Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee

Por, Lip Yee (2012) Mitigation of shoulder-surfing attack on picture-based passwords using falsifying authentication methods / Por Lip Yee. PhD thesis, University of Malaya.

[img]
Preview
PDF (Title page, abstract, table of contents) - Submitted Version
Download (212Kb) | Preview
    [img]
    Preview
    PDF (Full chapters) - Submitted Version
    Download (4Mb) | Preview
      [img]
      Preview
      PDF (References) - Submitted Version
      Download (150Kb) | Preview
        [img]
        Preview
        PDF (Appendices) - Submitted Version
        Download (6Mb) | Preview

          Abstract

          Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of the passwords. This research was undertaken to develop methods to mitigate shoulder-surfing attack. Two falsifying authentication methods using: (i) penup event and neighbouring connectivity manipulation; and (ii) partial password selection and metaheuristic randomisation algorithm methods, were proposed. The first and second proposed methods were incorporated into the proposed Background Pass-Go (BPG) system and Visual Identification Protocol Professional (VIP Pro) system respectively. To improve the users’ memorability, the upload background picture function and cued colour scheme were proposed for the BPG system; the grid line scaling function and the loose authentication method were proposed for the enhanced BPG system; and the chronological story-based cued recall technique was proposed for the VIP Pro system. Prototypes, simulations, observations and interviews were used as the data gathering methods. An offline FOA Java simulation was carried out to evaluate the capability of the MRA method in preventing FOA attack. Case studies were conducted to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the success rate in attacking were used to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. In general, the result of the case studies show that the two proposed falsifying authentication methods are able to mitigate shoulder-surfing attack regardless of the gender and competency levels of the shoulder-surfing attackers. Besides, the proposed MRA is effective in preventing FOA attack. A majority of the survey participants also stated that the proposed cued recall methods can aid users in memorising their password.

          Item Type: Thesis (PhD)
          Additional Information: Thesis submitted in fulfillment of the requirement for the degree of Doctor of Philosophy
          Uncontrolled Keywords: Authentication; Information security; Picture-based password
          Subjects: Q Science > QA Mathematics > QA76 Computer software
          T Technology > T Technology (General)
          Divisions: Faculty of Computer Science & Information Technology
          Depositing User: Nurul Aslini Ariffin
          Date Deposited: 10 May 2013 16:06
          Last Modified: 06 Sep 2013 14:31
          URI: http://studentsrepo.um.edu.my/id/eprint/3533

          Actions (For repository staff only : Login required)

          View Item