Analysis and Experiment of Graphical Password Schemes Resistant to Login-Recording Attacks and Improvement

• Main Authors: Yu-Chang Yeh, 葉育彰
• Other Authors: Wei-Chi Ku
• Format: Others
• Language: zh-TW
• Published: 2013
• Online Access: http://ndltd.ncl.edu.tw/handle/18053791702569585695

碩士 === 國立臺中教育大學 === 資訊工程學系 === 101 === Conventional textual password schemes and graphical password schemes are vulnerable to login-recording attacks, including the shoulder-surfing attack, the hidden camera attack, the spyware attack, and the wiretapping attack. Thus, graphical password schemes with resistance to login-recording attacks based on various techniques have been proposed. Furthermore, as most users are familiar with textual passwords, some researchers have proposed graphical text-based password schemes with resistance to login-recording attacks, in which the user memorizes texts as his password while the system employs a graphical interface to protect the textual password against login-recording attacks. In 2011, we have proposed a graphical password scheme with resistance to login-recording attacks, RiS, and a graphical text-based password scheme with resistance to login-recording attacks, T-RiS. However, we found that our previous security analysis for RiS and T-RiS are not accurate, and our previous prototype implementations of RiS and T-RiS are not considerate enough, which may affect the security and usability in practice. In this thesis, we continue to improve the prototype implementations of RiS and T-RiS, refine the security analysis for RiS and T-RiS, and perform security simulation and usability experiments for validating our theoretical analysis results. In addition, as handheld devices are booming in recent years, we also propose a graphical text-based password scheme resistant to login-recording attacks suitable for handheld devices, ColorPalette, in which a qwerty-like keyboard is used to facilitate the user to efficient and easily find the password characters and color buttons are used to resist login-recording attacks. We not only theoretically analyze the security and usability of ColorPalette, but also perform security simulations and usability experiments to validate our theoretical analysis results for ColorPalette.