AcSIS: Authentication System Based on Image Splicing
Abstract
Text-based passwords are widely used for the authentication of digital assets. Typically, password security and usability is a trade-off, i.e. easy-to-remember passwords have higher usability that makes them vulnerable to brute-force and dictionary attacks. Complex passwords have stronger security but poor usability. In order to strengthen the security in conjunction with the improved usability, we hereby propose a novel graphical authentication system. This system is a picture-based password scheme which comprises of the method of image splicing. Authentication data were collected from 33 different users. The usability of the method was evaluated via a comparison between the number of correct and incorrect authentication attempts and time taken. Additionally, a comparison was made between our proposed method and a complex text-based password authentication method using the authentication success rate. Authentication using image splicing proved to be resilient to brute-force attacks since the processing of images consumes a voluminous password space. The evaluation of the usability revealed that graphical passwords were easy-to-remember, resulting in a higher number of correct attempts. The proposed method produced 50% higher success rate compared to the text-based method. Findings motivate the use of the proposed method for securing digital assets.
Keywords:
secured authentication, brute force attack, graphical authentication, picture-based authentication, image splicing, graphical passwordsDownloads
References
S. Xiaoyuan, Z. Ying, G. S. Owen, “Graphical Passwords: A Survey”, 21st Annual Computer Security Applications Conference, Tucson, USA, December 5-9, 2005
D. Florencio, C. Herley, “A Large-Scale Study of Web Password Habits”, 16th International Conference on World Wide Web, Banff, Canada, May 8-12, 2007 DOI: https://doi.org/10.1145/1242572.1242661
J. Yan, A. Blackwell, R. Anderson, A. Grant, “Password memorability and security: Empirical results”, IEEE Security and Privacy, Vol. 2, No. 5, pp. 25–31, 2004 DOI: https://doi.org/10.1109/MSP.2004.81
C. Kuo, S. Romanosky, L. F. Cranor, “Human Selection of Mnemonic Phrase-Based Passwords”, Second Symposium on Usable Privacy and Security, Pittsburgh, USA, July 12-14, 2006 DOI: https://doi.org/10.1145/1143120.1143129
L. O’Gorman, “Comparing passwords, tokens, and biometrics for user authentication”, Proceedings of the IEEE, Vol. 91, No. 12, pp. 2021–2040, 2003 DOI: https://doi.org/10.1109/JPROC.2003.819611
A. K. Jain, K. Nandakumar, A. Nagar, “Biometric Template Security”, EURASIP Journal on Advances in Signal Processing, Vol. 2008, Article ID 579416, 2008 DOI: https://doi.org/10.1155/2008/579416
C. Roberts, “Biometric attack vectors and defences”, Computers and Security, Vol. 26, No. 1, pp. 14–25, 2007 DOI: https://doi.org/10.1016/j.cose.2006.12.008
M. D. Amico, P. Michiardi, Y. Roudier, “Password Strength: An Empirical Analysis”, IEEE INFOCOM, San Diego, USA, March 14-19, 2010
A. Narayanan, V. Shmatikov, “Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff”, 12th ACM Conference on Computer and Communications Security, Alexandria, USA, November 7-11, 2005 DOI: https://doi.org/10.1145/1102120.1102168
S. K. Modi, S. J. Elliott, “Impact of Image Quality on Performance: Comparison of Young and Elderly Fingerprints”, 6th International Conference on Recent Advances in Software Computing, West Lafayette, USA, 2006
S. K. Modi, S. J. Elliott, J. Whetsone, H. Kim, “Impact of Age Groups on Fingerprint Recognition Performance”, IEEE Workshop on Automatic Identification Advanced Technologies, Alghero, Italy, June 7-8, 2007 DOI: https://doi.org/10.1109/AUTOID.2007.380586
A. Paivio, T. B. Rogers, P. C. Smythe, “Why are pictures easier to recall than words?”, Psychonomic Science, Vol. 11, No. 4, pp. 137–138, 1968 DOI: https://doi.org/10.3758/BF03331011
M. H. Erdelyi, J. Becker, “Hypermnesia for pictures: Incremental memory for pictures but not words in multiple recall trials”, Cognitive Psychology, Vol. 6, No. 1, pp. 159–171, 1974 DOI: https://doi.org/10.1016/0010-0285(74)90008-5
C. L. Grady, A. R. Mcintosh, M. N. Rajah, F. I. M. Craik, “Neural correlates of the episodic encoding of pictures and words”, National Academy of Sciences, Vol. 95, No. 5, pp. 2703–2708, 1998 DOI: https://doi.org/10.1073/pnas.95.5.2703
S. Nasiri, M. T. Sharabian, M. Aajami, “Using combined one-time password for prevention of phishing attacks”, Engineering, Technology & Applied Science Research, Vol. 7, No. 6, pp. 2328-2333, 2017 DOI: https://doi.org/10.48084/etasr.1510
D. Virmani, P. Girdhar, P. Jain, P. Bamdev, “FDREnet: Face detection and recognition pipeline”, Engineering, Technology & Applied Science Research, Vol. 9, No. 2, pp. 3933-3938, 2019 DOI: https://doi.org/10.48084/etasr.2492
R. Rasras, Z. Alqadi, M. Rasmi, A. Sara, “A methodology based on steganography and cryptography to protect highly secure messages”, Engineering, Technology & Applied Science Research, Vol. 9, No. 1, pp. 3681-3684, 2019 DOI: https://doi.org/10.48084/etasr.2380
G. E. Blonder, Graphical Password, U.S. Patent 5,559,961, 1996
W. Meng, F. Fei, L. Jiang, Z. Liu, C. Su, J. Han, “CPMap: Design of Click-Points Map-Based Graphical Password Authentication”, IFIP International Conference on ICT Systems Security and Privacy Protection, Poznan, Poland, September 18-20, 2018 DOI: https://doi.org/10.1007/978-3-319-99828-2_2
C. Katsini, C. Fidas, M. Belk, G. Samaras, N. Avouris, “A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication”, International Journal of Human–Computer Interaction, available at: https://www.tandfonline.com/doi/full/10.1080/
2019.1574057
L. N. Tiller, C. A. Angelini, S. C. Leibner, J. D. Still, “Explore-a-Nation: Combining Graphical and Alphanumeric Authentication”, International Conference on Human-Computer Interaction, Orlando, USA, July 26-31, 2019 DOI: https://doi.org/10.1007/978-3-030-22351-9_6
R. Dhamija, A. Perrig, “Deja Vu: A User Study Using Images for Authentication”, 9th USENIX Security Symposium Paper, Denver, USA, August 14-17, 2000
A. E. Dirik, N. Memon, J. C. Birget, “Modeling User Choice in the PassPoints Graphical Password Scheme”, 3rd Symposium on Usable Privacy and Security, Pittsburgh, USA, July 18-20, 2007 DOI: https://doi.org/10.1145/1280680.1280684
D. Weinshall, S. Kirkpatrick, “Passwords You’ll Never Forget, But Can’t Recall”, Extended Abstracts on Human Factors in Computing Systems, Vienna, Austria, April 24-29, 2004 DOI: https://doi.org/10.1145/985921.986074
A. Perrig, D. Song, “Hash Visualization : A New Technique to improve Real-World Security”, International Workshop on Cryptographic Techniques and E-Commerce, 1999
S. Chiasson, P. C. V. Oorschot, R. Biddle, “Graphical Password Authentication Using Cued Click Points”, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007 DOI: https://doi.org/10.1007/978-3-540-74835-9_24
S. Chiasson, E. Stobert, A. Forget, R. Biddle, P. C. V. Oorschot, “Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism”, IEEE Transactions on Dependable Secure Computing, Vol. 9, No. 2, pp. 222–235, 2012 DOI: https://doi.org/10.1109/TDSC.2011.55
R. Mahey, N. Singh, C. Kumar, N. Bhagwat, P. Verma, “Graphical Password Using an Intuitive Approach”, in: International Conference on Intelligent Computing and Applications , pp. 153–161, Springer, 2016 DOI: https://doi.org/10.1007/978-981-10-5520-1_15
S. Agrawal, A. Z. Ansari, M. S. Umar, “Multimedia Graphical Grid Based Text Password Authentication: For Advanced Users”, Thirteenth IEEE International Conference on Wireless and Optical Communications Networks, Hyderabad, India, July 21-23, 2016 DOI: https://doi.org/10.1109/WOCN.2016.7759884
D. H. Dhandha, P. Chandresh, “Enhancement of password authentication system using recognition based graphical password for web application”, International Journal of Advanced Research in Computer Science, Vol. 8, No. 5, pp. 1135–1139, 2017
A. Danish, L. Sharma, H. Varshney, A. M. Khan, “Alignment Based Graphical Password Authentication System”, 3rd International Conference, Computing for Sustainable Global Development, New Delhi, India, March 16-18, 2016
F. Towhidi, M. Masrom, A. A. Manaf, “An enhancement on passface graphical password authentication”, Journal of Basic and Applied Scientific Research, Vol. 3, No. 2, pp. 135-141, 2013
S. Brostoff, M. A. Sasse, “Are Passfaces more usable than passwords? A field trial investigation”, in: People and Computers XIV-Usability or Else!, pp. 405-424, Springer, 2000 DOI: https://doi.org/10.1007/978-1-4471-0515-2_27
S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, N. Memon, “Passpoints: Design and longitudinal evaluation of a graphical password system”, International Journal of Human-Computer Studies, Vol. 63, No. 1-2, pp. 102-127, 2005 DOI: https://doi.org/10.1016/j.ijhcs.2005.04.010
A. Bertolino, “Software Testing Research: Achievements, Challenges, Dreams”, Future of Software Engineering, Minneapolis, USA, May 23-25, 2007 DOI: https://doi.org/10.1109/FOSE.2007.25
Downloads
How to Cite
License
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
