Skip to main content

Advertisement

Springer Nature Link
Log in

Shoulder-surfing-proof graphical password authentication scheme

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The graphical password authentication scheme uses icons instead of text-based passwords to authenticate users. Icons might be somehow more familiar to human beings than text-based passwords, since it is hard to remember the latter with sufficient security strength. No matter what kind of password is used, there are always shoulder-surfing problems. An attacker can easily get text-based password or graphical password by observation, capturing a video or recording the login process. In this paper, we propose a shoulder-surfing-proof graphical password authentication scheme using the convex-hull graphical algorithm. We give evaluation and comparisons to demonstrate the security strength and the functionality advantages of our scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Explore related subjects

Discover the latest articles and news from researchers in related subjects, suggested using machine learning.

References

  1. Abdullah, M.D.H.B., Abdullah, A.H.B., Ithnin, N., Mammi, H.K.: Graphical password: user’s affinity of choice-an analysis of picture attributes selection. In: International Symposium on Information Technology vol. 3, pp. 1–6 (2008)

  2. Alsulaiman, F.A., Saddik, A.E.: A novel 3D graphical password schema. In; Proceedings of the IEEE International Conference on Virtual Environments, Human-Computer Interfaces and Measurement Systems, pp. 125–128 (2006)

  3. Boit, A., Geimer, T., Loviscach, J.A.: random cursor matrix to hide graphical password input. In: International Conference on Computer Graphics and Interactive Techniques, pp. 1–1 (2009)

  4. Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL injection attacks. In: International Conference on Applied Cryptography and Network Security, pp. 292–302 (2004)

  5. Chiasson, S., Forget, A., Biddle, R.: Accessibility and graphical passwords. In: Symposium on Accessible Privacy and Security, Pittsburgh, USA (2008)

  6. Chiasson, S., Oorschot, P.C.V., Biddle, R.: Graphical password authentication using cued click points. In: 12th European Symposium on Research in Computer Security, pp. 359–374 (2007)

  7. Dhamija, R., Perrig, A.: Deja Vu: a user study using images for authentication. In: Proceedings of the 9th Conference on USENIX Security Symposium, pp. 45–58 (2000)

  8. Dirik, A.E., Perrig, A., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 20–28 (2007)

  9. Eljetlawi, A.M., Ithnin, N.: Graphical password: prototype usability survey. In: International Conference on Advanced Computer Theory and Engineering, pp. 351–355 (2008)

  10. Galitz, W.O.: The Essential Guide to User Interface Design, 2nd edn. Wiley, NY, USA (2002)

    Google Scholar 

  11. Gao, H., Liu, X., Dai, R., Wang, S.: A new graphical password scheme against spyware by using CAPTCHA. In: Proceedings of the 5th Symposium on Usable Privacy and Security, CA, USA (2009)

  12. Hafiz, M.D., Abdullah, A.H., Ithnin, N., Mammi, H.K.: Towards identifying usability and security features of graphical password in knowledge based authentication technique. In: Second Asia International Conference on Modelling and Simulation, pp. 396–403 (2008)

  13. Hong, D., Man, S., Hawes, B., Mathews, M,: A password scheme strongly resistant to spyware. In: Proceedings International Conference on Security and Management, pp. 94–100 (2004)

  14. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords, Proceedings of the 8th USENIX Security Symposium. Washington, D.C., USA (1999)

  15. Komanduri, S., Hutchings, D.R.: Order and entropy in picture passwords. Graph. Interface 322, 115–122 (2008)

    Google Scholar 

  16. Kumar, M., Garfinkel, T., Boneh, D., Winograd, T.: Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 13–19 (2007)

  17. Lin, P.L., Weng, L.T., Huang, P.W.: Graphical passwords using images with random tracks of geometric shapes. In: Proceedings of the 2008 Congress on Image and Signal Processing, vol. 3, pp. 27–31 (2008)

  18. Maetz, Y., Onno, S., Heen, O.: Recall-a-story, a story-telling graphical password system. In: Proceedings of the 5th Symposium on Usable Privacy and Security (2009)

  19. Malek, B., Orozco, M., Saddik, A.E.: Novel shoulder-surfing resistant haptic-based graphical password. In: Proceedings of the Eurohaptics Conference, Florence, Italy (2006)

  20. Moncur, W., Leplatre, G.: Pictures at the ATM: exploring the usability of multiple graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 887–894 (2007)

  21. Perkovic, T., Cagalj, M., Rakic, N.: SSSL: shoulder surfing safe login. In: International Conference on Software, Telecommunications and Computer Networks, pp. 270–275 (2009)

  22. RealUser. http://www.realuser.com (2009). Last accessed on Dec 2009

  23. Sabzevar, A.P., Stavrou, A.: Universal multi-factor authentication using graphical passwords. In: Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems, pp. 625–632 (2008)

  24. Shi, P., Zhu, B., Youssef, A.: A PIN entry scheme resistant to recording-based shoulder-surfing. In: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies, pp. 237–241 (2009)

  25. Sobrado, L., Birget, J.C.: Graphical passwords, The Rutgers Scholar, An Electronic Bulletin of Undergraduate Research, Camden New Jersey, 4 (2002). Accessed on June 2007

  26. Suo, X., Zhu, Y., Owen, G.S.: Analysis and design of graphical password techniques. Adv. Visual Comput. 4292, 741–749 (2006)

    Google Scholar 

  27. Suo, X., Zhu, Y., Owen G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 463–472 (2005)

  28. Takada, T.: FakePointer: an authentication scheme for improving security against peeping attacks using video cameras. In: The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, pp. 395–400 (2008)

  29. Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 56–66 (2006)

  30. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum. Comput. Stud. 32, 102–127 (2005)

    Article  Google Scholar 

  31. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Authentication using graphical passwords: effects of tolerance and image choice. In: Symposium on Usable Privacy and Security, pp. 1–12 (2005)

  32. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 177–184 (2006)

  33. Zhao, H., Li, X., S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, vol. 2, pp. 467–472 (2007)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Taiwan Ocean University, 2, Pei-Ning Road, 202, Keelung, Taiwan, Republic of China

    Tzong-Sun Wu, Ming-Lun Lee, Han-Yu Lin & Chao-Yuan Wang

Authors
  1. Tzong-Sun Wu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Ming-Lun Lee
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Han-Yu Lin
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Chao-Yuan Wang
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Ming-Lun Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wu, TS., Lee, ML., Lin, HY. et al. Shoulder-surfing-proof graphical password authentication scheme. Int. J. Inf. Secur. 13, 245–254 (2014). https://doi.org/10.1007/s10207-013-0216-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0216-7

Keywords