Both alphanumeric and graphical password schemes are vulnerable to the shoulder-surfing attack. Even when authentication schemes are secure against a single shoulder-surfing attack round, they can be easily broken by intersection attacks, using multiple shoulder-surfing attacker records. To this end, in this paper we propose a graphical password-based authentication scheme to provide security against the intersection attack launched by an attacker who May record the user’s screen, mouse clicks and keyboard input with the help of video recording devices and key logging software. We analyze our scheme’s security under various threat models and show its high security guarantees. Various analysis, usability studies and comparison with the previous work highlight our scheme’s practicality and merits.
Bibliographical noteFunding Information:
This research was supported by the Global Research Lab. (GRL) Program of the National Research Foundation (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2016K1A1A2912757). D. Nyang is the corresponding author.
© 2019 Taiwan Academic Network Management Committee. All rights reserved.
- Graphical passwords