scholarly journals LocPass: A Graphical Password Method to Prevent Shoulder-Surfing

Symmetry ◽  
2019 ◽  
Vol 11 (10) ◽  
pp. 1252
Author(s):  
Lip Yee Por ◽  
Lateef Adekunle Adebimpe ◽  
Mohd Yamani Idna Idris ◽  
Chee Siong Khaw ◽  
Chin Soon Ku
Keyword(s):  
Computer Security ◽  
Computer Science ◽  
User Study ◽  
Video Recording ◽  
Sufficient Time ◽  
Important Data ◽  
Graphical Passwords ◽  
Multiple Observations ◽  
Shoulder Surfing ◽  
New Knowledge

Graphical passwords are a method of authentication in computer security. Computer security is one of the disciplines of computer science. Shoulder-surfing attacks are a well-known threat to graphical passwords, although is getting commonly used especially in granting access for a secure system. Shoulder-surfing occurs when attackers skillfully capture important data/activities, such as login passwords, via direct observation or video recording methods. Many methods have been proposed to overcome the problem of shoulder-surfing attacks. After we reviewed some related works, we found out that most of the existing methods are still vulnerable to multiple observations and video-recorded shoulder-surfing attacks. Thus, we propose a new method to combat this problem. In our proposed method, we make used of two concepts to combat shoulder-surfing attacks. In the first concept, we used registered locations (something that only the users know) and 5 image directions (something that the users can see) to determine a pass-location (new knowledge). Secondly, the images used in our proposed method have higher chances to offset each other. The idea of offset could increase the password spaces of our proposed method if an attacker intended to guess the registered location used. By combining these two concepts, the pass-location produced by our proposed method in each challenge set could be varied. Therefore, it is impossible for the attackers to shoulder-surf any useful information such as the images/locations clicked by the user in each challenge set. A user study was conducted to evaluate the capabilities of the proposed method to prevent shoulder-surfing attacks. The shoulder-surfing testing results indicated that none of the participants were able to login, although they knew the underlying algorithm and they have been given sufficient time to perform a shoulder-surfing attack. Therefore, the proposed method has proven it can prevent shoulder-surfing attacks, provided the enrolment procedure is carried out in a secure manner.

scholarly journals A REVIEW - CAPTCHA AS GRAPHICAL PASSWORDS—A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS

2016 ◽  
Vol 2 (4) ◽  
Author(s):  
PANKAJ ,
Keyword(s):  
Computer Science ◽  
Graphical Passwords ◽  
Shoulder Surfing ◽  
On Line

Most of the safety primeval square measure supported mathematical issues. This analysis goals to check existing parole and to style a brand new improved graphical parole pattern. Captcha as a graphical parole. during this paper, we tend to discuss a brand new security primeval supported exhausting computer science issues, a innovative of graphical parole systems created on dominant of Captcha technology, what we are saying Captcha as graphical passwords (CaRP). CaRP is each a Captcha and a graphical parole pattern. With the mix of CAPTCHA and graphical parole  addresses a like on-line estimation attacks, relay attacks, combination of with dual-view technology, and shoulder-surfing attacks. If the parole is in search nominative then CaRP parole are often found solely risk by automatic on-line estimation attack.

scholarly journals Preventing Shoulder-Surfing Attacks using Digraph Substitution Rules and Pass-Image Output Feedback

Symmetry ◽  
2019 ◽  
Vol 11 (9) ◽  
pp. 1087 ◽  
Author(s):  
Lip Yee Por ◽  
Chin Soon Ku ◽  
Tan Fong Ang
Keyword(s):  
Computer Science ◽  
Direct Observation ◽  
Output Feedback ◽  
User Study ◽  
New Method ◽  
Shoulder Surfing ◽  
Preliminary Study ◽  
Feedback Method ◽  
Modern Cryptography

In this paper, we focus on methods to prevent shoulder-surfing attacks. We initially adopted digraph substitution rules from PlayFair cipher as our proposed method. PlayFair cipher is a modern cryptography method, which exists at the intersection of the disciplines of mathematics and computer science. However, according to our preliminary study it was insufficient to prevent shoulder-surfing attacks. Thus, a new method had to be proposed. In this new proposed method, we improvised the digraph substitution rules and used these rules together with an output feedback method to determine a pass-image. Our proposed method was evaluated with a user study. The results showed our proposed method was robust against both direct observation and video-recorded shoulder-surfing attacks.

Information and Computer Security

2011 ◽  
pp. 1-23
Author(s):  
Lech J. Janczewski ◽  
Andrew M. Colarik
Keyword(s):  
United States ◽  
Information Security ◽  
Computer Security ◽  
Computer Science ◽  
The United States ◽  
The State ◽  
Science Laboratory ◽  
Computing Systems ◽  
Current State ◽  
State Of Affairs

The current state of the information security domain in the United States and much of the rest of the industrialized world can best be characterized as overly optimistic. The protection of computing systems and telecommunication infrastructures from unauthorized usage, manipulation, and sabotage faces serious challenges to ensure ongoing serviceability. This is especially true when we consider our growing dependence on these infrastructures. The state of affairs regarding the security aspects of these systems is even worse. Peter G. Neumann of the Computer Science Laboratory at SRI International in Menlo Park, California states:

Cryptographic Merkle-Damgard Hash Construction: MD5 Vulnerabilities

2020 ◽  
Vol 17 (6) ◽  
pp. 2435-2440
Author(s):  
Arvind K. Sharma ◽  
S. K. Mittal
Keyword(s):  
Network Security ◽  
Computer Security ◽  
Computer Science ◽  
Resource Utilization ◽  
Hash Functions ◽  
Internet Security ◽  
Time Space ◽  
Hash Algorithm ◽  
Encryption Decryption ◽  
Utilization Time

Cryptography is a branch of Computer-Science which fully devotes towards further enhancements or innovations of various applications concern to information security i.e., to manage Confidentiality/ Integrity of resources. Confidentiality of resources most probably look after by ‘Encryption–Decryption’ techniques like ‘DES,’ ‘AES,’ ‘Blowfish,’ ‘Two-Fish,’ etc., were as ‘Integrity’ managed by Hash Functions, which have a distinct paramount significance in Network-Security/Computer- Security/Internet-Security. Both the ‘Integrity’ of data and ‘Authenticity’ of resource proved with the help of digest generated by the Hash algorithm. There are several hash algorithms available to provide distinct security, depends on how hard is to break it and pre-defined resource utilization (time/space). Some well-known names are MD4, MD5, SHA, JH, Skein, Grøstl, Blake, Hamsi, Fugue, Crush, Whirlpool, Tav, etc. In this article, we are focusing on vulnerabilities in the Merkle- Damgard scheme for constructing Hash-Functions with suitable implementation of MD5.

scholarly journals Digital business roadmap webinar: Exploring creative digital business idea

2021 ◽  
Vol 6 (12) ◽  
pp. 2193-2199
Author(s):  
Artika Arista ◽  
Muhammad Eka Purbaya ◽  
Khairun Nisa Meiah Ngafidin
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Computer Science ◽  
College Graduates ◽  
Study Program ◽  
Business Transformation ◽  
Undergraduate Study ◽  
New Knowledge ◽  
The World ◽  
Industrial Needs

In facing the industrial era 4.0, college graduates in information and computer science are required to adapt to the developments and needs of current industrial technology. The link and match between the world of education and industry is the key to optimizing the absorption of skilled labor. To answer these challenges, the Information systems undergraduate study program at Institut Teknologi Telkom Purwokerto, SUHU, and T-Lab held a Webinar Series "Link & Match of Information Technology between Academics and Industrial Needs" with the topic of Digital Business Roadmap: Exploring creative digital business ideas. This webinar activity is carried out using a mentoring method as well as sharing new knowledge with participants about Digital Business Transformation and how to explore creative digital business ideas. The result is that participants can understand digital business transformation and then explore creative digital business ideas to be developed in a business proposal.

scholarly journals A shoulder surfing resistance using graphical authentication system

2018 ◽  
Vol 7 (1.7) ◽  
pp. 169
Author(s):  
Rupavathy N ◽  
Carmel Mary Belinda M. J ◽  
Nivedhitha G
Keyword(s):  
Mobile Apps ◽  
Security And Privacy ◽  
Experimental Result ◽  
Internet Applications ◽  
Multiple Camera ◽  
Graphical Passwords ◽  
Weakest Link ◽  
Shoulder Surfing ◽  
Authentication System ◽  
Vertical Bars

Authentication supported passwords is employed mostly in applications for laptop security and privacy. However, human actions like selecting unhealthy passwords and inputting passwords in an insecure approach are considered “the weakest link” within the authentication chain. Instead of impulsive alphanumerical strings, users tend to decide on passwords either short or purposeful for simple learning. With internet applications and mobile apps piling up, individuals will access these applications any time and any place with  numerous devices. This evolution brings nice convenience however additionally will increase the chance of exposing passwords to shoulder surfing attacks. Attackers will observe directly or use external recording devices to gather users’ credentials. To overcome this drawback, we tend to plan a unique authentication system Pass Matrix, supported graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulatory horizontal and vertical bars covering the  complete scope of pass-images, Pass Matrix offers no hint for attackers to work out or slim down the password even they conduct multiple camera-based attacks. We tend to additionally enforce a Pass Matrix image on android and applied real user experiments to judge   its memorability and usefulness. From the experimental result, the proposed system achieves higher resistance shoulder surfing attacks whereas maintaining usability.

scholarly journals A Fractal-Based Authentication Technique Using Sierpinski Triangles in Smart Devices

Sensors ◽  
2019 ◽  
Vol 19 (3) ◽  
pp. 678 ◽  
Author(s):  
Adnan Ali ◽  
Hamaad Rafique ◽  
Talha Arshad ◽  
Mohammed A. Alqarni ◽  
Sajjad Hussain Chauhdary ◽  
...  
Keyword(s):  
Smart Devices ◽  
Brute Force ◽  
Potential Threat ◽  
Graphical Passwords ◽  
Sierpinski Triangle ◽  
Authentication Mechanism ◽  
Shoulder Surfing ◽  
Physical Resources ◽  
Common Technique ◽  
Authentication Technique

The prevalence of smart devices in our day-to-day activities increases the potential threat to our secret information. To counter these threats like unauthorized access and misuse of phones, only authorized users should be able to access the device. Authentication mechanism provide a secure way to safeguard the physical resources as well the information that is processed. Text-based passwords are the most common technique used for the authentication of devices, however, they are vulnerable to a certain type of attacks such as brute force, smudge and shoulder surfing attacks. Graphical Passwords (GPs) were introduced as an alternative for the conventional text-based authentication to overcome the potential threats. GPs use pictures and have been implemented in smart devices and workstations. Psychological studies reveal that humans can recognize images much easier and quicker than numeric and alphanumeric passwords, which become the basis for creating GPs. In this paper a novel Fractal-Based Authentication Technique (FBAT) has been proposed by implementing a Sierpinski triangle. In the FBAT scheme, the probability of password guessing is low making system resilient against abovementioned threats. Increasing fractal level makes the system stronger and provides security against attacks like shoulder surfing.

Sign in / Sign up

Export Citation Format

Share Document