Skip to main content
SpringerLink
Log in

Category-Based Graphical User Authentication (CGUA) Scheme for Web Application

  • Conference paper
  • First Online:
Pattern Analysis, Intelligent Security and the Internet of Things

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 355))

  • 1453 Accesses

Abstract

Graphical user authentication (GUA) is an alternative replacement for traditional password that used text-based form. Even though GUA has high usability and security, it is also facing security attacks that legitimate from the traditional password such as brute force, shoulder surfing, dictionary attack, social engineering, and guessing attacks. The proposed category-based graphical user authentication (CGUA) scheme is developed for web application and based on image category. This category image is inspired from the Hanafuda Japanese card game. The scheme also involved several security features such as decoys, randomly assigned, hashing, limited login attempts, and random characters to strengthen the CGUA scheme. Overall, the proposed CGUA scheme was able to mitigate known attacks based on the security features analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adams, A., Sasse, M.: Users are not the enemy. Commun. ACM 42, 40–46 (1999)

    Article  Google Scholar 

  2. De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum. Comput. Stud. 2(63), 128–152 (2005)

    Article  Google Scholar 

  3. Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 463–472 (2005)

    Google Scholar 

  4. Chowdhury, S., Poet, R., Mackenzie, L.: Do graphical authentication systems solve the password memorability problem? In: Tryfonas T., Askoxylakis I. (eds.) Human Aspects of Information Security, Privacy, and Trust SE—13, vol. 8533, pp. 138–148. Springer, Berlin (2014)

    Google Scholar 

  5. Zakaria, O., Zangooei, T., Mohd-Shukran, M.-A.: Graphical password authentication: review and analysis. AISS 4(15), 25–32 (2012)

    Article  Google Scholar 

  6. Komanduri, S., Hutchings, D.R.: Order and entropy in picture passwords. In: Proceedings of Graphics Interface 2008, pp. 115–122 (2008)

    Google Scholar 

  7. Passfaces, Graphical password technology [Online] (2011). Available: http://www.realuser.com

  8. Ekeke, E., Ugochukwu, K., Jusoh, Y.Y.: A review on the graphical user authentication algorithm: 2. Categories of graphical user authentication algorithm. Int. J. Inf. Process. Manag. 4, 238–252 (2013)

    Google Scholar 

  9. Furkan, T., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 56–66 (2006)

    Google Scholar 

  10. Eljetlawi, A.M.: Study and Develop A New Graphical Password System. Universiti Teknologi Malaysia, Malaysia (2008)

    Google Scholar 

  11. Farmand, S., Omar, B.Z.: Improving graphical password resistant to shoulder-surfing using 4-way recognition-based sequence reproduction (RBSR4). In The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 644–650 (2010)

    Google Scholar 

  12. Lashkari, A.H.: Graphical user authentication algorithm based on rotation and resizing (GUABRR) [Online] (2011). Available: http://graphicalpassword.net/

  13. Mihajlov, M., Jerman-Blažič, B.: On designing usable and secure recognition-based graphical authentication mechanisms. Interact. Comput. 23, 582–593 (2011)

    Article  Google Scholar 

  14. Tari, F., Ozok, A., Holden, S.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS ‘06), pp. 56–66 (2006)

    Google Scholar 

  15. Jebriel, S.M., Poet, R.: Preventing shoulder-surfing when selecting pass-images in challenge set. In: International Conference on Innovations in Information Technology (IIT), pp. 437–442 (2011)

    Google Scholar 

  16. Hu, W., Wu, X., Wei, G.: The security analysis of graphical password. In: International Conference on Communications and Intelligence Information Security (ICCIIS) (2010)

    Google Scholar 

  17. Jansen, W., Gavrilla, S., Korolev, V., Ayers, R., Swanstrom, R.: Picture password: a visual login technique for mobile devices (2003)

    Google Scholar 

  18. Takada, T., Koike, H.: Awase-E: image-based authentication for mobile phones using user’s favorite images. In: Human-Computer Interaction With Mobile Devices, pp. 347–351 (2003)

    Google Scholar 

  19. Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In Proceedings of the 13th Conference On USENIX Security Symposium (SSYM’04), p. 11 (2004)

    Google Scholar 

  20. Weinshall, D., Kirkpatrick, S.: Password you’ll never forget, but can’t recall. In: Proceeding of the Conference on Human Factors in Computing System (CHI), pp. 1399–1402 (2004)

    Google Scholar 

  21. Gao, H., Liu, X., Dai, R., Wang, S., Chang, X.: Analysis and evaluation of the colorlogin graphical password scheme. In: Proceedings of the 2009 Fifth International Conference on Image and Graphics, pp. 722–727 (2009)

    Google Scholar 

  22. Lashkari, A.H., Gani, A., Ghasemi Sabet, L., Farmand, S.: A new algorithm on graphical user authentication (GUA) based on multi-line grids. Acad. J. 5, 3865–3875 (2010)

    Google Scholar 

  23. Lashkari, A.H., Manaf, A.A., Masrom, M.: A secure recognition based graphical password by watermarking. In: 2011 IEEE 11th International Conference on Computer and Information Technology (CIT), pp. 164–170 (2011)

    Google Scholar 

  24. Gao, H., Liu, X.: A new graphical password scheme against spyware by using CAPTCHA. In: Proceedings of the 5th Symposium on Usable Privacy and Security (2010)

    Google Scholar 

  25. van Oorschot, P.C., Wan, T.: TwoStep: an authentication method combining text and graphical passwords. In E-Technologies: Innovation in an Open World, pp. 233–239. Springer, Berlin (2009)

    Google Scholar 

  26. Ayannuga Olanrewaju, O., Olusegun, F.: Evalution of a usable hybrid authentication system. Int. J. Comput. Appl. 17(8), 27–31 (2011)

    Google Scholar 

Download references

Acknowledgments

This research work is supported and funded by Universiti Teknologi Malaysia (UTM) under Research University Grant (RUG) vote No. Q.J130000.2528.05H76.

Author information

Authors and Affiliations

  1. Information Assurance and Security Research Group (IASRG), Faculty of Computing, Universiti Teknologi Malaysia, 81310, Skudai, Johor, Malaysia

    Mohd Zamri Osman & Norafida Ithnin

Authors
  1. Mohd Zamri Osman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Norafida Ithnin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohd Zamri Osman .

Editor information

Editors and Affiliations

  1. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, Washington, USA

    Ajith Abraham

  2. Department of Software Engineering, Universiti Teknikal Malaysia Melaka (UTeM), Durian Tunggal, Malaysia

    Azah Kamilah Muda

  3. Department of Software Engineering Faculty of Info. and Communication Tech., Universiti Teknikal Malaysia Melaka (UTeM), Durian Tunggal, Malaysia

    Yun-Huoy Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Osman, M.Z., Ithnin, N. (2015). Category-Based Graphical User Authentication (CGUA) Scheme for Web Application. In: Abraham, A., Muda, A., Choo, YH. (eds) Pattern Analysis, Intelligent Security and the Internet of Things. Advances in Intelligent Systems and Computing, vol 355. Springer, Cham. https://doi.org/10.1007/978-3-319-17398-6_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17398-6_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17397-9

  • Online ISBN: 978-3-319-17398-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation