Shoulder surfing resistant graphical password schema: Randomized Pass Points (RPP)

Bostan H., Bostan A.

Multimedia Tools and Applications, cilt.82, sa.28, ss.43517-43541, 2023 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 82 Sayı: 28
  • Basım Tarihi: 2023
  • Doi Numarası: 10.1007/s11042-023-15227-x
  • Dergi Adı: Multimedia Tools and Applications
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, FRANCIS, ABI/INFORM, Applied Science & Technology Source, Compendex, Computer & Applied Sciences, INSPEC, zbMATH
  • Sayfa Sayıları: ss.43517-43541
  • Anahtar Kelimeler: Authentication, Mobile security, Security, Shoulder surfing
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

Shoulder-surfing attacks are pervading in today’s digital environment. With the widespread usage of mobile devices in public and uncontrolled settings, intentional or unintentional observation of user authentication processes is quite frequent. Scientists in the security domain have spent considerable effort in developing shoulder-surfing-resistant authentication mechanisms. In this study, a pass-graph methodology that benefits from randomity and alternative pass-graphs derivation is proposed with the name of Randomized Pass Points. The proposed authentication methodology is scrutinized for its resistance to brute force and shoulder-surfing attacks. Evaluations prove that the proposed alternative is stronger than that of the 8-digit 71-character-set password methodology against brute force attacks and it necessitates at least 5 valid log-ins to be captured by the attacker to derive the pass-graph under given assumptions in shoulder-surfing attack.