An analytical study of 4-way recognition based sequence reproduction scheme in graphical password

Abstract

Computer and Network security is a very crucial issue of growing concern impacting user authorisation where textual passwords are widely used when accessing computers, networks, accounts and websites. A big drawback of the textual password is its inability to resist against several forms of password attacks such as guessing, dictionary attack, key-loggers, shouldersurfing and social engineering. Other than being able to be secure against these attacks, passwords should be easy to memorise and recall. Therefore, usability and security are two important issues of concern when working with passwords. Graphical Password seems to be the solution for the conventional type of authentication, text-based passwords, which will be briefly described throughout this document. Graphical authentication schemes originally contain pictures that either the user has to click on parts of it or choose different shapes and images. Researchers have also made possible for users to draw their own image on grids. Despite the high standards of Graphical Passwords, they are still vulnerable to some kinds of attacks. Our goal is to propose a new Graphical Password scheme that takes advantage of graphical input display capabilities to achieve higher security and better usability levels than can be achieved through text-based passwords. The proposed research is an approach to enhance existing Graphical Password techniques and make it resistant against attacks like Shoulder Surfing. This system has been improved to provide a wider password space in such a way that more server variables are involved such as the inclusion of a date and its combinations when choosing the password. A waterfall model is used to perform the software development life cycle phases because is the most adequate model for implementing small to mid size projects. On top of that other techniques for gathering data such as questionnaires and surveys are used to assess the security and usability features of the system [See Chapter Six, Tables 6.5 and 6.6]. Overall, based on the results of the evaluation of the system it is concluded that users were satisfied using the system; therefore it can be concluded that most of the usability features have been achieved, as well as the mentioned security parameters that is being resistant to shoulder surfing and guessing attacks. The study on the robustness of the system against Sniffing and the provision of a facility for users to upload their own pictures as another alternative for a password is also suggested for further study.