Abstract
Graphical user authentication (GUA) is an alternative replacement for traditional password that used text-based form. Even though GUA has high usability and security, it is also facing security attacks that legitimate from the traditional password such as brute force, shoulder surfing, dictionary attack, social engineering, and guessing attacks. The proposed category-based graphical user authentication (CGUA) scheme is developed for web application and based on image category. This category image is inspired from the Hanafuda Japanese card game. The scheme also involved several security features such as decoys, randomly assigned, hashing, limited login attempts, and random characters to strengthen the CGUA scheme. Overall, the proposed CGUA scheme was able to mitigate known attacks based on the security features analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adams, A., Sasse, M.: Users are not the enemy. Commun. ACM 42, 40–46 (1999)
De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum. Comput. Stud. 2(63), 128–152 (2005)
Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 463–472 (2005)
Chowdhury, S., Poet, R., Mackenzie, L.: Do graphical authentication systems solve the password memorability problem? In: Tryfonas T., Askoxylakis I. (eds.) Human Aspects of Information Security, Privacy, and Trust SE—13, vol. 8533, pp. 138–148. Springer, Berlin (2014)
Zakaria, O., Zangooei, T., Mohd-Shukran, M.-A.: Graphical password authentication: review and analysis. AISS 4(15), 25–32 (2012)
Komanduri, S., Hutchings, D.R.: Order and entropy in picture passwords. In: Proceedings of Graphics Interface 2008, pp. 115–122 (2008)
Passfaces, Graphical password technology [Online] (2011). Available: http://www.realuser.com
Ekeke, E., Ugochukwu, K., Jusoh, Y.Y.: A review on the graphical user authentication algorithm: 2. Categories of graphical user authentication algorithm. Int. J. Inf. Process. Manag. 4, 238–252 (2013)
Furkan, T., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 56–66 (2006)
Eljetlawi, A.M.: Study and Develop A New Graphical Password System. Universiti Teknologi Malaysia, Malaysia (2008)
Farmand, S., Omar, B.Z.: Improving graphical password resistant to shoulder-surfing using 4-way recognition-based sequence reproduction (RBSR4). In The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 644–650 (2010)
Lashkari, A.H.: Graphical user authentication algorithm based on rotation and resizing (GUABRR) [Online] (2011). Available: http://graphicalpassword.net/
Mihajlov, M., Jerman-Blažič, B.: On designing usable and secure recognition-based graphical authentication mechanisms. Interact. Comput. 23, 582–593 (2011)
Tari, F., Ozok, A., Holden, S.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS ‘06), pp. 56–66 (2006)
Jebriel, S.M., Poet, R.: Preventing shoulder-surfing when selecting pass-images in challenge set. In: International Conference on Innovations in Information Technology (IIT), pp. 437–442 (2011)
Hu, W., Wu, X., Wei, G.: The security analysis of graphical password. In: International Conference on Communications and Intelligence Information Security (ICCIIS) (2010)
Jansen, W., Gavrilla, S., Korolev, V., Ayers, R., Swanstrom, R.: Picture password: a visual login technique for mobile devices (2003)
Takada, T., Koike, H.: Awase-E: image-based authentication for mobile phones using user’s favorite images. In: Human-Computer Interaction With Mobile Devices, pp. 347–351 (2003)
Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In Proceedings of the 13th Conference On USENIX Security Symposium (SSYM’04), p. 11 (2004)
Weinshall, D., Kirkpatrick, S.: Password you’ll never forget, but can’t recall. In: Proceeding of the Conference on Human Factors in Computing System (CHI), pp. 1399–1402 (2004)
Gao, H., Liu, X., Dai, R., Wang, S., Chang, X.: Analysis and evaluation of the colorlogin graphical password scheme. In: Proceedings of the 2009 Fifth International Conference on Image and Graphics, pp. 722–727 (2009)
Lashkari, A.H., Gani, A., Ghasemi Sabet, L., Farmand, S.: A new algorithm on graphical user authentication (GUA) based on multi-line grids. Acad. J. 5, 3865–3875 (2010)
Lashkari, A.H., Manaf, A.A., Masrom, M.: A secure recognition based graphical password by watermarking. In: 2011 IEEE 11th International Conference on Computer and Information Technology (CIT), pp. 164–170 (2011)
Gao, H., Liu, X.: A new graphical password scheme against spyware by using CAPTCHA. In: Proceedings of the 5th Symposium on Usable Privacy and Security (2010)
van Oorschot, P.C., Wan, T.: TwoStep: an authentication method combining text and graphical passwords. In E-Technologies: Innovation in an Open World, pp. 233–239. Springer, Berlin (2009)
Ayannuga Olanrewaju, O., Olusegun, F.: Evalution of a usable hybrid authentication system. Int. J. Comput. Appl. 17(8), 27–31 (2011)
Acknowledgments
This research work is supported and funded by Universiti Teknologi Malaysia (UTM) under Research University Grant (RUG) vote No. Q.J130000.2528.05H76.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Osman, M.Z., Ithnin, N. (2015). Category-Based Graphical User Authentication (CGUA) Scheme for Web Application. In: Abraham, A., Muda, A., Choo, YH. (eds) Pattern Analysis, Intelligent Security and the Internet of Things. Advances in Intelligent Systems and Computing, vol 355. Springer, Cham. https://doi.org/10.1007/978-3-319-17398-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-17398-6_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17397-9
Online ISBN: 978-3-319-17398-6
eBook Packages: EngineeringEngineering (R0)