Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee
Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of t...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf http://studentsrepo.um.edu.my/3533/6/References.pdf http://studentsrepo.um.edu.my/3533/7/Appendices.pdf http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te= http://studentsrepo.um.edu.my/3533/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1831433879437705216 |
|---|---|
| author | Por, Lip Yee |
| author_facet | Por, Lip Yee |
| author_sort | Por, Lip Yee |
| building | UM Library |
| collection | Institutional Repository |
| content_provider | Universiti Malaya |
| content_source | UM Student Repository |
| continent | Asia |
| country | Malaysia |
| description | Over the years, various picture-based password systems were proposed to exploit the
utility of pictures for user authentication. However, there are problems associated with
these picture-based password authentication systems such as: vulnerability to security
threats, and users’ memorability of the passwords. This research was undertaken to
develop methods to mitigate shoulder-surfing attack. Two falsifying authentication
methods using: (i) penup event and neighbouring connectivity manipulation; and (ii)
partial password selection and metaheuristic randomisation algorithm methods, were
proposed. The first and second proposed methods were incorporated into the proposed
Background Pass-Go (BPG) system and Visual Identification Protocol Professional
(VIP Pro) system respectively. To improve the users’ memorability, the upload
background picture function and cued colour scheme were proposed for the BPG
system; the grid line scaling function and the loose authentication method were
proposed for the enhanced BPG system; and the chronological story-based cued recall
technique was proposed for the VIP Pro system. Prototypes, simulations, observations
and interviews were used as the data gathering methods. An offline FOA Java
simulation was carried out to evaluate the capability of the MRA method in preventing
FOA attack. Case studies were conducted to evaluate the capability of the proposed
methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the
success rate in attacking were used to evaluate the capability of the proposed methods in
mitigating shoulder-surfing attack. In general, the result of the case studies show that
the two proposed falsifying authentication methods are able to mitigate shoulder-surfing
attack regardless of the gender and competency levels of the shoulder-surfing attackers.
Besides, the proposed MRA is effective in preventing FOA attack. A majority of the
survey participants also stated that the proposed cued recall methods can aid users in
memorising their password. |
| format | Thesis |
| id | my.um.stud-3533 |
| institution | Universiti Malaya |
| publishDate | 2012 |
| record_format | eprints |
| spelling | my.um.stud-35332013-09-06T06:31:29Z Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee Por, Lip Yee QA76 Computer software T Technology (General) Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of the passwords. This research was undertaken to develop methods to mitigate shoulder-surfing attack. Two falsifying authentication methods using: (i) penup event and neighbouring connectivity manipulation; and (ii) partial password selection and metaheuristic randomisation algorithm methods, were proposed. The first and second proposed methods were incorporated into the proposed Background Pass-Go (BPG) system and Visual Identification Protocol Professional (VIP Pro) system respectively. To improve the users’ memorability, the upload background picture function and cued colour scheme were proposed for the BPG system; the grid line scaling function and the loose authentication method were proposed for the enhanced BPG system; and the chronological story-based cued recall technique was proposed for the VIP Pro system. Prototypes, simulations, observations and interviews were used as the data gathering methods. An offline FOA Java simulation was carried out to evaluate the capability of the MRA method in preventing FOA attack. Case studies were conducted to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the success rate in attacking were used to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. In general, the result of the case studies show that the two proposed falsifying authentication methods are able to mitigate shoulder-surfing attack regardless of the gender and competency levels of the shoulder-surfing attackers. Besides, the proposed MRA is effective in preventing FOA attack. A majority of the survey participants also stated that the proposed cued recall methods can aid users in memorising their password. 2012-08-09 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf application/pdf http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf application/pdf http://studentsrepo.um.edu.my/3533/6/References.pdf application/pdf http://studentsrepo.um.edu.my/3533/7/Appendices.pdf http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te= Por, Lip Yee (2012) Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee. PhD thesis, University of Malaya. http://studentsrepo.um.edu.my/3533/ |
| spellingShingle | QA76 Computer software T Technology (General) Por, Lip Yee Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee |
| title | Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee |
| title_full | Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee |
| title_fullStr | Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee |
| title_full_unstemmed | Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee |
| title_short | Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee |
| title_sort | mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / por lip yee |
| topic | QA76 Computer software T Technology (General) |
| url | http://studentsrepo.um.edu.my/3533/4/Title_page%2C_abstract%2C_table_of_contents.pdf http://studentsrepo.um.edu.my/3533/5/Full_chapters.pdf http://studentsrepo.um.edu.my/3533/6/References.pdf http://studentsrepo.um.edu.my/3533/7/Appendices.pdf http://pendeta.um.edu.my/client/default/search/results?qu=Mitigation+of+shoulder-surfing+attack+on+picture-based+passwords+using+falsifying+authentication+methods&te= http://studentsrepo.um.edu.my/3533/ |
| url_provider | http://studentsrepo.um.edu.my/ |