Abstract
With the rapid development of intelligent mobile devices and network applications, user authentication plays an important role to help protect people’s privacy and sensitive information. A large number of authentication textual and graphical schemes have been proposed in the literature, but the majority of them are vulnerable to shoulder surfing attacks, or have to sacrifice usability. Motivated by this challenge, we propose a graph-supplemented textual shoulder surfing resistant authentication system, called PassGrid. With a series of one-time login indicators and cyclic movable blocks with textual elements, PassGrid prevents attackers from guessing the passwords even with the help of a camera. To reduce users’ workload, they only have to memorize one set of the password. Our user study shows that PassGrid can achieve good performance regarding security and usability, i.e., average login time consumption of 22s with a small password length.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: Proceedings of the 8th Conference USENIX Security Symposium, vol. 8 (1999)
Blonder, G.E.: Graphical passwords. United States Patent 5559961 (1996)
Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63(1–2), 102–127 (2005)
Sobrado, L., Birget, J.C.: Graphical passwords. The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4 (2002)
Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_5
Meng, W.: RouteMap: a route and map based graphical password scheme for better multiple password memory. Network and System Security. LNCS, vol. 9408, pp. 147–161. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25645-0_10
Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016)
Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_34
Meng, W., Lee, W.H., Au, M.H., Liu, Z.: Exploring effect of location number on map-based graphical password authentication. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 301–313. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_17
Meng, W., Li, W., Kwok, L.F., Choo, K.K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)
Meng, W., Fei, F., Jiang, L., Liu, Z., Su, C., Han, J.: CPMap: design of click-points map-based graphical password authentication. SEC 2018, 18–32 (2018)
Meng, W., Liu, Z.: TMGMap: designing touch movement-based geographical password authentication on smartphones. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 373–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_23
Sun, H.-M., Chen, S.-T., Yeh, J.-H., Cheng, C.-Y.: Shoulder surfing resistant graphical authentication system. IEEE Trans. Dependable Secure Comput. 15(2), 180–193 (2018)
Aviv, A., Gibson, K., Mossop, E., Blaze, M., Smith, J.: Smudge attacks on smartphone touch screens. In: Proceedings of USENIX 4th Workshop on Offensive Technologies (2010)
Zhao, H., Li, X.: S3pas: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: Proceeding of the 21st International Conference Advances Information Network Applications Workshops, vol. 2, pp. 467–472 (2007)
Long, J., Mitnick, K.: No tech hacking: a guide to social engineering, dumpster diving, and shoulder surfing (2011). https://www.hackersforcharity.org/files/NTH_SAMPLE.pdf
Kwon, T., Shin, S., Na, S.: Covert attentional shoulder surfing: human adversaries are more powerful than expected. IEEE Trans. Syst. Man Cybern. Syst. 44(6), 716–727 (2014)
Google glass snoopers can steal your passcode with a glance. http://www.wired.com/2014/06/ google-glass-snoopers-can-steal-your-passcode-with-a-glance/
Bianchi, A., Oakley, I., Kim, H.S.: PassBYOP: bring your own picture for securing graphical passwords. IEEE Trans. Hum.-Mach. Syst. 46(3), 2168–2291 (2015)
Tan, D., Keyani, P., Czerwinski, M.: Spy-resistant keyboard: towards more secure password entry on publicly observable touch screens. In: Proceedings of OZCHIComputer- Human Interaction Special Interest Group (CHISIG) of Australia, Canberra, Australia. ACM Press. Citeseer (2005)
Wang, L., Chang, X., Ren, Z., Gao, H., Liu, X., Aickelin, U.: Against spyware using captcha in graphical password scheme. In: Proceeding of the 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 760–767. IEEE (2010)
Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W.T., Song, L.: EvoPass: evolvable graphical password against shoulder-surfing attacks. Comput. Secur. 70, 179–198 (2017)
Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the working conference on Advanced Visual Interfaces, ser. AVI 2006, pp. 177–184. ACM, New York (2006)
Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC, pp. 463–472. IEEE Computer Society, USA (2005)
Takada, T.: Fakepointer: an authentication scheme for improving security against peeping attacks using video cameras. In: Proceedings of the 2nd International Conference Mobile Ubiquitous Computer, System, Service Technology, pp. 395–400 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhou, T., Liu, L., Wang, H., Li, W., Jiang, C. (2019). PassGrid: Towards Graph-Supplemented Textual Shoulder Surfing Resistant Authentication. In: Meng, W., Furnell, S. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2019. Communications in Computer and Information Science, vol 1095. Springer, Singapore. https://doi.org/10.1007/978-981-15-0758-8_19
Download citation
DOI: https://doi.org/10.1007/978-981-15-0758-8_19
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0757-1
Online ISBN: 978-981-15-0758-8
eBook Packages: Computer ScienceComputer Science (R0)