Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee

Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee

Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of t...

Full description

Bibliographic Details
Main Author: Por, Lip Yee
Format: Thesis
Published: 2012
Subjects:
QA76 Computer software
T Technology (General)
Online Access:http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te=
http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf
http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf
http://studentsrepo.um.edu.my/3533/6/References.pdf
http://studentsrepo.um.edu.my/3533/7/Appendices.pdf
Description
Summary:Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of the passwords. This research was undertaken to develop methods to mitigate shoulder-surfing attack. Two falsifying authentication methods using: (i) penup event and neighbouring connectivity manipulation; and (ii) partial password selection and metaheuristic randomisation algorithm methods, were proposed. The first and second proposed methods were incorporated into the proposed Background Pass-Go (BPG) system and Visual Identification Protocol Professional (VIP Pro) system respectively. To improve the users’ memorability, the upload background picture function and cued colour scheme were proposed for the BPG system; the grid line scaling function and the loose authentication method were proposed for the enhanced BPG system; and the chronological story-based cued recall technique was proposed for the VIP Pro system. Prototypes, simulations, observations and interviews were used as the data gathering methods. An offline FOA Java simulation was carried out to evaluate the capability of the MRA method in preventing FOA attack. Case studies were conducted to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the success rate in attacking were used to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. In general, the result of the case studies show that the two proposed falsifying authentication methods are able to mitigate shoulder-surfing attack regardless of the gender and competency levels of the shoulder-surfing attackers. Besides, the proposed MRA is effective in preventing FOA attack. A majority of the survey participants also stated that the proposed cued recall methods can aid users in memorising their password.

Similar Items