EvoPass: Evolvable graphical password against shoulder-surfing attacks

EvoPass: Evolvable graphical password against shoulder-surfing attacks

The passwords for authenticating users are susceptible to shoulder-surfing attacks in which attackers learn users' passwords through direct observations without any technical support. A straightforward solution to defend against such attacks is to change passwords periodically or even constantl...

Full description

Saved in:
Bibliographic Details
Main Authors: YU, Xingjie, WANG, Zhan, LI, Yingjiu, LI, Liang, ZHU, Wen Tao, SONG, Li
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
Authentication security
Graphical password
Shoulder-surfing
Evolvable
Time-evolving
Information Security
Programming Languages and Compilers
Online Access:https://ink.library.smu.edu.sg/sis_research/3715
https://ink.library.smu.edu.sg/context/sis_research/article/4717/viewcontent/1_s20_S016740481730113X_main.pdf
https://ink.library.smu.edu.sg/context/sis_research/article/4717/filename/1/type/additional/viewcontent/1_s2.0_S016740481730113X_mmc2.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4717
record_format dspace
spelling sg-smu-ink.sis_research-47172020-04-07T05:35:01Z EvoPass: Evolvable graphical password against shoulder-surfing attacks YU, Xingjie WANG, Zhan LI, Yingjiu LI, Liang ZHU, Wen Tao SONG, Li The passwords for authenticating users are susceptible to shoulder-surfing attacks in which attackers learn users' passwords through direct observations without any technical support. A straightforward solution to defend against such attacks is to change passwords periodically or even constantly, making the previously observed passwords useless. However, this may lead to a situation in which users run out of strong passwords they can remember, or they are forced to choose passwords that are weak, correlated, or difficult to memorize. To achieve both security and usability in user authentication, we propose EvoPass, the first evolvable graphical password authentication system. EvoPass transforms a set of user-selected pass images to pass sketches as user credentials. Users are required to identify their pass sketches from a set of challenge images for user authentication. Particularly, EvoPass improves password strength gradually over time through continually degrading pass sketches without annoying users to reselect pass images. The evolving feature makes it difficult for observational adversaries to identify the pass sketches, even though part of pass sketches may have been exposed to adversaries previously. We introduce two metrics, Information Retention Rate (IRR) and Password Diversity Score(PDS) to guide the process of generating pass sketches and a set of challenge images. Our experimental analysis reveals that applying reasonable IRR and PDS in EvoPass can remarkably improve the resistance to shoulder-surfing attacks without negatively affecting user experience. We also implement a prototype of EvoPass on Android platform with reasonable IRR and PDS applied. Our experimental results on the prototype further demonstrate that EvoPass could work efficiently and achieve a desired usability. 2017-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3715 info:doi/10.1016/j.cose.2017.05.006 https://ink.library.smu.edu.sg/context/sis_research/article/4717/viewcontent/1_s20_S016740481730113X_main.pdf https://ink.library.smu.edu.sg/context/sis_research/article/4717/filename/1/type/additional/viewcontent/1_s2.0_S016740481730113X_mmc2.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Authentication security Graphical password Shoulder-surfing Evolvable Time-evolving Information Security Programming Languages and Compilers
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Authentication security
Graphical password
Shoulder-surfing
Evolvable
Time-evolving
Information Security
Programming Languages and Compilers
spellingShingle Authentication security
Graphical password
Shoulder-surfing
Evolvable
Time-evolving
Information Security
Programming Languages and Compilers
YU, Xingjie
WANG, Zhan
LI, Yingjiu
LI, Liang
ZHU, Wen Tao
SONG, Li
EvoPass: Evolvable graphical password against shoulder-surfing attacks
description The passwords for authenticating users are susceptible to shoulder-surfing attacks in which attackers learn users' passwords through direct observations without any technical support. A straightforward solution to defend against such attacks is to change passwords periodically or even constantly, making the previously observed passwords useless. However, this may lead to a situation in which users run out of strong passwords they can remember, or they are forced to choose passwords that are weak, correlated, or difficult to memorize. To achieve both security and usability in user authentication, we propose EvoPass, the first evolvable graphical password authentication system. EvoPass transforms a set of user-selected pass images to pass sketches as user credentials. Users are required to identify their pass sketches from a set of challenge images for user authentication. Particularly, EvoPass improves password strength gradually over time through continually degrading pass sketches without annoying users to reselect pass images. The evolving feature makes it difficult for observational adversaries to identify the pass sketches, even though part of pass sketches may have been exposed to adversaries previously. We introduce two metrics, Information Retention Rate (IRR) and Password Diversity Score(PDS) to guide the process of generating pass sketches and a set of challenge images. Our experimental analysis reveals that applying reasonable IRR and PDS in EvoPass can remarkably improve the resistance to shoulder-surfing attacks without negatively affecting user experience. We also implement a prototype of EvoPass on Android platform with reasonable IRR and PDS applied. Our experimental results on the prototype further demonstrate that EvoPass could work efficiently and achieve a desired usability.
format text
author YU, Xingjie
WANG, Zhan
LI, Yingjiu
LI, Liang
ZHU, Wen Tao
SONG, Li
author_facet YU, Xingjie
WANG, Zhan
LI, Yingjiu
LI, Liang
ZHU, Wen Tao
SONG, Li
author_sort YU, Xingjie
title EvoPass: Evolvable graphical password against shoulder-surfing attacks
title_short EvoPass: Evolvable graphical password against shoulder-surfing attacks
title_full EvoPass: Evolvable graphical password against shoulder-surfing attacks
title_fullStr EvoPass: Evolvable graphical password against shoulder-surfing attacks
title_full_unstemmed EvoPass: Evolvable graphical password against shoulder-surfing attacks
title_sort evopass: evolvable graphical password against shoulder-surfing attacks
publisher Institutional Knowledge at Singapore Management University
publishDate 2017
url https://ink.library.smu.edu.sg/sis_research/3715
https://ink.library.smu.edu.sg/context/sis_research/article/4717/viewcontent/1_s20_S016740481730113X_main.pdf
https://ink.library.smu.edu.sg/context/sis_research/article/4717/filename/1/type/additional/viewcontent/1_s2.0_S016740481730113X_mmc2.pdf
_version_ 1770573679052193792

Similar Items