Shoulder surfing resistant graphical password scheme

• Main Authors: Chia-Cheng Yao, 姚佳政
• Other Authors: Jia-Ning Luo
• Format: Others
• Language: zh-TW
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/07032879026859472900

碩士 === 銘傳大學 === 電腦與通訊工程學系碩士班 === 99 === User authentication is an important issue in network security. User authentication is the base of access control and auditing in most computer systems. Traditional authentication methods such as password system are at risk of offline dictionary attack, phishing attack, shoulder surfing attack, and other malicious software attacks. Therefore, graphical password authentication mechanisms are proposed to prevent the above attacks. In this paper, we propose an novel scheme to improve the security of the SSSL scheme. In SSSL’s scheme, the password space is limited to night digits, which is suffering from password brute force attack. In our scheme, we use extensible cellular architecture to re-arrange the password input system; users should enter a vector which is the combination of direction and distance from the password to a random selected challenge character.. In the password verification scheme, each of the user input vector is normalize to a shortest path form and compares with the correct vector which is calculated by the system automatically. In our scheme, the password space is extensible by increasing the cellular size. In the security analysis chapter, we show that our scheme is against of shoulder surfing attack, phishing attacks and other malicious software attacks. We also discuss the probability of brute-force attack. To increase the password strength of the systems, the administrator can expand the cellular size to meet the security requirement.