short-paper

Time evolving graphical password for securing mobile devices

Authors:
Zhan Wang

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
View Profile

,
Jiwu Jing

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
View Profile

,
Liang Li

Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China

Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China
View Profile

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityMay 2013Pages 347–352https://doi.org/10.1145/2484313.2484358

Published:08 May 2013Publication History

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 347–352

ABSTRACT

Increasingly widespread use of mobile devices for processing monetary transactions and accessing business secrets has created a great demand on securing mobile devices. Poorly designed authentication mechanisms (e.g., screen lock and SIM card lock) on mobile devices either make users feel a hassle to lock the devices, or are vulnerable to attacks, such as shoulder surfing and smudge attack.

In this paper, we propose a new login option for unlocking mobile devices called Time-Evolving Graphical Password (TEGP), which improves the strength of the password gradually over time by evolving the distortion degree of the images in the challenge portfolio without changing the pass images. By taking advantage of the extraordinary human ability to recall images, TEGP authenticates users by asking them to recognize the pass images which are transformed from the images uploaded by the user at registration. To achieve desired security and remain the usability, we present two metrics, Information Retention Rate (IRR) and Password Diversity Score (PDS), to advise the selection and distortion of the pass images and decoy images. Our experimental results show the memorability from the perspective of users, and the ability of TEGP to defend against various attacks.

References

A. D. Angeli, L. Coventry, G. Johnson, and K. Renaud. Is a picture really worth a thousand words? exploringthe feasibility of graphical authentication systems. Int. J. Hum.-Comput. Stud., 63(1-2):128--152, 2005. Google ScholarDigital Library
J. Canny. A computationnal approach to edge detection. IEEE Trans. Pattern Anal. Mach. Intell., 8:679--698, 1986. Google ScholarDigital Library
S. Chiasson, A. Forget, R. Biddle, and P. van Oorschot. User interface design affects security: patterns in click-based graphical passwords. Int. J. Inf. Secur, 8(6):387--398, 2009. Google ScholarDigital Library
Passfaces corporation. In The Science Behind Passfaces. Company white paper.Google Scholar
S. Chiasson. Usable authentication and click-based graphical passwords. In Ph.D. Thesis, School of Computer Science, Carleton University, Ottawa, Canada, 2008. Google ScholarDigital Library
S. Chiasson, A. Forget, E. Stobert, P. van Oorschot, and R. Biddle. Multiple password interference in text passwords and click-based graphical passwords. In ACM Conference on Computer and Communications Security, pages 500--511, 2009. Google ScholarDigital Library
A. E. Dirik, N. Memon, and J.-C. Birget. Modeling user choice in the passpoints graphical password scheme. In Proceedings of the 3rd symposium on Usable privacy and security, SOUPS '07, pages 20--28, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
P. Dunphy and J. Yan. Do background images improve "draw a secret" graphical passwords? In Proceedings of the 14th ACM conference on Computer and communications security, CCS '07, pages 36--47, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
E. Hayashi, R. Dhamija, N. Christin, and A. Perrig. Use your illusion: secure authentication usable anywhere. In Symposium on Usable Privacy and Security, pages 35--45, 2008. Google ScholarDigital Library
D. Hong, S. Man, B. Hawes, and M. Mathews. A password scheme strongly resistant to spyware. In Proc. International conference on security and management, 2004.Google Scholar
W. Z. Khan, M. Y. Aalsalem, and Y. Xiang. A graphical password based system for small mobile devices. CoRR, abs/1110.3844, 2011.Google Scholar
R. A. Khot, K. Srinathan, and P. Kumaraguru. Marasim: a novel jigsaw based authentication scheme using tagging. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '11, pages 2605--2614, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
Microsoft, http://windows.microsoft.com.Google Scholar
A. Oulasvirta, T. Rattenbury, L. Ma, and E. Raita. Habits make smartphone use more pervasive. Personal and Ubiquitous Computing, 16(1):105--114, 2012. Google ScholarDigital Library
T. Pering, M. Sundar, J. Light, and R. Want. Photographic authentication through untrusted terminals. IEEE Pervasive Computing, 2(1):30--36, 2003. Google ScholarDigital Library
T. Takada, T. Onuki, and H. Koike. Awase-e: Recognition-based image authentication scheme using users' personal photographs. In Innovations in Information Technology, pages 1--5, 2006.Google ScholarCross Ref
X. Suo, Y. Zhu, and G. Owen. Graphical passwords: A survey. In Proc. Annual Computer Security Applications Conference, pages 463--472, 2005. Google ScholarDigital Library
D. Weinshall and S. Kirkpatrick. Passwords you'll never forget, but can't recall. In Proc. Conference on Human Factors in Computing Systems, pages 1399--1402, 2004. Google ScholarDigital Library
S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. Authentication using graphical passwords: effects of tolerance and image choice. In Proc. Symposium on Usable Privacy and Security, pages 1--12, 2005. Google ScholarDigital Library

Index Terms

Time evolving graphical password for securing mobile devices
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Graphical Password: Prototype Usability Survey
ICACTE '08: Proceedings of the 2008 International Conference on Advanced Computer Theory and Engineering

Access to computer networks and systems is most often based on the use of conventional passwords nowadays. However, users have difficulty remembering a password that is long and random-appearing. So, they create short, simple, and insecure passwords. ...
Read More
Token-based graphical password authentication

Given that phishing is an ever-increasing problem, a better authentication system is required. We propose a system that uses a graphical password deployed from a Trojan and virus-resistant embedded device. The graphical password utilizes a personal ...
Read More
A new shoulder-surfing resistant password for mobile environments
ICUIMC '11: Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication

In mobile devices such as smart phones, it is important to provide adequate user authentication. Conventional text-based passwords have significant drawbacks though they are used as the most common authentication method. To address the vulnerabilities of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
May 2013
574 pages
ISBN:9781450317672
DOI:10.1145/2484313
General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 May 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
edge detection
graphical password
mobile device security
Qualifiers
- short-paper
Conference

Acceptance Rates
ASIA CCS '13 Paper Acceptance Rate35of216submissions,16%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 4
  Total Citations
  View Citations
- 425
  Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Time evolving graphical password for securing mobile devices

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Graphical Password: Prototype Usability Survey

Token-based graphical password authentication

A new shoulder-surfing resistant password for mobile environments