LocPass: A Graphical Password Method to Prevent Shoulder-Surfing
Graphical passwords are a method of authentication in computer security. Computer security is one of the disciplines of computer science. Shoulder-surfing attacks are a well-known threat to graphical passwords, although is getting commonly used especially in granting access for a secure system. Shou...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Published: |
MDPI
2019
|
| Subjects: |
| _version_ | 1825722117247729664 |
|---|---|
| author | Por, Lip Yee Adebimpe, Lateef Adekunle Idris, Mohd Yamani Idna Khaw, Chee Siong Ku, Chin Soon |
| author_facet | Por, Lip Yee Adebimpe, Lateef Adekunle Idris, Mohd Yamani Idna Khaw, Chee Siong Ku, Chin Soon |
| author_sort | Por, Lip Yee |
| collection | UM |
| description | Graphical passwords are a method of authentication in computer security. Computer security is one of the disciplines of computer science. Shoulder-surfing attacks are a well-known threat to graphical passwords, although is getting commonly used especially in granting access for a secure system. Shoulder-surfing occurs when attackers skillfully capture important data/activities, such as login passwords, via direct observation or video recording methods. Many methods have been proposed to overcome the problem of shoulder-surfing attacks. After we reviewed some related works, we found out that most of the existing methods are still vulnerable to multiple observations and video-recorded shoulder-surfing attacks. Thus, we propose a new method to combat this problem. In our proposed method, we make used of two concepts to combat shoulder-surfing attacks. In the first concept, we used registered locations (something that only the users know) and 5 image directions (something that the users can see) to determine a pass-location (new knowledge). Secondly, the images used in our proposed method have higher chances to offset each other. The idea of offset could increase the password spaces of our proposed method if an attacker intended to guess the registered location used. By combining these two concepts, the pass-location produced by our proposed method in each challenge set could be varied. Therefore, it is impossible for the attackers to shoulder-surf any useful information such as the images/locations clicked by the user in each challenge set. A user study was conducted to evaluate the capabilities of the proposed method to prevent shoulder-surfing attacks. The shoulder-surfing testing results indicated that none of the participants were able to login, although they knew the underlying algorithm and they have been given sufficient time to perform a shoulder-surfing attack. Therefore, the proposed method has proven it can prevent shoulder-surfing attacks, provided the enrolment procedure is carried out in a secure manner. © 2019 by the authors. |
| first_indexed | 2024-03-06T06:00:45Z |
| format | Article |
| id | um.eprints-23745 |
| institution | Universiti Malaya |
| last_indexed | 2024-03-06T06:00:45Z |
| publishDate | 2019 |
| publisher | MDPI |
| record_format | dspace |
| spelling | um.eprints-237452020-02-12T00:56:34Z http://eprints.um.edu.my/23745/ LocPass: A Graphical Password Method to Prevent Shoulder-Surfing Por, Lip Yee Adebimpe, Lateef Adekunle Idris, Mohd Yamani Idna Khaw, Chee Siong Ku, Chin Soon QA75 Electronic computers. Computer science Graphical passwords are a method of authentication in computer security. Computer security is one of the disciplines of computer science. Shoulder-surfing attacks are a well-known threat to graphical passwords, although is getting commonly used especially in granting access for a secure system. Shoulder-surfing occurs when attackers skillfully capture important data/activities, such as login passwords, via direct observation or video recording methods. Many methods have been proposed to overcome the problem of shoulder-surfing attacks. After we reviewed some related works, we found out that most of the existing methods are still vulnerable to multiple observations and video-recorded shoulder-surfing attacks. Thus, we propose a new method to combat this problem. In our proposed method, we make used of two concepts to combat shoulder-surfing attacks. In the first concept, we used registered locations (something that only the users know) and 5 image directions (something that the users can see) to determine a pass-location (new knowledge). Secondly, the images used in our proposed method have higher chances to offset each other. The idea of offset could increase the password spaces of our proposed method if an attacker intended to guess the registered location used. By combining these two concepts, the pass-location produced by our proposed method in each challenge set could be varied. Therefore, it is impossible for the attackers to shoulder-surf any useful information such as the images/locations clicked by the user in each challenge set. A user study was conducted to evaluate the capabilities of the proposed method to prevent shoulder-surfing attacks. The shoulder-surfing testing results indicated that none of the participants were able to login, although they knew the underlying algorithm and they have been given sufficient time to perform a shoulder-surfing attack. Therefore, the proposed method has proven it can prevent shoulder-surfing attacks, provided the enrolment procedure is carried out in a secure manner. © 2019 by the authors. MDPI 2019 Article PeerReviewed Por, Lip Yee and Adebimpe, Lateef Adekunle and Idris, Mohd Yamani Idna and Khaw, Chee Siong and Ku, Chin Soon (2019) LocPass: A Graphical Password Method to Prevent Shoulder-Surfing. Symmetry, 11 (10). p. 1252. ISSN 2073-8994, DOI https://doi.org/10.3390/sym11101252 <https://doi.org/10.3390/sym11101252>. https://doi.org/10.3390/sym11101252 doi:10.3390/sym11101252 |
| spellingShingle | QA75 Electronic computers. Computer science Por, Lip Yee Adebimpe, Lateef Adekunle Idris, Mohd Yamani Idna Khaw, Chee Siong Ku, Chin Soon LocPass: A Graphical Password Method to Prevent Shoulder-Surfing |
| title | LocPass: A Graphical Password Method to Prevent Shoulder-Surfing |
| title_full | LocPass: A Graphical Password Method to Prevent Shoulder-Surfing |
| title_fullStr | LocPass: A Graphical Password Method to Prevent Shoulder-Surfing |
| title_full_unstemmed | LocPass: A Graphical Password Method to Prevent Shoulder-Surfing |
| title_short | LocPass: A Graphical Password Method to Prevent Shoulder-Surfing |
| title_sort | locpass a graphical password method to prevent shoulder surfing |
| topic | QA75 Electronic computers. Computer science |
| work_keys_str_mv | AT porlipyee locpassagraphicalpasswordmethodtopreventshouldersurfing AT adebimpelateefadekunle locpassagraphicalpasswordmethodtopreventshouldersurfing AT idrismohdyamaniidna locpassagraphicalpasswordmethodtopreventshouldersurfing AT khawcheesiong locpassagraphicalpasswordmethodtopreventshouldersurfing AT kuchinsoon locpassagraphicalpasswordmethodtopreventshouldersurfing |