Shoulder Surfing attack in graphical password authentication (original) (raw)

Graphical User Authentication System Resistant to Shoulder Surfing Attack

Advances in Research

User authentication is one of the most significant issues in the field of Information Security. The most common and convenient authentication method used is the alphanumeric password which has significant drawbacks. To overcome the vulnerabilities of traditional methods, graphical password schemes have been developed as possible alternative solutions to text-based scheme. A potential drawback of graphical password schemes is that they are more vulnerable to shoulder surfing than conventional alphanumeric text passwords due to their visual interface. To overcome the shortcoming of existing graphical password schemes this project focuses on developing a graphical authentication system that is resistant to shoulder surfing attack.

Restricting shoulder surfing: a modified graphical password Technique

International Journal of Research, 2019

Graphical passwords are the ways in which user click on the image or user can select the image to authenticate themselves instead of giving passwords. This technique is more secure that textual password techniques. In this article, the shoulder surfing preventive mechanism of graphical password authentication is given. Finally the login password system is proposed to deal with such type of problems. First time, we are introducing a modified approach is given to resolve the shoulder surfing based on recall and recognition based concepts. Usually it is seen that the most common vulnerability of graphical password is shoulder surfing attack. This research aims to analyze the usability feature of recognition based and recall based graphical password methods and present a technique to apply an image based password that is safe from the shoulder surfing attack. In the similar context, the purpose of this paper is to present an alternative way to apply the recall and recognition based tech...

Secure Graphical Password Techniques against Shoulder Surfing and Camera based Attacks

Authentication is a process to verify legitimacy and can be performed in different ways like token, biometrics, and textual and graphical passwords. The main motivation towards graphical passwords is usability. However, the major potential drawback of this approach is shoulder surfing and camera based attacks. In this paper, the focus was to formulate a technique to address these issues without disturbing the usability feature of graphical passwords. For this, three efficient techniques MCR-TG, R-MCR-TG, and CN-TG of graphical passwords has been designed and tested. In order to enhance the security, fake clicks were used. The results depict CN-TG scheme was the best in terms of usability and security among MCR-TG and R-MCR-TG.

An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack

International Journal of Scientific Research in Science, Engineering and Technology, 2019

Data and computer protection is endured largely by countersigns which are the principle part of the authorization and authentication cognitive process. The most common information processing system authentication process is to apply alphanumerical username and password which has important drawbacks. Graphical passwords are often deliberated prone to shoulder-surfing attacks, where attackers can sneak a user's password by peeking over his or her shoulder in the certification process. Graphical passwords seem to be the solution as it is described more in the design structure of the authentication. A graphical password is an authentication scheme that works by accepting the user select from images, in a particular grade, demonstrated in a graphical user interface (GUI). The proposed research is an approach to enhance the subsisting Graphical Password techniques and resist against attacks like Shoulder Surfing. Based on the principle of zero-knowledge cogent evidence protocol, the additional improvement is the primary figure to overcome the shoulder-surfing attack issue without adding any additional complexity into the authentication process.

Secure User Authentication Using Graphical Passwords

2015

The paper discusses secure user authentication mechanisms using graphical passwords. Graphical Password is an alternative to a textual password, which uses images, designs patterns etc. as a password instead of alphanumeric password. Graphical passwords provide better security and usability over textual password, but along with so many advantages of graphical password, they have a major issue of Shoulder Surfing Attack. In this report different techniques of graphical passwords are discussed. To combat shoulder surfing attack, two different techniques of graphical password based authentication are implemented as part of this project. Different user based surveys are conducted. Based on results of user surveys, a comparative analysis is carried out between two prototypes developed in this project. In the end, conclusion is written in terms of application’s security, reliability, user convenience and security against the shoulder surfing attack. Keywords-Graphical Passwords; authentic...

Attacks on Graphical Password: A Study on Defense Mechanisms and Limitations

International Journal of Information Technology and Applied Sciences (IJITAS)

User authentication is mostly reliant on password-based based verification. Users generally used text-based passwords, which are user-friendly but often predictable and vulnerable to some common attacks. To overcome these shortcomings, graphical authentication methods have emerged. Here, users choose a sequence of images as passwords. Though such methods help users to better remember their passwords, they too suffer from attacks seen in the case of textual passwords. This paper presents a comprehensive summary of the vulnerabilities state of the art graphical password schemes against the following well-known attacks - Dictionary, Guessing, Brute force, Shoulder surfing, Spyware, and Social engineering. We believe the findings of this study can help researchers design more secure graphical password schemes making them more usable and a realistic replacement for text-based passwords.

A New Graphical Password Scheme Resistant to Shoulder-Surfing

2010

Abstract—Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords. There have been some graphical schemes resistant or immune to shoulder-surfing, but they have significant usability drawbacks, usually in the time and effort to log in. In this paper, we propose and evaluate a new shoulder-surfing resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them. The drawing input trick along with the complementary measures, such as erasing the drawing trace, displaying degraded images, and starting and ending with randomly designated images provide a good resistance to shouldersurfing. A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time.

Design and Evaluation of a shoulder-Surfing Resistant Graphical Password Scheme

When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual’s authentication session. This is referred to as shoulder-surfing and is a known risk, of special concern when authenticating in public places. Until recently, the only defense against shoulder-surfing has been vigilance on the part of the user. This paper reports on the design and evaluation of a game-like graphical method of authentication that is resistant to shoulder-surfing. The Convex Hull Click (CHC) scheme allows a user to prove knowledge of the graphical password safely in an insecure location because users never have to click directly on their password images. Usability testing of the CHC scheme showed that novice users were able to enter their graphical password accurately and to remember it over time. However, the protection against shoulder-surfing comes at the price of longer time to carry out the authentication.

Graphical Password Authentication

IRJET, 2023

Graphical password is one of technic for authentication of computer security. Nowadays digital/computer security is the most important thing in computer science for protecting user or customer data. And Shoulder-surfing is one of the threats where a criminal can steal a password by direct observation or by recording the authentication session. There are several techniques available for this authentication, the most prevalent and simple of which is the Graphical password technique. So, we suggest a new approach to combat this problem. We have developed two concepts to combat shoulder surfing attacks. First, the user must register if the registration does not exist. Second, you must log in with a valid user ID and password. The password is a grouping of characters and numbers. Third, the user has to cross image-based authentication where the user can choose their password and this method has higher chances to offset each other. You should choose a password according to the registration password, it must match at login time. In color base authentication, there should be several color base passwords, and depending on the color, you need to remember the password sequence. And it’s like three-factor authentication. So, here is proposed a new graphical password authentication technique that is resilient to shoulder surfing and also to other types of probable attacks.