Skip to main content
SpringerLink
Log in

SGP: A Safe Graphical Password System Resisting Shoulder-Surfing Attack on Smartphones

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11281))

Included in the following conference series:

Abstract

Graphical passwords have been taken as a potential alternative to alphanumeric passwords. Graphical password based authentication is widely used in many applications for system security and privacy. It increases ease of password use i.e., memorability of the password. With the rapid development of mobile devices, graphical passwords have already been implemented on smartphones. However, shoulder-surfing attack is a major threat to the security of graphical password systems. To overcome this problem, we proposed a novel graphical password authentication system, SGP. SGP uses a pattern of digits for the input of graphical password images. This pattern changes the position of input images in each authentication session. SGP prevents shoulder-surfing attacker to derive which password images are used by the user, even if the attacker records a complete login process. SGP does not use any secondary channels to resist shoulder-surfing attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 000webhost. https://in.000webhost.com/

  2. Android studio. https://developer.android.com/studio/

  3. Human performance calculator. http://cogulator.io/index.html

  4. Mobile marketing statistics compilation. https://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/

  5. Bonneau, J., Preibusch, S., Anderson, R.: A birthday present every eleven wallets? The security of customer-chosen banking PINs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 25–40. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_3

    Chapter  Google Scholar 

  6. Chakraborty, N., Mondal, S.: An improved methodology towards providing immunity against weak shoulder surfing attack. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 298–317. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_17

    Chapter  Google Scholar 

  7. Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13, p. 11 (2004)

    Google Scholar 

  8. Kwon, T., Hong, J.: Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks. IEEE Trans. Inf. Forensics Secur. 10(2), 278–292 (2015)

    Article  Google Scholar 

  9. Kwon, T., Shin, S., Na, S.: Covert attentional shoulder surfing: human adversaries are more powerful than expected. IEEE Trans. Syst. Man Cybern.: Syst. 44(6), 716–727 (2014)

    Article  Google Scholar 

  10. Lee, M.-K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Trans. Inf. Forensics Secur. 9(4), 695–708 (2014)

    Article  Google Scholar 

  11. Maheshwari, A., Mondal, S.: SPOSS: secure pin-based-authentication obviating shoulder surfing. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 66–86. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49806-5_4

    Chapter  Google Scholar 

  12. Meng, W., Li, W., Choo, K.-K.R., et al.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)

    Article  Google Scholar 

  13. Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364–372. ACM (2005)

    Google Scholar 

  14. Por, L.Y., Ku, C.S., Islam, A., Ang, T.F.: Graphical password: prevent shoulder-surfing attack using digraph substitution rules. Frontiers Comput. Sci. 11(6), 1098–1108 (2017)

    Article  Google Scholar 

  15. Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6(1), 156–163 (1967)

    Article  Google Scholar 

  16. Sun, H.-M., Chen, S.-T., Yeh, J.-H., Cheng, C.-Y.: A shoulder surfing resistant graphical authentication system. IEEE Trans. Dependable Secure Comput. (2016)

    Google Scholar 

  17. Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: 21st Annual Computer Security Applications Conference, p. 10. IEEE (2005)

    Google Scholar 

  18. Wu, T.-S., Lee, M.-L., Lin, H.-Y., Wang, C.-Y.: Shoulder-surfing-proof graphical password authentication scheme. Int. J. Inf. Secur. 13(3), 245–254 (2014)

    Article  Google Scholar 

  19. Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W.T., Song, L.: Evopass: evolvable graphical password against shoulder-surfing attacks. Comput. Secur. 70, 179–198 (2017)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Patna, Patna, India

    Suryakanta Panda & Samrat Mondal

  2. National Institute of Technology Patna, Patna, India

    Madhu Kumari

Authors
  1. Suryakanta Panda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Madhu Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Samrat Mondal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Suryakanta Panda .

Editor information

Editors and Affiliations

  1. Indian Institute of Science, Bangalore, India

    Vinod Ganapathy

  2. Pennsylvania State University, University Park, PA, USA

    Trent Jaeger

  3. Indian Institute of Technology Bombay, Mumbai, India

    R.K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Panda, S., Kumari, M., Mondal, S. (2018). SGP: A Safe Graphical Password System Resisting Shoulder-Surfing Attack on Smartphones. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05171-6_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05170-9

  • Online ISBN: 978-3-030-05171-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation