Abstract
Graphical passwords have been taken as a potential alternative to alphanumeric passwords. Graphical password based authentication is widely used in many applications for system security and privacy. It increases ease of password use i.e., memorability of the password. With the rapid development of mobile devices, graphical passwords have already been implemented on smartphones. However, shoulder-surfing attack is a major threat to the security of graphical password systems. To overcome this problem, we proposed a novel graphical password authentication system, SGP. SGP uses a pattern of digits for the input of graphical password images. This pattern changes the position of input images in each authentication session. SGP prevents shoulder-surfing attacker to derive which password images are used by the user, even if the attacker records a complete login process. SGP does not use any secondary channels to resist shoulder-surfing attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
000webhost. https://in.000webhost.com/
Android studio. https://developer.android.com/studio/
Human performance calculator. http://cogulator.io/index.html
Mobile marketing statistics compilation. https://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/
Bonneau, J., Preibusch, S., Anderson, R.: A birthday present every eleven wallets? The security of customer-chosen banking PINs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 25–40. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_3
Chakraborty, N., Mondal, S.: An improved methodology towards providing immunity against weak shoulder surfing attack. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 298–317. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_17
Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13, p. 11 (2004)
Kwon, T., Hong, J.: Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks. IEEE Trans. Inf. Forensics Secur. 10(2), 278–292 (2015)
Kwon, T., Shin, S., Na, S.: Covert attentional shoulder surfing: human adversaries are more powerful than expected. IEEE Trans. Syst. Man Cybern.: Syst. 44(6), 716–727 (2014)
Lee, M.-K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Trans. Inf. Forensics Secur. 9(4), 695–708 (2014)
Maheshwari, A., Mondal, S.: SPOSS: secure pin-based-authentication obviating shoulder surfing. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 66–86. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49806-5_4
Meng, W., Li, W., Choo, K.-K.R., et al.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)
Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364–372. ACM (2005)
Por, L.Y., Ku, C.S., Islam, A., Ang, T.F.: Graphical password: prevent shoulder-surfing attack using digraph substitution rules. Frontiers Comput. Sci. 11(6), 1098–1108 (2017)
Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6(1), 156–163 (1967)
Sun, H.-M., Chen, S.-T., Yeh, J.-H., Cheng, C.-Y.: A shoulder surfing resistant graphical authentication system. IEEE Trans. Dependable Secure Comput. (2016)
Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: 21st Annual Computer Security Applications Conference, p. 10. IEEE (2005)
Wu, T.-S., Lee, M.-L., Lin, H.-Y., Wang, C.-Y.: Shoulder-surfing-proof graphical password authentication scheme. Int. J. Inf. Secur. 13(3), 245–254 (2014)
Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W.T., Song, L.: Evopass: evolvable graphical password against shoulder-surfing attacks. Comput. Secur. 70, 179–198 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Panda, S., Kumari, M., Mondal, S. (2018). SGP: A Safe Graphical Password System Resisting Shoulder-Surfing Attack on Smartphones. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-05171-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05170-9
Online ISBN: 978-3-030-05171-6
eBook Packages: Computer ScienceComputer Science (R0)