EYEDi: Graphical Authentication Scheme of Estimating Your Encodable Distorted Images to Prevent Screenshot Attacks

Abstract

Graphical authentication schemes have the advantage of being more memorable than conventional passwords. Although some image distortion methods have been proposed to prevent the risks of over-the-shoulder attacks (OSAs), these methods cannot prevent camera recording attacks, as the key images are the same each time. In this study, we propose a graphical authentication scheme that generates various distorted images, named Estimating Your Encodable Distorted images (EYEDi). EYEDi generates distorted images by applying several image processing filters to the original images. Moreover, EYEDi estimates the appropriate image processing filter strength based on the authentication data. To measure attack resistance, twenty participants performed three types of attacks (OSA, camera recording attack, and screenshot) 300 times, each using existing methods and EYEDi. The classification error rate of all three types of attacks showed that EYEDi had a lower classification error rate between the legitimate user and attackers. Especially for the screenshot attack, which is the most severe threat model, the existing method was completely broken through, while EYEDi prevented the attacks with a classification error rate of 10%. This result shows that EYEDi can eliminate the screenshot attacker by using the difference in authentication times and a simple improvement in defense performance.