TCpC: a graphical password scheme ensuring authentication for IoT resources

  • Priya Matta
  • Bhasker Pant
Original Research


In last few years, information world has come across one of the most appealing paradigms, namely Internet-of-Things (IoT). Both the industry as well as the academia is fascinated by the open issues and research challenges of Internet-of-Things. The enormity in the development, expansion, and advantages of the paradigm is unbelievable, and this results in the transition of the information world to this paradigm. At the same time, it raises the security concerns along with many other open issues towards the paradigm. This paper specifically focuses on the confidentiality component out of the three components of security triad, namely confidentiality, integrity and availability. Although researchers have high interest towards all the three components, but the questions posed by many researchers, academicians and end users raise major issues over ‘confidentiality’. Confidentiality is all about guaranteeing the authentic access to a piece of information or a service or even a resource, to a particular individual or computing device. The resource in question may be one of the resources of an IoT system. This can be achieved by deploying some authentication techniques. Here we discuss various types of authentication techniques, purposely putting our emphasis on one of the well-known authentication technique, viz. passwords. This work reviews the existing techniques, their drawbacks and claimed advantages of the upcoming password techniques. It also surveys some of the supportive methods for the naïve users of password techniques. This paper aims at classifying, comparing and encapsulating the problems, demanded solutions and suggestions from relevant published technical and review articles in the field of authentication. This paper particularly highlights graphical password schemes. This proposes a naïve graphical password scheme to assure the authentic access of IoT resources, namely TCpC. At the end we have mentioned the advantages of TCpC over other authentication schemes. We have also compared and analyzed the different proposed password schemes with our technique.


Authentication Confidentiality Graphical password Internet-of-Things Security Security triad 


  1. 1.
    News Search and Analytics. [Online]. Accessed 21 April 2017
  2. 2.
    Wikipedia [online]. Accessed 27 April 2017
  3. 3.
    Feruza YS, Kim T (2007) IT security review: privacy, protection, access control, assurance and system security. Int J Multimed Ubiquitous Eng 2(2):17–31Google Scholar
  4. 4.
    Wikipedia [online]. Accessed 27 April 2017
  5. 5.
    Bridges K (2006) Illustrated dictionary of information system management. Lotus PressGoogle Scholar
  6. 6.
    TechTarget [online]. Accessed 25 March 2017
  7. 7.
    Patel DR (2008) Information security: theory and practice. PHI Learning Pvt. Ltd., New DelhiGoogle Scholar
  8. 8.
    Alsulaiman AF, Saddik AE (2008) Three-dimensional password for more secure authentication. IEEE Trans Instrum Meas 57(9):1929–1938CrossRefGoogle Scholar
  9. 9.
    Waern Y, McDonald S, Cockton G (2000) People and computers XIV—usability or else! In: Proceedings of HCI, Springer, BerlinGoogle Scholar
  10. 10.
    Corn TS, Juels A, Triandopoulos N (2015b) Methods and apparatus for knowledge-based authentication using historically-aware questionnaires, Patent publication number:US 9009844 B1, 14 April 2015Google Scholar
  11. 11.
    Corn TS, Juels A, Triandopoulos A (2015a) Methods and apparatus for fraud detection and remediation in knowledge-based authentication, Patent publication number: US 9021553 B1, 28 Apr 2015Google Scholar
  12. 12.
    Zimmerman M (2002) Biometrics and user authentication [online]. SANS Institute InfoSec Reading Room, Version 1.2f, SANS Institute.
  13. 13.
    Brostoff S, Sasse MA(2000) Are passfaces more usable than passwords? A field trial investigation. Department of computer science, University College London, London, WC1E 6BTGoogle Scholar
  14. 14.
    Zhu J, Hu H, Hu S, Wu P, Zhang JY (2013) Mobile behaviometrics: models and applications. In: IEEE/CIC International Conf. on Communications in China (ICCC), pp 117–123Google Scholar
  15. 15.
    Spafford EH, Stephen AW (1996) User authentication and related topics: An annotated bibliography [online]. Technical Report 91–086, Purdue University, Department of Computer Sciences.
  16. 16.
    Kessler GC (1996) Passwords—strengths and weaknesses [Online].
  17. 17.
  18. 18.
    Sobrado L, Birget JC (2002) Graphical passwords, vol 4, The Rutgers Scholar, Department of Computer Science, Rutgers UniversityGoogle Scholar
  19. 19.
    Klein DV (1990) Foiling the cracker: a survey of, and improvement to passwords security. In: USENIX Security Workshop, pp 5–14Google Scholar
  20. 20.
    Spafford EH (1992) Opus: preventing weak password choices. Comput Secur 11(3):273–278CrossRefGoogle Scholar
  21. 21.
    Blonder G (1996) “Graphical password”. U.S. Patent, 5 559 961Google Scholar
  22. 22.
    Jermyn I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: proceedings of 8th USENIX Security SymposiumGoogle Scholar
  23. 23.
    Man S, Hong D, Mathews M (2003) A shoulder-surfing resistant graphical password scheme.In: Proceedings of International conference on security and management, Las Vegas, NVGoogle Scholar
  24. 24.
    Zhao H, Li X (2007) S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. Adv Inf Netw Appl Workshops 2:21–23Google Scholar
  25. 25.
    Chiasson S, Stobert E, Forget A, Biddle R, Oorscho PCV (2012) Persuasive cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans Dependable Secure Comput 9(2):222–235CrossRefGoogle Scholar
  26. 26.
    Sun HM, Chen YH, Lin YH (2012) oPass: a user authentication protocol resistant to password stealing and password reuse attacks. IEEE Trans Inf Forensics Secur 7(2):651–663CrossRefGoogle Scholar
  27. 27.
    Zhu BB, Yan J, Bao G, Yang M, Xu N (2014) Captcha as graphical passwords: a new security primitive based on hard AI problems. IEEE Trans Inf Forensics Secur 9(6):891–904CrossRefGoogle Scholar

Copyright information

© Bharati Vidyapeeth's Institute of Computer Applications and Management 2018

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringGraphic Era UniversityDehradunIndia

Personalised recommendations