AcSIS: Authentication System Based on Image Splicing

S. Hamid, N. Z. Bawany, S. Khan

Abstract


Text-based passwords are widely used for the authentication of digital assets. Typically, password security and usability is a trade-off, i.e. easy-to-remember passwords have higher usability that makes them vulnerable to brute-force and dictionary attacks. Complex passwords have stronger security but poor usability. In order to strengthen the security in conjunction with the improved usability, we hereby propose a novel graphical authentication system. This system is a picture-based password scheme which comprises of the method of image splicing. Authentication data were collected from 33 different users. The usability of the method was evaluated via a comparison between the number of correct and incorrect authentication attempts and time taken. Additionally, a comparison was made between our proposed method and a complex text-based password authentication method using the authentication success rate. Authentication using image splicing proved to be resilient to brute-force attacks since the processing of images consumes a voluminous password space. The evaluation of the usability revealed that graphical passwords were easy-to-remember, resulting in a higher number of correct attempts. The proposed method produced 50% higher success rate compared to the text-based method. Findings motivate the use of the proposed method for securing digital assets.


Keywords


secured authentication; brute force attack; graphical authentication; picture-based authentication; image splicing; graphical passwords

Full Text:

PDF

References


S. Xiaoyuan, Z. Ying, G. S. Owen, “Graphical Passwords: A Survey”, 21st Annual Computer Security Applications Conference, Tucson, USA, December 5-9, 2005

D. Florencio, C. Herley, “A Large-Scale Study of Web Password Habits”, 16th International Conference on World Wide Web, Banff, Canada, May 8-12, 2007

J. Yan, A. Blackwell, R. Anderson, A. Grant, “Password memorability and security: Empirical results”, IEEE Security and Privacy, Vol. 2, No. 5, pp. 25–31, 2004

C. Kuo, S. Romanosky, L. F. Cranor, “Human Selection of Mnemonic Phrase-Based Passwords”, Second Symposium on Usable Privacy and Security, Pittsburgh, USA, July 12-14, 2006

L. O’Gorman, “Comparing passwords, tokens, and biometrics for user authentication”, Proceedings of the IEEE, Vol. 91, No. 12, pp. 2021–2040, 2003

A. K. Jain, K. Nandakumar, A. Nagar, “Biometric Template Security”, EURASIP Journal on Advances in Signal Processing, Vol. 2008, Article ID 579416, 2008

C. Roberts, “Biometric attack vectors and defences”, Computers and Security, Vol. 26, No. 1, pp. 14–25, 2007

M. D. Amico, P. Michiardi, Y. Roudier, “Password Strength: An Empirical Analysis”, IEEE INFOCOM, San Diego, USA, March 14-19, 2010

A. Narayanan, V. Shmatikov, “Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff”, 12th ACM Conference on Computer and Communications Security, Alexandria, USA, November 7-11, 2005

S. K. Modi, S. J. Elliott, “Impact of Image Quality on Performance: Comparison of Young and Elderly Fingerprints”, 6th International Conference on Recent Advances in Software Computing, West Lafayette, USA, 2006

S. K. Modi, S. J. Elliott, J. Whetsone, H. Kim, “Impact of Age Groups on Fingerprint Recognition Performance”, IEEE Workshop on Automatic Identification Advanced Technologies, Alghero, Italy, June 7-8, 2007

A. Paivio, T. B. Rogers, P. C. Smythe, “Why are pictures easier to recall than words?”, Psychonomic Science, Vol. 11, No. 4, pp. 137–138, 1968

M. H. Erdelyi, J. Becker, “Hypermnesia for pictures: Incremental memory for pictures but not words in multiple recall trials”, Cognitive Psychology, Vol. 6, No. 1, pp. 159–171, 1974

C. L. Grady, A. R. Mcintosh, M. N. Rajah, F. I. M. Craik, “Neural correlates of the episodic encoding of pictures and words”, National Academy of Sciences, Vol. 95, No. 5, pp. 2703–2708, 1998

S. Nasiri, M. T. Sharabian, M. Aajami, “Using combined one-time password for prevention of phishing attacks”, Engineering, Technology & Applied Science Research, Vol. 7, No. 6, pp. 2328-2333, 2017

D. Virmani, P. Girdhar, P. Jain, P. Bamdev, “FDREnet: Face detection and recognition pipeline”, Engineering, Technology & Applied Science Research, Vol. 9, No. 2, pp. 3933-3938, 2019

R. Rasras, Z. Alqadi, M. Rasmi, A. Sara, “A methodology based on steganography and cryptography to protect highly secure messages”, Engineering, Technology & Applied Science Research, Vol. 9, No. 1, pp. 3681-3684, 2019

G. E. Blonder, Graphical Password, U.S. Patent 5,559,961, 1996

W. Meng, F. Fei, L. Jiang, Z. Liu, C. Su, J. Han, “CPMap: Design of Click-Points Map-Based Graphical Password Authentication”, IFIP International Conference on ICT Systems Security and Privacy Protection, Poznan, Poland, September 18-20, 2018

C. Katsini, C. Fidas, M. Belk, G. Samaras, N. Avouris, “A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication”, International Journal of Human–Computer Interaction, available at: https://www.tandfonline.com/doi/full/10.1080/

2019.1574057

L. N. Tiller, C. A. Angelini, S. C. Leibner, J. D. Still, “Explore-a-Nation: Combining Graphical and Alphanumeric Authentication”, International Conference on Human-Computer Interaction, Orlando, USA, July 26-31, 2019

R. Dhamija, A. Perrig, “Deja Vu: A User Study Using Images for Authentication”, 9th USENIX Security Symposium Paper, Denver, USA, August 14-17, 2000

A. E. Dirik, N. Memon, J. C. Birget, “Modeling User Choice in the PassPoints Graphical Password Scheme”, 3rd Symposium on Usable Privacy and Security, Pittsburgh, USA, July 18-20, 2007

D. Weinshall, S. Kirkpatrick, “Passwords You’ll Never Forget, But Can’t Recall”, Extended Abstracts on Human Factors in Computing Systems, Vienna, Austria, April 24-29, 2004

A. Perrig, D. Song, “Hash Visualization : A New Technique to improve Real-World Security”, International Workshop on Cryptographic Techniques and E-Commerce, 1999

S. Chiasson, P. C. V. Oorschot, R. Biddle, “Graphical Password Authentication Using Cued Click Points”, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007

S. Chiasson, E. Stobert, A. Forget, R. Biddle, P. C. V. Oorschot, “Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism”, IEEE Transactions on Dependable Secure Computing, Vol. 9, No. 2, pp. 222–235, 2012

R. Mahey, N. Singh, C. Kumar, N. Bhagwat, P. Verma, “Graphical Password Using an Intuitive Approach”, in: International Conference on Intelligent Computing and Applications , pp. 153–161, Springer, 2016

S. Agrawal, A. Z. Ansari, M. S. Umar, “Multimedia Graphical Grid Based Text Password Authentication: For Advanced Users”, Thirteenth IEEE International Conference on Wireless and Optical Communications Networks, Hyderabad, India, July 21-23, 2016

D. H. Dhandha, P. Chandresh, “Enhancement of password authentication system using recognition based graphical password for web application”, International Journal of Advanced Research in Computer Science, Vol. 8, No. 5, pp. 1135–1139, 2017

A. Danish, L. Sharma, H. Varshney, A. M. Khan, “Alignment Based Graphical Password Authentication System”, 3rd International Conference, Computing for Sustainable Global Development, New Delhi, India, March 16-18, 2016

F. Towhidi, M. Masrom, A. A. Manaf, “An enhancement on passface graphical password authentication”, Journal of Basic and Applied Scientific Research, Vol. 3, No. 2, pp. 135-141, 2013

S. Brostoff, M. A. Sasse, “Are Passfaces more usable than passwords? A field trial investigation”, in: People and Computers XIV-Usability or Else!, pp. 405-424, Springer, 2000

S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, N. Memon, “Passpoints: Design and longitudinal evaluation of a graphical password system”, International Journal of Human-Computer Studies, Vol. 63, No. 1-2, pp. 102-127, 2005

A. Bertolino, “Software Testing Research: Achievements, Challenges, Dreams”, Future of Software Engineering, Minneapolis, USA, May 23-25, 2007

https://morguefile.com/

https://www.shutterstock.com/




eISSN: 1792-8036     pISSN: 2241-4487