Abstract
Graphical password is considered as an alternative to traditional textual password, but it also faces many threats such as shoulder-surfing attack. To design and build a more secure and robust graphical password system with the resistance to multiple attacks modalities, especially brute force attack, guessing attack and shoulder-surfing attack, it is important to avoid the credentials being captured in just one step, e.g., by adding several rounds of input. For example, with respect to shoulder-surfing attack resistance, the input design ought to incorporate a certain degree of fault tolerance, with the specific value determined based on the acceptable tolerance range. By integrating this fault tolerance characteristic, the system can effectively withstand shoulder-surfing attacks while preserving the integrity of the authentication procedure. In this work, we learn from the current literature and design a graphical password scheme based on rounded image selection (e.g., three rounds). We provide a detailed scheme design and perform a performance analysis via a user study. Our results indicate that our proposed scheme is viable and gets credit from the participants. Copyright © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG.
Original language | English |
---|---|
Title of host publication | Science of cyber security: 5th International Conference, SciSec 2023, Melbourne, VIC, Australia, July 11–14, 2023, proceedings |
Editors | Moti YUNG, Chao CHEN, Weizhi MENG |
Place of Publication | Cham |
Publisher | Springer |
Pages | 97-114 |
ISBN (Electronic) | 9783031459337 |
ISBN (Print) | 9783031459320 |
DOIs | |
Publication status | Published - 2023 |
Citation
Qin, X., & Li, W. (2023). A graphical password scheme based on rounded image selection. In M. Yung, C. Chen, & W. Meng (Eds.), Science of cyber security: 5th International Conference, SciSec 2023, Melbourne, VIC, Australia, July 11–14, 2023, proceedings (pp. 97-114). Springer. https://doi.org/10.1007/978-3-031-45933-7_6Keywords
- Graphical password
- Password security
- Usability
- Shoulder-surfing attack
- User authentication
- Image selection