Skip to main content
SpringerLink
Log in

PassGrid: Towards Graph-Supplemented Textual Shoulder Surfing Resistant Authentication

  • Conference paper
  • First Online:
Security and Privacy in Social Networks and Big Data (SocialSec 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1095))

Abstract

With the rapid development of intelligent mobile devices and network applications, user authentication plays an important role to help protect people’s privacy and sensitive information. A large number of authentication textual and graphical schemes have been proposed in the literature, but the majority of them are vulnerable to shoulder surfing attacks, or have to sacrifice usability. Motivated by this challenge, we propose a graph-supplemented textual shoulder surfing resistant authentication system, called PassGrid. With a series of one-time login indicators and cyclic movable blocks with textual elements, PassGrid prevents attackers from guessing the passwords even with the help of a camera. To reduce users’ workload, they only have to memorize one set of the password. Our user study shows that PassGrid can achieve good performance regarding security and usability, i.e., average login time consumption of 22s with a small password length.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: Proceedings of the 8th Conference USENIX Security Symposium, vol. 8 (1999)

    Google Scholar 

  2. Blonder, G.E.: Graphical passwords. United States Patent 5559961 (1996)

    Google Scholar 

  3. Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63(1–2), 102–127 (2005)

    Article  Google Scholar 

  4. Sobrado, L., Birget, J.C.: Graphical passwords. The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4 (2002)

    Google Scholar 

  5. Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_5

    Chapter  Google Scholar 

  6. Meng, W.: RouteMap: a route and map based graphical password scheme for better multiple password memory. Network and System Security. LNCS, vol. 9408, pp. 147–161. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25645-0_10

    Chapter  Google Scholar 

  7. Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016)

    Article  Google Scholar 

  8. Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_34

    Chapter  Google Scholar 

  9. Meng, W., Lee, W.H., Au, M.H., Liu, Z.: Exploring effect of location number on map-based graphical password authentication. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 301–313. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_17

    Chapter  Google Scholar 

  10. Meng, W., Li, W., Kwok, L.F., Choo, K.K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)

    Article  Google Scholar 

  11. Meng, W., Fei, F., Jiang, L., Liu, Z., Su, C., Han, J.: CPMap: design of click-points map-based graphical password authentication. SEC 2018, 18–32 (2018)

    Google Scholar 

  12. Meng, W., Liu, Z.: TMGMap: designing touch movement-based geographical password authentication on smartphones. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 373–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_23

    Chapter  Google Scholar 

  13. Sun, H.-M., Chen, S.-T., Yeh, J.-H., Cheng, C.-Y.: Shoulder surfing resistant graphical authentication system. IEEE Trans. Dependable Secure Comput. 15(2), 180–193 (2018)

    Article  Google Scholar 

  14. Aviv, A., Gibson, K., Mossop, E., Blaze, M., Smith, J.: Smudge attacks on smartphone touch screens. In: Proceedings of USENIX 4th Workshop on Offensive Technologies (2010)

    Google Scholar 

  15. Zhao, H., Li, X.: S3pas: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: Proceeding of the 21st International Conference Advances Information Network Applications Workshops, vol. 2, pp. 467–472 (2007)

    Google Scholar 

  16. Long, J., Mitnick, K.: No tech hacking: a guide to social engineering, dumpster diving, and shoulder surfing (2011). https://www.hackersforcharity.org/files/NTH_SAMPLE.pdf

  17. Kwon, T., Shin, S., Na, S.: Covert attentional shoulder surfing: human adversaries are more powerful than expected. IEEE Trans. Syst. Man Cybern. Syst. 44(6), 716–727 (2014)

    Article  Google Scholar 

  18. Google glass snoopers can steal your passcode with a glance. http://www.wired.com/2014/06/ google-glass-snoopers-can-steal-your-passcode-with-a-glance/

  19. Bianchi, A., Oakley, I., Kim, H.S.: PassBYOP: bring your own picture for securing graphical passwords. IEEE Trans. Hum.-Mach. Syst. 46(3), 2168–2291 (2015)

    Google Scholar 

  20. Tan, D., Keyani, P., Czerwinski, M.: Spy-resistant keyboard: towards more secure password entry on publicly observable touch screens. In: Proceedings of OZCHIComputer- Human Interaction Special Interest Group (CHISIG) of Australia, Canberra, Australia. ACM Press. Citeseer (2005)

    Google Scholar 

  21. Wang, L., Chang, X., Ren, Z., Gao, H., Liu, X., Aickelin, U.: Against spyware using captcha in graphical password scheme. In: Proceeding of the 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 760–767. IEEE (2010)

    Google Scholar 

  22. Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W.T., Song, L.: EvoPass: evolvable graphical password against shoulder-surfing attacks. Comput. Secur. 70, 179–198 (2017)

    Article  Google Scholar 

  23. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the working conference on Advanced Visual Interfaces, ser. AVI 2006, pp. 177–184. ACM, New York (2006)

    Google Scholar 

  24. Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC, pp. 463–472. IEEE Computer Society, USA (2005)

    Google Scholar 

  25. Takada, T.: Fakepointer: an authentication scheme for improving security against peeping attacks using video cameras. In: Proceedings of the 2nd International Conference Mobile Ubiquitous Computer, System, Service Technology, pp. 395–400 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Teng Zhou & Liang Liu

  2. NARI Technology Co., Ltd. State Key Laboratory of Smart Grid Protection and Control in China, Nanjing, China

    Haifeng Wang

  3. Department of Computer Science, City University of Hong Kong, Hong Kong S.A.R., China

    Wenjuan Li

  4. School of Computer Science, Guangzhou University, Guangzhou, China

    Chong Jiang

Authors
  1. Teng Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haifeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chong Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Liang Liu .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  2. University of Plymouth, Devon, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhou, T., Liu, L., Wang, H., Li, W., Jiang, C. (2019). PassGrid: Towards Graph-Supplemented Textual Shoulder Surfing Resistant Authentication. In: Meng, W., Furnell, S. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2019. Communications in Computer and Information Science, vol 1095. Springer, Singapore. https://doi.org/10.1007/978-981-15-0758-8_19

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-0758-8_19

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-0757-1

  • Online ISBN: 978-981-15-0758-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation