skip to main content
10.1145/3448696.3448721acmotherconferencesArticle/Chapter ViewAbstractPublication PagesafrichiConference Proceedingsconference-collections
short-paper

Pure Recall-Based Graphical User Authentication Schemes: Perspectives from a Closer Look

Published: 08 July 2021 Publication History

Abstract

In an era of mobile, embedded and ubiquitous computing, activities of hackers and cybercriminals has metamorphosed into a global pandemic. Resulting effects cuts across most sectors of human endeavor given the high penetration level of technology. Successful unauthorized access leading to information and identity theft, system infiltration, intellectual property theft, financial crimes, extortion, carding and much more are on the increase, consequently making user authentication an important process, ensuring systems and services are accessed by their intended users. Text passwords are the most widely deployed user authentication scheme today. However, are hardly human-friendly for the vast majority, leaving humans with a memorability problem and consequently a security problem. Graphical User Authentication (GUA) schemes, on the other hand, are proven by state-of-the-art research with compelling evidence to perform better in memorability and potentially by implication security. However currently available GUA schemes provide theoretical entropy levels far from that offered by text password scheme. Thus the research community constantly is seeking to improve GUAs to position them as possible alternatives to Text passwords. This study is a first of two planned studies. It seeks to take a closer look at Pure Recall-based GUAs with emphasis on a user authentication design factor contextual parameter. The study aims at a better understanding of Pure Recall-based GUAs developed between the first 20 years (1996 to 2016), then others in a later study in an attempt to better position Pure Recall-based GUAs as alternatives to text passwords.

References

[1]
Belk, M., Fidas, C., Germanakos, P., & Samaras, G. (2017c). The interplay between humans, technology and user authentication: A cognitive processing perspective. Computers in Human Behavior, 76, 184-200.
[2]
Koved, L., & Stobert, E. (2016). Who are you?! Adventures in authentication (WAY). Workshop at the Symposium on Usable Privacy and Security (SOUPS 2016), USENIX Association.
[3]
Seqrite. (2018) Importance of user authentication in network security. [Online]. Available: https://blogs.seqrite.com/
[4]
Suo, X., Zhu, Y. & Owen, G. (2005). 'Graphical Passwords: A Survey'. 21st Annual ComputerSecurity Applications Conference (ACSAC'05). Tucson, USA: IEEE.10 pp.-472.
[5]
Cain, A. A., Werner, S., & Still, J. D. (2017, May). Graphical authentication resistance to over-the-shoulder-attacks. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (pp. 2416-2422). ACM.
[6]
Monrose, F. & Reiter, M. (2005). 'Graphical passwords'. Security and Usability. O'Reilly, ch.9, pp 147-164.
[7]
Suo, X., Zhu, Y. & Owen, G. (2006). 'Analysis and Design of Graphical Password Techniques'. Advances in Visual Computing, (4292). pp 741-749.
[8]
Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A. & Memon, N. (2005). 'PassPoints: Design and Longitudinal Evaluation of a Graphical Password System'. International Journal of Human Computer Studies, 63 (1). pp 102-127.
[9]
Alsaiari, H. (2016). Graphical one-time password authentication. University of Plymouth: Faculty of Science and Engineering. 1-242.
[10]
Katsini, C., Raptis, G. E., Fidas, C., & Avouris, N. (2018). Does image grid visualization affect password strength and creation time in graphical authentication?. In Proceedings of the 2018 International Conference on Advanced Visual Interfaces (p. 33). ACM.
[11]
Christina Katsini, Marios Belk, Christos Fidas, Nikolaos Avouris, and George Samaras. (2016). Security and Usability in Knowledge-based User Authentication: A Review. In Proceedings of the 20th Pan-Hellenic Conference on Informatics (PCI’16). ACM, New York, NY, USA, Article 63, 6 pages. https://doi.org/10.1145/3003733.3003764
[12]
Katsini, C., Fidas, C., Belk, M., Avouris, N., & Samaras, G. (2017). Influences of users' cognitive strategies on graphical password composition. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (pp. 2698-2705).
[13]
Ma, Y., Feng, J., Kumin, L., & Lazar, J. (2013). Investigating user behavior for authentication methods: A comparison between individuals with Down syndrome and neurotypical users. ACM Transactions on Accessible Computing, 4(4), Article 15, 27 pages.
[14]
Nicholson, J., Coventry, L. & Briggs, P. (2013a). Age-related performance issues for PIN and face-based authentication systems. In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI 2013), ACM Press, 323-332.
[15]
Belk Marios, Christos Fidas, Panagiotis Germanakos, and George Samaras. 2015. A Personalized User Authentication Approach Based on Individual Differences in Information Processing. Interacting with Computers 27, 6: 706–723. http://dx.doi.org/10.1093/iwc/iwu033.
[16]
Belk, M., Fidas, C., Katsini, C., Avouris, N., & Samaras, G. (2017a). Effects of human cognitive differences on interaction and visual behavior in graphical user authentication. In Proceedings of the IFIP TC13Conference on Human-Computer Interaction (INTERACT 2017), Springer-Verlag (to appear)
[17]
Melicher, W., Kurilova, D., Segreti, S., Kalvani, P., Shay, R., Ur, B., Bauer, L., Christin, L., Cranor, L., &Mazurek, M. (2016). Usability and security of text passwords on mobile devices. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2016), ACM Press, 527-539.
[18]
Von Zezschwitz, E., De Luca, A., & Hussmann, H. (2014). Honey, I shrunk the keys: Influences of mobiledevices on password composition and authentication performance. In Proceedings of the Nordic Conference on Human-Computer Interaction: Fun, Fast, Foundational (NordiCHI 2014), ACM Press,461-470.
[19]
Schlöglhofer, R., & Sametinger, J. (2012). Secure and usable authentication on mobile devices. In Proceedings of the ACM Conference on Advances in Mobile Computing & Multimedia (MoMM 2012),ACM Press, 257-262.Katsini, C., Raptis, G. E., Fidas, C., & Avouris, N. (2018). Does image grid visualization affect password strength and creation time in graphical authentication?. In Proceedings of the 2018 International Conference on Advanced Visual Interfaces (p. 33). ACM.
[20]
Mihajlov, M., & Jerman-Blazic, B. (2011). On designing usable and secure recognition-based graphical authentication mechanisms. Interacting with Computers, 23(6), 582-593
[21]
Thorpe, J., Al-Badawi, M., MacRae, B., & Salehi-Abari, A. (2014). The presentation effect on graphicalpasswords. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI2014). ACM Press, 2947-2950.
[22]
Komanduri, S., Shay, R., Kelley, P., Mazurek, M., Bauer, L., Christin, N., Cranor, L., & Egelman, S. (2011). Of passwords and people: Measuring the effect of password-composition policies. In Proceedings of theConference on Human Factors in Computing Systems (CHI 2011), ACM Press, 2595-2604.
[23]
Hayashi, E., Hong, J., & Christin, N. (2011). Security through a different kind of obscurity: Evaluating distortion in graphical authentication schemes. In Proceedings of the ACM Conference on HumanFactors in Computing Systems (CHI 2011), ACM Press, 2055-2064.
[24]
Alshehri, M., & Crawford, H. (2016). Using image saliency and regions of interest to encourage stronger graphical passwords. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC 2016), ACM Press, 127-138.
[25]
Belk, M., Pamboris, A., Fidas, C., Katsini, C., Avouris, N., & Samaras, G. (2017b). Sweet-spotting security and usability for intelligent graphical authentication mechanisms. In Proceedings of the International Conference on Web Intelligence (pp. 252-259).
[26]
Greg E. Blonder, Graphical Password U.S. Patent No.5559961, 1996.
[27]
Alsaiari, H., 2016. Graphical one-time password authentication (Doctoral dissertation, University of Plymouth).
[28]
Biddle, R., Chiasson, S. & Van Oorschot, P. (2012). 'Graphical Passwords: Learning From theFirst Twelve Years'. ACM Computing Surveys (CSUR), 44 (4). pp 1-41.
[29]
Tao, H. & Adams, C. (2008). 'Pass-Go: A Proposal to Improve the Usability of GraphicalPasswords'. International Journal of Network Security, 7 (2). pp 273-292.
[30]
Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K. & Rubin, A. D. (1999). 'The design and analysisof graphical passwords'. Proceedings of the 8th USENIX Security Symposium. Washington, USA,pp 1-14.
[31]
Bhanushali, A., Mange, B., Vyas, H., Bhanushali, H. & Bhogle, P. (2015). 'Comparison ofGraphical Password Authentication Techniques'. International Journal of ComputerApplications, 116 (1). pp 11-14.
[32]
Wu, T.-S., Lee, M.-L., Lin, H.-Y. & Wang, C.-Y. (2014). 'Shoulder-surfing-proof graphicalpassword authentication scheme'. International journal of information security, 13 (3). pp 245-254.
[33]
Gupta, S., Sahni, S., Sabbu, P., Varma, S. & Gangashetty, S. V. (2012). 'Passblot: A HighlyScalable Graphical one Time Password System'. International Journal of Network Security & ItsApplications (IJNSA), 4 (2). pp 201-216.
[34]
Chiang, H.-Y. & Chiasson, S. (2013). 'Improving User Authentication on Mobile Devices: ATouchscreen Graphical Password', Proceedings of the 15th international conference on Humancomputerinteraction with mobile devices and services. ACM, pp. 251-260.
[35]
Tari, F., Ozok, A. & Holden, S. H. (2006). 'A Comparison of Perceived and Real Shoulder-surfingRisks Between Alphanumeric and Graphical Passwords'. Proceedings of the Second Symposiumon Usable Privacy and Security (SOUPS'06). Pittsburgh, USA: ACM, pp 56-66.
[36]
Agarwal, M., Mehra, M., Pawar, R., & Shah, D. (2011, February). Secure authentication using dynamic virtual keyboard layout. In Proceedings of the International Conference & Workshop on Emerging Trends in Technology (pp. 288-291).

Cited By

View all
  • (2024)Performance Analysis of Authentication System: A Systematic Literature ReviewRecent Advances in Computer Science and Communications10.2174/012666255824653123112111551417:7Online publication date: Oct-2024
  • (2023)A Comparison Between Position-Based and Image-Based Multi-Layer Graphical user Authentication SystemOriental journal of computer science and technology10.13005/ojcst16.01.0316:01(46-60)Online publication date: 30-May-2023
  • (2022)Layered Battleship Game Changer Password SystemInformatica10.15388/22-INFOR48933:2(225-246)Online publication date: 1-Jan-2022

Index Terms

  1. Pure Recall-Based Graphical User Authentication Schemes: Perspectives from a Closer Look
          Index terms have been assigned to the content through auto-classification.

          Recommendations

          Comments

          Information & Contributors

          Information

          Published In

          cover image ACM Other conferences
          AfriCHI '21: Proceedings of the 3rd African Human-Computer Interaction Conference: Inclusiveness and Empowerment
          March 2021
          182 pages
          ISBN:9781450388696
          DOI:10.1145/3448696
          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          Published: 08 July 2021

          Permissions

          Request permissions for this article.

          Check for updates

          Author Tags

          1. Dynamic
          2. Graphical
          3. Password
          4. Pure-Recall
          5. User Authentication

          Qualifiers

          • Short-paper
          • Research
          • Refereed limited

          Conference

          AfriCHI 2021

          Contributors

          Other Metrics

          Bibliometrics & Citations

          Bibliometrics

          Article Metrics

          • Downloads (Last 12 months)10
          • Downloads (Last 6 weeks)1
          Reflects downloads up to 24 Jan 2025

          Other Metrics

          Citations

          Cited By

          View all
          • (2024)Performance Analysis of Authentication System: A Systematic Literature ReviewRecent Advances in Computer Science and Communications10.2174/012666255824653123112111551417:7Online publication date: Oct-2024
          • (2023)A Comparison Between Position-Based and Image-Based Multi-Layer Graphical user Authentication SystemOriental journal of computer science and technology10.13005/ojcst16.01.0316:01(46-60)Online publication date: 30-May-2023
          • (2022)Layered Battleship Game Changer Password SystemInformatica10.15388/22-INFOR48933:2(225-246)Online publication date: 1-Jan-2022

          View Options

          Login options

          View options

          PDF

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format.

          HTML Format

          Figures

          Tables

          Media

          Share

          Share

          Share this Publication link

          Share on social media