Identifying the Re-usability of Triangle Scheme and Intersection Scheme on Mobile Device

Lim Kah Seng,Norafida Ithnin,Hazinah Kutty Mammi

doi:10.5539/cis.v4n4p109

Abstract

Graphical passwords are vulnerable to shoulder surfing attacks as the images are easier to remember than the text. Thus, existing graphical password schemes incorporate an anti-shoulder surfing mechanism, to ensure the graphical password is secure from shoulder surfing attacks. Unfortunately, the literature review has shown that most of the graphical password schemes that have anti-shoulder surfing mechanisms are general device graphical password schemes, not mobile device graphical password schemes. Therefore, in this experiment, two general device graphical password anti-shoulder surfing mechanisms, which are the Triangle Scheme and the Intersection Scheme, are reconstructed on a mobile device to test whether or not the general device graphical password anti-shoulder surfing mechanism is suitable for re-use in mobile devices.

Highlights

Nowadays, the most widely used knowledge-based authentication method is done via textual passwords
We discovered that the main reason for the Triangle Scheme and Intersection Scheme being vulnerable to shoulder-surfing attacks is that the number of pictures in the schemes is insufficient
In our pre-experiment study, it showed that most mobile device graphical password schemes do not include any anti-shoulder-surfing mechanism, but, it does for general device graphical password schemes

Summary

Introduction

The most widely used knowledge-based authentication method is done via textual passwords. A graphical password, another form of knowledge-based authentication method is introduced as an alternative to textual passwords. A graphical password is an authentication method whereby users create their passwords by selecting or producing pictures (Thorpe, 2004; Ejetlawi, 2008a; Ejectlawi, 2008b). A graphical password is proposed based on the principle that pictures are easier to remember than words. Due to this reason, graphical passwords are vulnerable against shoulder-surfing attacks. To overcome this issue, an anti-shoulder-surfing mechanism has to be integrated into the said graphical passwords. A shoulder-surfing attack is a type of attack during which the shoulder-surfer steals his victim’s passwords by peeping over the victim’s shoulder (Shi, 2009)

Methods

Findings

Discussion

Conclusion