Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee

Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of t...

Full description

Saved in:
Bibliographic Details
Main Author: Por, Lip Yee
Format: Thesis
Published: 2012
Subjects:
Online Access:http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf
http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf
http://studentsrepo.um.edu.my/3533/6/References.pdf
http://studentsrepo.um.edu.my/3533/7/Appendices.pdf
http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te=
http://studentsrepo.um.edu.my/3533/
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1831433879437705216
author Por, Lip Yee
author_facet Por, Lip Yee
author_sort Por, Lip Yee
building UM Library
collection Institutional Repository
content_provider Universiti Malaya
content_source UM Student Repository
continent Asia
country Malaysia
description Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of the passwords. This research was undertaken to develop methods to mitigate shoulder-surfing attack. Two falsifying authentication methods using: (i) penup event and neighbouring connectivity manipulation; and (ii) partial password selection and metaheuristic randomisation algorithm methods, were proposed. The first and second proposed methods were incorporated into the proposed Background Pass-Go (BPG) system and Visual Identification Protocol Professional (VIP Pro) system respectively. To improve the users’ memorability, the upload background picture function and cued colour scheme were proposed for the BPG system; the grid line scaling function and the loose authentication method were proposed for the enhanced BPG system; and the chronological story-based cued recall technique was proposed for the VIP Pro system. Prototypes, simulations, observations and interviews were used as the data gathering methods. An offline FOA Java simulation was carried out to evaluate the capability of the MRA method in preventing FOA attack. Case studies were conducted to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the success rate in attacking were used to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. In general, the result of the case studies show that the two proposed falsifying authentication methods are able to mitigate shoulder-surfing attack regardless of the gender and competency levels of the shoulder-surfing attackers. Besides, the proposed MRA is effective in preventing FOA attack. A majority of the survey participants also stated that the proposed cued recall methods can aid users in memorising their password.
format Thesis
id my.um.stud-3533
institution Universiti Malaya
publishDate 2012
record_format eprints
spelling my.um.stud-35332013-09-06T06:31:29Z Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee Por, Lip Yee QA76 Computer software T Technology (General) Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of the passwords. This research was undertaken to develop methods to mitigate shoulder-surfing attack. Two falsifying authentication methods using: (i) penup event and neighbouring connectivity manipulation; and (ii) partial password selection and metaheuristic randomisation algorithm methods, were proposed. The first and second proposed methods were incorporated into the proposed Background Pass-Go (BPG) system and Visual Identification Protocol Professional (VIP Pro) system respectively. To improve the users’ memorability, the upload background picture function and cued colour scheme were proposed for the BPG system; the grid line scaling function and the loose authentication method were proposed for the enhanced BPG system; and the chronological story-based cued recall technique was proposed for the VIP Pro system. Prototypes, simulations, observations and interviews were used as the data gathering methods. An offline FOA Java simulation was carried out to evaluate the capability of the MRA method in preventing FOA attack. Case studies were conducted to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the success rate in attacking were used to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. In general, the result of the case studies show that the two proposed falsifying authentication methods are able to mitigate shoulder-surfing attack regardless of the gender and competency levels of the shoulder-surfing attackers. Besides, the proposed MRA is effective in preventing FOA attack. A majority of the survey participants also stated that the proposed cued recall methods can aid users in memorising their password. 2012-08-09 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf application/pdf http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf application/pdf http://studentsrepo.um.edu.my/3533/6/References.pdf application/pdf http://studentsrepo.um.edu.my/3533/7/Appendices.pdf http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te= Por, Lip Yee (2012) Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee. PhD thesis, University of Malaya. http://studentsrepo.um.edu.my/3533/
spellingShingle QA76 Computer software
T Technology (General)
Por, Lip Yee
Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
title Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
title_full Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
title_fullStr Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
title_full_unstemmed Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
title_short Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
title_sort mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / por lip yee
topic QA76 Computer software
T Technology (General)
url http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf
http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf
http://studentsrepo.um.edu.my/3533/6/References.pdf
http://studentsrepo.um.edu.my/3533/7/Appendices.pdf
http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te=
http://studentsrepo.um.edu.my/3533/
url_provider http://studentsrepo.um.edu.my/