An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack

Devi E; Kavi Bharathi K; Suruthy P; Keerthana S; Dr. Suguna N

doi:10.32628/IJSRSET196298

Authors

Devi E Department of Computer Science and Engineering, Akshaya college of Engineering and technology, Coimbatore, Tamil Nadu, India
Kavi Bharathi K Department of Computer Science and Engineering, Akshaya college of Engineering and technology, Coimbatore, Tamil Nadu, India
Suruthy P Department of Computer Science and Engineering, Akshaya college of Engineering and technology, Coimbatore, Tamil Nadu, India
Keerthana S Department of Computer Science and Engineering, Akshaya college of Engineering and technology, Coimbatore, Tamil Nadu, India
Dr. Suguna N Department of Computer Science and Engineering, Akshaya college of Engineering and technology, Coimbatore, Tamil Nadu, India

Keywords:

GUI, zero-knowledge, Cogent Evidence Protocol, Graphical Password

Abstract

Data and computer protection is endured largely by countersigns which are the principle part of the authorization and authentication cognitive process. The most common information processing system authentication process is to apply alphanumerical username and password which has important drawbacks. Graphical passwords are often deliberated prone to shoulder-surfing attacks, where attackers can sneak a user's password by peeking over his or her shoulder in the certification process. Graphical passwords seem to be the solution as it is described more in the design structure of the authentication. A graphical password is an authentication scheme that works by accepting the user select from images, in a particular grade, demonstrated in a graphical user interface (GUI). The proposed research is an approach to enhance the subsisting Graphical Password techniques and resist against attacks like Shoulder Surfing. Based on the principle of zero-knowledge cogent evidence protocol, the additional improvement is the primary figure to overcome the shoulder-surfing attack issue without adding any additional complexity into the authentication process.

References

J. Kirk, “Study: Users ignore bank security features,” Computerworld, Feb. 2007,
http://www.computerworld.com/s/article/9010283/Study_Users_ignore_ bank_security_features_.
Bank of America, “SiteKey FAQs,” https://www.bankofamerica.com/privacy/faq/sitekey-faq.go, 2013.
PNC, “Online security information,” https://www.pnc.com/webapp/unsec/Solutions.do?siteArea=/pnccorp/PNC/ security+Information/Security+Information, 2013.
Santander Bank, “SSA makes online banking even more secure,” https://www.santanderbank.com/us/personal/banking/online-andmobile- banking/security-center/ssa-learn-more, 2014.
S. Schechter, R. Dhamija, A. Ozment, and I. Fischer, “The emperor’s new security indicators: An evaluation of website authentication and the effect of role playing on usability studies,” in Proceedings of the 28th IEEE Symposium on Security and Privacy, 2007.
Herzberg and R. Margulies, “Forcing Johnny to login safely,” in Proceedings of the 16th European Symposium on Research in Computer Security, 2011.
M. Wu, R. C. Miller, and S. L. Garfinkel, “Do security toolbars actually prevent phishing attacks?” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2010.
J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor, “Crying wolf: An empirical study of SSL warning effectiveness,” in Proceedings of the 18th USENIX Security Symposium, 2009.
“U.S. patent number 5,559,961,” 1996.
Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and analysis of graphical passwords,” in Proceedings of the 8th USENIX Security Symposium, 1999.

An Association-Based Graphical Password Design Resistant to Shoulder-Surfing Attack

Authors

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

How to Cite