Your search keyword '"Rosanne English"' showing total 3 results

1. Simulating and modelling the effectiveness of graphical password intersection attacks

Author

Rosanne English

Subjects

Scheme (programming language), Password, User authentication, Authentication, Computer Networks and Communications, Intersection (set theory), Computer science, Construct (python library), Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Countermeasure, Computational Theory and Mathematics, computer, Software, computer.programming_language

Abstract

Recognition-based graphical passwords RBGPs are often proposed as an alternative user authentication mechanism. However, discussion of attack resistance often lacks quantitative examination. Establishing the efficacy of countermeasures could allow selection of an appropriate countermeasure for the level of security required by a given system. Furthermore, this information could be used to construct a model to estimate the number of intersection attacks required before success. This research contributes to these goals by establishing effective countermeasures and a model for intersection attacks. The approach involves creating a simulation of intersection attacks using five possible countermeasures and performing analysis to determine efficacy. Results show that using dummy screens does not increase the number of attacks required. It is also shown that increasing the number of challenge screens can increase and reduce the number of attacks required. Also presented is a model for RBGP schemes that can be used to estimate the number of intersection attacks required for a RBGP scheme when configuration values such as the number of challenge screens are known. This allows a quantitative choice of countermeasure for intersection attacks and a calculation that can provide a basis of comparison with other RBGP schemes, which was previously not possible. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

2. The effectiveness of intersection attack countermeasures for graphical passwords

Author

Ron Poet and Rosanne English

Subjects

Password, Computer graphics, QA75, Authentication, Countermeasure, Computer science, Intersection (set theory), State (computer science), Computer security, computer.software_genre, Set (psychology), computer, Image (mathematics)

Abstract

Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks.

Published

2012

3. Towards a metric for recognition-based graphical password security

Author

Ron Poet and Rosanne English

Subjects

Password, QA75, Password policy, Authentication, Computer science, Shoulder surfing, Computer security, computer.software_genre, One-time password, Replay attack, computer, Software metric, Password strength

Abstract

Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing,\ud intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme.

Published

2011