Xiyang Liu

A New Graphical Password Scheme Resistant to Shoulder-Surfing

Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords. There have been some graphical schemes resistant or immune to shoulder-surfing, but they have significant usability drawbacks, usually in the time and effort to log in. In this paper, we propose and evaluate a new shoulder-surfing resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them. The drawing input trick along with the complementary measures, such as erasing the drawing trace, displaying degraded images, and starting and ending with randomly designated images provide a good resistance to shoulder-surfing. A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time.

Design and Analysis of a Graphical Password Scheme

Graphical passwords are believed to be more secure than traditional textual passwords, but the authentications are usually complex and boring for users. Furthermore, most of the existing graphical password schemes are vulnerable to spyware and shoulder surfing. A novel graphical password scheme ColorLogin is proposed in this paper. ColorLogin is implemented in an interesting game way to weaken the boring feelings of the authentication. ColorLogin uses background color, a method not previously considered, to decrease login time greatly. Multiple colors are used to confuse the peepers, while not burdening the legitimate users. Meanwhile, the scheme is resistant to shoulder surfing and intersection attack to a certain extent. Experiments illustrate the effectiveness of ColorLogin.

Against Spyware Using CAPTCHA in Graphical Password Scheme

Text-based password schemes have inherent security and usability problems, leading to the development of graphical password schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart) that retaining the advantages of graphical password schemes, while simultaneously raising the cost of adversaries by orders of magnitude. Furthermore, some primary experiments are conducted and the results indicate that the usability should be improved in the future work.

An Audio CAPTCHA to Distinguish Humans from Computers

CAPTCHAs are employed as a security measure to differentiate human users from bots. A new sound-based CAPTCHA is proposed in this paper, which exploits the gaps between human voice and synthetic voice rather than relays on the auditory perception of human. The user is required to read out a given sentence, which is selected randomly from a specified book. The generated audio file will be analyzed automatically to judge whether the user is a human or not. In this paper, the design of the new CAPTCHA, the analysis of the audio files, and the choice of the audio frame window function are described in detail. And also, some experiments are conducted to fix the critical threshold and the coefficients of three indicators to ensure the security. The proposed audio CAPTCHA is proved accessible to users. The user study has shown that the human success rate reaches approximately 97% and the pass rate of attack software using Microsoft SDK 5.1 is only 4%. The experiments also indicated that it could be solved by most human users in less than 14 seconds and the average time is only 7.8 seconds.

A Novel Image Based CAPTCHA Using Jigsaw Puzzle

Most commonly used CAPTCHAs are text-based CAPTCHAs which relay on the distortion of texts in the background image. With the development of automated computer vision techniques, which have been designed to remove noise and segment the distorted strings to make characters readable for OCR, traditional text-based CAPTHCAs are not considered safe anymore for authentication. A novel image based CAPTCHA which involves in solving a jigsaw puzzle is presented in this paper. An image is divided into an n¡Án (n=3, 4 or 5, depends on security level) pieces to construct the jigsaw puzzle CAPTCHA. Only two of the pieces are misplaced from their original positions. Users are required to find the two pieces and swap them. Considering the previous works which are devoted to solving jigsaw puzzles using edge matching technique, the edges of all pieces are processed with glitch treatment to prevent the computer automatic solving. Experiments and security analysis proved that human users can complete the CAPTCHA verification quickly and accurately, but computers rarely can. It is a promising substitution to the current text-based CAPTCHA.

Analysis and Evaluation of the ColorLogin Graphical Password Scheme

It is believed that graphical passwords are more memorable than traditional textual passwords, but usually seen as complex and time-consuming for users. Furthermore, most of the existing graphical password schemes are vulnerable to spyware and shoulder surfing. ColorLogin uses color, a method not previously considered, to decrease login time. Multiple colors are used to confuse the peepers, while not burdening the legitimate users. Meanwhile, the scheme is resistant to shoulder surfing and intersection attack to a certain extent. This paper analyzes and evaluates the ColorLogin scheme using some experiments.

A Novel Cued-recall Graphical Password Scheme

Graphical passwords have been proposed as an alternative to alphanumeric passwords with their advantages in usability and security. However, most of these alternate schemes have their own disadvantages. For example, cued-recall graphical password schemes are vulnerable to shoulder-surfing and cannot prevent intersection analysis attack. A novel cued-recall graphical password scheme CBFG (Click Buttons according to Figures in Grids) is proposed in this paper. Inheriting the way of setting password in traditional cued-recall scheme, this scheme is also added the ideology of image identification. CBFG helps users tend to set their passwords more complex. Simultaneously, it has the capability against shoulder surfing attack and intersection analysis attack. Experiments illustrate that CBFG has better performance in usability, especially in security.

An enhanced drawing reproduction graphical password strategy

Passwords are used in the vast majority of computer and communication systems for authentlcation. The greater security and memorability of graphical passwords make them a possible alternative to traditional textual passwords. In this paper we propose a new graphical password scheme called YAGP, which is an extension of the Draw-A-Secret (DAS) scheme. The main difference between YAGP and DAS is soft matching. The concepts of the stroke-box, image-box, trend quadrant, and similarity are used to describe the images characteristics for soft matching. The reduction in strict user input rules in soft matching improves the usability and therefore creates a great advantage. The denser grid granubtrity enables users to design a longer password, enlarging the practical password space and enhancing security. Meanwhile, YAGP adopts a triple-register process to create multi-templates, increasing the accuracy and memorability of characteristics extraction. Experiments illustrate the effectiveness of YAGP.