Faculty of Computer Science and Information Technology >
Masters Dissertations: Computer Science >
Please use this identifier to cite or link to this item:
|Title: ||Cued recall graphical password system resistant to shoulder surfing|
|Authors: ||Lai, Hooi Li|
|Keywords: ||Alphanumeric passwords|
Graphical password software
|Issue Date: ||Jul-2009 |
|Publisher: ||Universiti Malaya|
|Abstract: ||Access to computer system is often based on the use of alphanumeric passwords. However, users tend to have difficulty in remembering passwords that are long or randomly generated. As a consequence, they have the tendency to create short and simple passwords or write it in a text file and store it in an insecure place such as desk drawer (Adams and Sasse 1999; Morris and Thompson 1979), which in essence is highly vulnerable. To overcome such shortcoming, we proposed the use of graphical password. Graphical password essentially uses images or representation of images as passwords. Fundamentally, graphical password was designed to make passwords easier for user to remember, which should in reality points to a more secure password. According to some survey (Brostoff and Sasse 2000; De Angeli et al. 2002; De Angeli et al. 2005; Dhamija 2000; Dhamija and Perrig 2000; Wiedenbeck et al. 2005c), human’s brain is good in remembering picture than textual character.
There are various graphical password schemes or graphical password software in the market. However, it seems that only a few are capable of resolving the shoulder surfing issue. Therefore, this research would like to present a graphical password system which known as Cued Recall Graphical Password System Resistant to Shoulder Surfing (CRGPS) that uses a scheme that is resistant to shoulder surfing. The adapted scheme is based on the challenge response interactions and cued recall method. In challenge response interactions, server will present a challenge to the client and the client need to give response according to the condition given. If the response is correct then access is granted. Cued recall is basically a component of a memory task in which the subject will be asked to recall on items that were presented to them during an initial training or presentation with some hints being given. Cued recall method was used to increase user capability in remembering of password. During the usability testing, the experimenter explained the purpose of the system and how it worked using the user manual. After that, the participants proceed to login process to authenticate themselves. The first character of each password will be shown as a hint to the participant in the login process.
A usability testing was carried out to measure the satisfactory level of users on the completeness of the system, which include factors such as, turnaround time to access the system, remembering of password using the system and resistant to shoulder surfing. The testing result shows that the CRGPS is resistant to shoulder surfing. Besides, the CRGPS is also user friendly and easy to familiarise with the system.|
|Description: ||Dissertation (M.C.S.) -- Faculty of Computer Science & Information Technology, University of Malaya, 2009.|
|Appears in Collections:||Masters Dissertations: Computer Science|