research-article

MARASIM: a novel jigsaw based authentication scheme using tagging

Authors:

Rohit Ashok Khot,

Kannan Srinathan,

Ponnurangam KumaraguruAuthors Info & Claims

CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 2605 - 2614

https://doi.org/10.1145/1978942.1979322

Published: 07 May 2011 Publication History

Abstract

In this paper we propose and evaluate Marasim, a novel Jigsaw based graphical authentication mechanism using tagging. Marasim is aimed at achieving the security of random images with the memorability of personal images. Our scheme relies on the human ability to remember a personal image and later recognize the alternate visual representations (images) of the concepts occurred in the image. These concepts are retrieved from the tags assigned to the image. We illustrate how a Jigsaw based approach helps to create a portfolio of system-chosen random images to be used for authentication. The paper describes the complete design of Marasim along with the empirical studies of Marasim that provide evidences of increased memorability. Results show that 93% of all participants succeeded in the authentication tests using Marasim after three months while 71% succeeded in authentication tests using Marasim after nine months. Our findings indicate that Marasim has potential applications, especially where text input is hard (e.g., PDAs or ATMs), or in situations where passwords are infrequently used (e.g., web site passwords).

References

[1]

Adams, A., and Sasse, M. A. Users are not the enemy. Commun. ACM. 42, 12 (1999), 40--46.

Digital Library

[2]

Ames, M. and Naaman, M. Why we tag: motivations for annotation in mobile and online media. In Proc. CHI 2007. ACM Press (2007), 971--980.

Digital Library

[3]

Bedworth, M. A. Theory of Probabilistic One-Time Passwords, Proc. Security and Management 2008, CSREA Press (2008) 113--118. http://www.pinoptic.com/downloads/wp002_a_theory_of_potp.pdf. Last accessed August 2010.

[4]

Bonneau, J., and Preibusch, S. The password thicket: technical and market failures in human authentication on the web, In Proc. WEIS 2010.

[5]

Brostoff, S., and Sasse, M. A. Are Passfaces more usable than passwords? A field trial investigation. In Proc. HCI 2000, 405--424.

[6]

Cranor, L., and Garfinkel, S. Security and Usability: Designing Systems that People can use. O'reilly Media, 2005.

Digital Library

[7]

Davis, D., Monrose, F., and Reiter, M. K. On user choice in graphical password schemes. In Proc. 13th USENIX Security Symposium (2004).

Digital Library

[8]

De Angeli, A., Coventry, L., Johnson, G., and Renaud, K. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 63(2005), 128--152.

Digital Library

[9]

Dhamija, R. Hash visualization in user authentication. In Ext. Abstracts CHI 2000, ACM Press (2000), 279--280.

Digital Library

[10]

Dhamija, R., and Perrig, A. D&#233;j&#224; Vu: a user study using images for authentication. In Proc. USENIX Security Symposium (2000).

Digital Library

[11]

Dirik, A. E., Memon, N., and Birget, J. Modeling user choice in the PassPoints graphical password scheme. In Proc. SOUPS 2007, ACM Press (2007), 20--28.

Digital Library

[12]

Feldmeier, D. C., and Karn, P. R. UNIX Password Security - Ten Years Later. In Proc. 9th Cryptology Conference on Advances in Cryptology (1989), 44--63.

Digital Library

[13]

Flickr. http://www.flickr.com.

[14]

Florencio, D., and Herley, C. A large-scale study of web password habits. In Proc. WWW 2007, ACM Press (2007), 657--666.

Digital Library

[15]

Google Images. http://images.google.com.

[16]

ImageShield&#8482;. http://www.confidenttechnologies.com/products/confident-imageshield.

[17]

Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., and Rubin, A. D. The design and analysis of graphical passwords. In Proc. 8th USENIX Security Symposium, 1999.

Digital Library

[18]

Jigsaw puzzle. http://en.wikipedia.org/Jigsaw_puzzle.

[19]

Kent, S., and Millett, L. Who goes there? Authentication through the lens of privacy. The National academic press, 2003.

[20]

Kinjo, H., and Snodgrass, J. G. Does the generation effect occur for pictures? Amer. J. of Psych. 6(2000), 156--163.

[21]

Kintsch, W. Models for free recall and recognition. In Models of human memory, Academic Press, 1970.

[22]

Khot R. A., Srinathan K., iCAPTCHA: Image Tagging For Free, In the Proc. Conference on Usable Software and Interface Design (USID), 2009.

[23]

Knopf, M., Mack, A., Lenel, S., and Ferrante, S. Memory for action events: findings in neurological patients, Scandinavian Journal of Psychology. 46(2005), 11--19.

[24]

Morris, R., and Thompson, K. Password security: A case history. Commun. ACM, (1979), 594--497.

Digital Library

[25]

Nelson, D. L., Reed, U. S., &#38; Walling, J. R. Pictorial superiority effect. Journal of Experimental Psychology: Human Learning &#38; Memory, (1976), 523--528.

[26]

Paivio, A. Mind and its evolution: a dual coding theoretical approach. Lawrence Erlbaum, 2006.

[27]

Pering, T., Sundar, M., Light, J., and Want, R. Photographic Authentication through Untrusted Terminals. IEEE Pervasive Computing 2, (2003), 30--36.

Digital Library

[28]

Prince, B. Gawker Hack Leads to Twitter Spam Campaign, eWeek, December 2010.

[29]

Renaud, K. On user involvement in production of images used in visual authentication. J. Vis. Lang. Comput. 20, 1 (2009), 1--15.

Digital Library

[30]

Smith, G. Tagging: People powered Metadata for the social web (Voices that matter), New Riders Press, 2008.

Digital Library

[31]

Stubblefield, A., and Simon, D. Inkblot Authentication. Technical Report, MSR-TR-2004-85, Microsoft Research, 2004.

[32]

Thorpe, J., and van Oorschot, P. C. Human-seeded attacks and exploiting hot-spots in graphical passwords. In Proc. 16th USENIX Security Symposium, (2007), 1--16.

Digital Library

[33]

Tullis, T. S., and Tedesco, D. P. Using personal photos as pictorial passwords. In Ext. Abstracts CHI 2005, ACM Press (2005), 1841--1844.

Digital Library

[34]

Valentine, T. An evaluation of the Passface personal authentication system, Goldsmith College Univ. of London, Tech. Report. 1999.

[35]

Vance, A. If Your Password Is 123456, Just Make It HackMe. The New York Times, January 2010.

[36]

Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., and Memon, N. PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63, 1-2 (2005), 102--127.

Digital Library

[37]

Zviran, M. and Haga, W. J. Cognitive passwords: the key to easy access control. Comput. Secur. 9, 9 (1991), 723--736.

Cited By

Adebimpe LNg IIdris MOkmi MKu CAng TPor L(2023)Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing AttacksApplied Sciences10.3390/app13181004013:18(10040)Online publication date: 6-Sep-2023
https://doi.org/10.3390/app131810040
Han JBi XKim HWoo SSun HShieh SGu GAteniese G(2020)PassTag: A Graphical-Textual Hybrid Fallback Authentication SystemProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384737(60-72)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384737
Chithra PSathya K(2018)Pristine PixCaptcha as Graphical Password for Secure eBanking Using Gaussian Elimination and Cleaves Algorithm2018 International Conference on Computer, Communication, and Signal Processing (ICCCSP)10.1109/ICCCSP.2018.8452829(1-6)Online publication date: Feb-2018
https://doi.org/10.1109/ICCCSP.2018.8452829
Show More Cited By

Index Terms

MARASIM: a novel jigsaw based authentication scheme using tagging
1. Human-centered computing
  1. Human computer interaction (HCI)
2. Security and privacy
  1. Security services
    1. Authentication

Index terms have been assigned to the content through auto-classification.

Recommendations

Multi-touch authentication on tabletops
CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

The introduction of tabletop interfaces has given rise to the need for the development of secure and usable authentication techniques that are appropriate for the co-located collaborative settings for which they have been designed. Most commonly, user ...
Pictures at the ATM: exploring the usability of multiple graphical passwords
CHI '07: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Users gain access to cash, confidential information and services at Automated Teller Machines (ATMs) via an authentication process involving a Personal Identification Number (PIN). These users frequently have many different PINs, and fail to remember ...
WYSWYE: shoulder surfing defense for recognition based graphical passwords
OzCHI '12: Proceedings of the 24th Australian Computer-Human Interaction Conference

Recognition based graphical passwords are inherently vulnerable to shoulder surfing attacks because of their visual mode of interaction. In this paper, we propose and evaluate two novel shoulder-surfing defense techniques for recognition based graphical ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

May 2011

3530 pages

ISBN:9781450302289

DOI:10.1145/1978942

General Chair:
Desney Tan
Microsoft Research
,
Program Chairs:
Geraldine Fitzpatrick
Vienna University of Technology
,
Carl Gutwin
University of Saskatchewan
,
Bo Begole
PARC
,
Wendy A. Kellogg
IBM Research

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI '11

Sponsor:

SIGCHI

CHI '11: CHI Conference on Human Factors in Computing Systems

May 7 - 12, 2011

BC, Vancouver, Canada

Acceptance Rates

CHI '11 Paper Acceptance Rate 410 of 1,532 submissions, 27%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
553
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Adebimpe LNg IIdris MOkmi MKu CAng TPor L(2023)Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing AttacksApplied Sciences10.3390/app13181004013:18(10040)Online publication date: 6-Sep-2023
https://doi.org/10.3390/app131810040
Han JBi XKim HWoo SSun HShieh SGu GAteniese G(2020)PassTag: A Graphical-Textual Hybrid Fallback Authentication SystemProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384737(60-72)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384737
Chithra PSathya K(2018)Pristine PixCaptcha as Graphical Password for Secure eBanking Using Gaussian Elimination and Cleaves Algorithm2018 International Conference on Computer, Communication, and Signal Processing (ICCCSP)10.1109/ICCCSP.2018.8452829(1-6)Online publication date: Feb-2018
https://doi.org/10.1109/ICCCSP.2018.8452829
Chaudhry JFarmand SIslam SIslam MHannay PValli C(2017)Discovering Trends for the Development of Novel Authentication Applications for Dementia PatientsInternational Conference on Applications and Techniques in Cyber Security and Intelligence10.1007/978-3-319-67071-3_29(220-237)Online publication date: 21-Oct-2017
https://doi.org/10.1007/978-3-319-67071-3_29
MacRae BSalehi-Abari AThorpe J(2016)An Exploration of Geographic Authentication SchemesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.257068111:9(1997-2012)Online publication date: 1-Sep-2016
https://dl.acm.org/doi/10.1109/TIFS.2016.2570681
Ebbers FBrune P(2016)The Authentication Game - Secure User Authentication by Gamification?Advanced Information Systems Engineering10.1007/978-3-319-39696-5_7(101-115)Online publication date: 21-May-2016
https://doi.org/10.1007/978-3-319-39696-5_7
Nguyen CHuang HKawagoe KSadeghi AGligor VYung M(2013)POSTER: Graphical password using object-based image rankingProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2512503(1371-1374)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2512503
Thorpe JMacRae BSalehi-Abari ABauer LBeznosov KCranor L(2013)Usability and security evaluation of GeoPassProceedings of the Ninth Symposium on Usable Privacy and Security10.1145/2501604.2501618(1-14)Online publication date: 24-Jul-2013
https://dl.acm.org/doi/10.1145/2501604.2501618
Wang ZJing JLi LChen KXie QQiu WLi NTzeng W(2013)Time evolving graphical password for securing mobile devicesProceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security10.1145/2484313.2484358(347-352)Online publication date: 8-May-2013
https://dl.acm.org/doi/10.1145/2484313.2484358
van Eekelen Wvan den Elst JKhan VMackay WBrewster SBødker S(2013)PicassopassCHI '13 Extended Abstracts on Human Factors in Computing Systems10.1145/2468356.2468689(1857-1862)Online publication date: 27-Apr-2013
https://dl.acm.org/doi/10.1145/2468356.2468689
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten