Science, University of Technology, Baghdad, Iraq

Ahmed T. Sadiq is a Professor at the Department of Computer Sciences, University of Technology. He got the B.Sc., M.Sc. and Ph.D. in Computer Science from University of Technology, Baghdad, Iraq, 1993, 1996 and 2000, respectively. His research interests are in artificial intelligence, data security, patterns recognition and data mining.

Omar Z. Akif , Department of Computer Science, College of Education for Pure Science (Ibn al-Haitham), University of Baghdad, Baghdad, Iraq

Omar Z. Akif is currently an Assistant Professor at the Department of Computer Science, College of Education for Pure Science (Ibn al-Haitham), University of Baghdad. He got his B.Sc. degree in Computer Science from AL-Rafidain University College in 1995, and the M.Sc degree in Computer Science from the institute of post graduate studies at the Iraqi Commission for Computers and Informatics in 2005. In 2018, he got the Ph.D. degree in
Electronic and Computer Engineering from Brunel University London.

References

Adebimpe, L.A., Ng, I.O., Idris, M.Y.I., Okmi, M., Ku, C.S., Ang, T.F., and Por, L.Y., 2023. Systemic literature review of recognition-based authentication method resistivity to shoulder-surfing attacks. Applied Sciences, 13, p.10040.

Ali Mohamed, E., and Norafida, I., 2008. Graphical Password: Prototype Usability survey. In: International Conference on Advanced Computer Theory and Engineering, pp.351-355.

Ali, M.E., and Norafida, I., 2008. Graphical password: Comprehensive study of the usability features of the recognition base graphical password methods. In: 3rd International Conference on Convergence and Hybrid Information Technology, pp.1137-1143.

Amna, J.A., Kenz, A.B., and Wafa, I.E., 2021. Develop Graphical Passwords Authentication System Resistant To Shoulder Surfing Attacks. In: The 7thInternational Conference on Engineeringand MIS 2021 (ICEMIS’21). Association for Computing Machinery, New York, USA, p.55.Biddle, R., Chiasson, S., and Oorschot, P., 2012.

Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR), 44, pp.1-41. DOI: https://doi.org/10.1145/2333112.2333114

Brostoff, S., and Sasse, M.A., 2000. Are passfaces more usable than passwords? A field trial investigation. In: McDonald, S., Waern, Y., and Cockton, G., (eds) People and Computers XIV - Usability. Springer, London. DOI: https://doi.org/10.1007/978-1-4471-0515-2_27

Carrillo-Torres, D., Pérez-Díaz, J.A., Cantoral-Ceballos, J.A., and Vargas-Rosales, C., 2023. A novel multi-factor authentication algorithm based on image recognition and user established relations. Applied Sciences, 13, p.1374. DOI: https://doi.org/10.3390/app13031374

Constantine, S., Margherita, A., Stavroula, N., and Gavriel, S., 2023. HCI International 2023 Posters. In: 25th International Conference on Human-Computer Interaction, HCII, Copenhagen, Denmark, July 23-28, Proceedings, Part IV. Communications in Computer and Information Science. Vol. 1835, Springer,

Cham.Davis, D, Monrose, F., and Reiter, M.K., 2004. On User Choice in Graphical Password Schemes. In: Proceedings of the 13th USENIX Security Symposium.

Erlich, Z., and Zviran, M., 2009. Authentication methods for computer systems security. In: Encyclopedia of Information Science and Technology. 2nd ed., Vol. 1. IGI Global, United States, pp.288-293. DOI: https://doi.org/10.4018/978-1-60566-026-4.ch049

Farid, B., Mat, M.L., Lip, Y., and Zaidan, A.A., 2021. A systematic review of PIN-entry methods resistant to shoulder-surfing attack. Computers and Security, 101, p.102116. DOI: https://doi.org/10.1016/j.cose.2020.102116

Furkan, T., Ant, O., and Stephen, H., 2006. A Comparison of Perceived and Real Shoulder-Surfing Risks between Alphanumeric and Graphical Passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security(SOUPS ‘06). Association for Computing Machinery, New York, USA, pp.56-66. DOI: https://doi.org/10.1145/1143120.1143128

Furkan, T., Ant, O., and Stephen, H., 2006. Symposium on Usable Privacy and Security (SOUPS). Pittsburgh, PA, USA, pp.56-66.

Gao, H., Ren, Z., Chang, X., Liu, X., and Aickelin, U., 2010. A New Graphical Password Scheme Resistant to Shoulder-Surfing. In: Proceedings International Conference on Cyberworlds, CW Network, United States. DOI: https://doi.org/10.2139/ssrn.2829284

Gao, H., Xiyang, L., Wang, S., Liu, H., and Dai, R., 2010. Design and Analysis of a Graphical Password Scheme. In: 2009 4th International Conference on Innovative Computing, Information and Control, (ICICIC), pp.675-678. DOI: https://doi.org/10.1109/ICICIC.2009.158

Gokhale, M., and Waghmare, V., 2016. The shoulder surfing resistant graphical password authentication technique. Procedia Computer Science, 79, pp.875-884. DOI: https://doi.org/10.1016/j.procs.2016.03.091

Ho, P.F., Kam, Y.H.S., Wee, M.C., Chong, Y.N., and Por, L.Y., 2014. Preventing shoulder-surfing attack with the concept of concealing the password objects’ information. ScientificWorldJournal, 2014, p.838623. DOI: https://doi.org/10.1155/2014/838623

Islam, A., Por, L., and Othman, F., 2019. A review on recognition-based graphical password techniques. In: Computational Science and Technology, Lecture Notes in Electrical Engineering. Springer, Singapore. DOI: https://doi.org/10.1007/978-981-13-2622-6_49

Jansen, W., Gavrila, S., Korolev, V., Ayers, R., and Swanstrom, R., 2003. Picture Password: A Visual Login Technique for Mobile Devices. National Institute of Standards and Technology, Gaithersburg, MD. DOI: https://doi.org/10.6028/NIST.IR.7030

Kausar, N., Din, I.U., Khan, M.A., Almogren, A., and Kim, B.S., 2022. GRA-PIN: A graphical and PIN-based hybrid authentication approach for smart devices. Sensors (Basel), 22, p.1349. DOI: https://doi.org/10.3390/s22041349

Khan, M.A., Din, I.U., and Almogren, A., 2023. Securing access to internet of medical things using a graphical-password-based user authentication scheme. Sustainability, 15, p.5207. DOI: https://doi.org/10.3390/su15065207

Khodadadi, T., Muzahidul Islam, A.K.M., Baharun, S., and Komaki, S., 2016. Evaluation of recognition-based graphical password schemes in terms of usability and security attributes. International Journal of Electrical and Computer Engineering, 6, pp.2939-2948. DOI: https://doi.org/10.11591/ijece.v6i6.11227

Khot, R.A., Kumaraguru, P., and Srinathan, K., 2012. WYSWYE: Shoulder Surfing Defense for Recognition based Graphical Passwords. In: Proceedings of the 24th Australian Computer-Human Interaction Conference, pp.285-294. DOI: https://doi.org/10.1145/2414536.2414584

Komanduri, S., and Hutchings, D., 2008. Order and Entropy in Picture Passwords. In: Proceedings - Graphics Interface, pp.115-122.

Lashkari, A.H., Abdul Manaf, A., Masrom, M., and Daud, S.M., 2011. Security evaluation for graphical password. In: Cherifi, H., Zain, J.M., and El-Qawasmeh, E., (eds) Digital Information and Communication Technology and Its Applications: Communications in Computer and Information Science. Vol. 166. Springer, Berlin, Heidelberg. DOI: https://doi.org/10.1007/978-3-642-21984-9_37

Latee, F., Ian, O., Mohd, Y., Mohammed, O., Chin, S., and Tan, F., 2023. Systemic literature review of recognition-based authentication method resistivity to shoulder-surfing attacks. Applied Sciences, 13(18), p.10040. DOI: https://doi.org/10.3390/app131810040

Lazar, L., Tikolsky, O., Glezer, C., and Zviran, M., 2011. Personalized cognitive passwords: An exploratory assessment. Information Management and Computer Security, 19, pp.25-41. DOI: https://doi.org/10.1108/09685221111115845

Leon, B., and Boštjan, B., 2020. Shoulder surfing experiments: A systematic literature review. Computers and Security, 99, p.102023. DOI: https://doi.org/10.1016/j.cose.2020.102023

Levin, D.T., 2000. Race as a visual feature: Using visual search and perceptual discrimination tasks to understand face categories and the cross-race recognition. Journal of Experimental Psychology: General, 129, pp.559-74. DOI: https://doi.org/10.1037//0096-3445.129.4.559

Li, Y., Yun, X., Fang, L., and Ge, C., 2021. An efficient login authentication system against multiple attacks in mobile devices. Symmetry, 13, p.125. DOI: https://doi.org/10.3390/sym13010125

Muhammad, D., Abdul, H., Norafida, I., and Hazinah, K., 2015. Towards Identifying Usability and Security Features of Graphical Password in Knowledge based Authentication Technique. In: Second Asia International Conference on Modeling and Simulation, pp.396-403.

Nagothu, D., Chen, Y., Blasch, E., Aved, A., and Zhu, S., 2019. Detecting malicious false frame injection attacks on surveillance systems at the edge using electrical network frequency signals. Sensors (Basel), 19, p.2424. DOI: https://doi.org/10.3390/s19112424

Nicholas, W., Andrew, S., and Robert, B., 2012. Do you see Your Password? Applying Recognition to Textual Passwords. In: Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ‘12). Association for Computing Machinery, New York, USA, p8.

Nizamani, S.Z., Hassan, S.R., Shaikh, R.A., Abozinadah, E.A., and Mehmood, R., 2021. A novel hybrid textual-graphical authentication scheme with better security, memorability, and usability. IEEE Access, 9, pp.51294-51312. DOI: https://doi.org/10.1109/ACCESS.2021.3069164

Por, L., Ku, C., Islam, A., and Ang, T., 2017. Graphical password: Prevent shoulder-surfing attack using digraph substitution rules. Frontiers of Computer Science, 11, pp.1098-1108. DOI: https://doi.org/10.1007/s11704-016-5472-z

Por, L.Y., Ku, C.S., and Ang, T.F., 2019. Preventing shoulder-surfing attacks using digraph substitution rules and pass-image output feedback. Symmetry, 11, p.1087. DOI: https://doi.org/10.3390/sym11091087

Rachna, D., and Adrian, P., 2000. Deja Vu--a user study: Using Images for Authentication. In: Proceeding of the 9th USENIX Security Symposium.

Rajarajan, S., and Priyadarsini, P.L.K., 2021. SelfiePass: A Shoulder Surfing Resistant Graphical Password Scheme. In: International Conference on Recent Trends on Electronics, Information, Communication and Technology (RTEICT). Bangalore, India, pp.563-567. DOI: https://doi.org/10.1109/RTEICT52294.2021.9573972

Sabzevar, A.P., and Stavrou, A., 2008. Universal Multi-factor Authentication Using Graphical Passwords. In: Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems, pp.625-632. DOI: https://doi.org/10.1109/SITIS.2008.92

Siddiqui, N., Misbah, U., Mohd, S., and Miftah, S., 2018. A Novel Shoulder-Surfing Resistant Graphical Authentication Scheme. In: 2018 4th International Conference on Computing Communication and Automation (ICCCA). IEEE, pp.1-5. DOI: https://doi.org/10.1109/CCAA.2018.8777630

Sobrado, L., and Birget, J., 2002. Graphical passwords. The Rutgers Scholar. An Electronic Bulletin for Undergraduate Research, 4, pp.1-9.

Sun, H., Chen, S., Yeh, J., and Cheng, C., 2018. A shoulder surfing resistant graphical authentication system. IEEE Transactions on Dependable and Secure Computing, 15, pp.180-193. DOI: https://doi.org/10.1109/TDSC.2016.2539942

Susan, W., Jim, W., Jean, C., Alex, B., and Nasir, M., 2005. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, 63(1-2), pp.102-127. DOI: https://doi.org/10.1016/j.ijhcs.2005.04.010

Tu, J., Dahai, T., and Yun, W., 2021. An active-routing authentication scheme in MANET. IEEE Access, 9, pp.34276-34286. DOI: https://doi.org/10.1109/ACCESS.2021.3054891

Wang, Z., Lingzhi, L., Ruohan, M., Ching-Nung, Y., Zhili, Z., and Hengfu, Y., 2022. Verification Grid and map slipping based graphical password against shoulder-surfing attacks. Security and Communication Networks, 2022, p.6778755. DOI: https://doi.org/10.1155/2022/6778755

Xiaoyuan, S., Ying, Z., and Scott, G., 2005. Graphical Passwords: A Survey. In: Proceedings of the 21st Annual Computer Security Applications, pp.463-472.

Zhao, H., and Li, X., 2007. S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07),Niagara Falls, ON, Canada, pp.467-472. DOI: https://doi.org/10.1109/AINAW.2007.317

Graphical User Authentication Algorithms Based on Recognition

A survey

Abstract

Downloads

Author Biographies

References