Proceedings of the 2013 International Conference on Advanced Computer Science and Electronics Information (ICACSEI 2013)

A Graphical Password Scheme against Snapshot, Remote Monitoring, And Shoulder-surfing with Its Application in One-Time Password

Cheng xue Qian, Xing wei Song, Yun Huang, Xue jia Lai
Corresponding author
Graphical password, snapshot, shoulder-surfing, OTP.
In this paper, we present a novel user-friendly graphical password scheme resistant against "watching" attacks. Snapshot, remote monitoring, and shoulder-surfing have in common that all these attacks act as if one could directly watch the users' behavior on the screen, resulting in an insecure use of alphanumeric passwords ("watching" attacks). New technology based on graphical passwords uses graphs as authentication media where the user identifies, reproduces, or interacts with graphs to prove his identity, which partly blocks the danger. However, current graphical passwords such as D-A-S, PassPoints, Passfaces TM, and the algorithms D. Hong and Sobrado, etc. proposed are either too complicated or ineffective against "watching" attacks. In our proposal, the authentication process uses familiar images that only true users can recognize. It is hard to fabricate even many previous authentication processes are totally exposed. Furthermore a detailed application in OTP, which basically establishes an extra OTP input encryption, is discussed and its security analysis is presented.
Download article (PDF)