The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Security analyses of click-based graphical passwords via image point memorability

Security analyses of click-based graphical passwords via image point memorability
Security analyses of click-based graphical passwords via image point memorability
We propose a novel concept and a model of image point memorability (IPM) for analyzing click-based graphical passwords that have been studied extensively in both the security and HCI communities. In our model, each point in an image is associated with a numeric index that indicates the point's memorability level. This index can be approximated either by automatic computer vision algorithms or via human assistance. Using our model, we can rank-order image points by their relative memorability with a decent accuracy. We show that the IPM model has both defensive and offensive applications. On the one hand, we apply the model to generate high-quality graphical honeywords. This is the first work on honeywords for graphical passwords, whereas all previous methods are only for generating text honeywords and thus inapplicable. On the other hand, we use the IPM model to develop the first successful dictionary attacks on Persuasive Cued Click Points (PCCP), which is the state-of-the-art click-based graphical password scheme and robust to all prior dictionary attacks. We show that the probability distribution of PCCP passwords is seriously biased when it is examined with the lens of the IPM model. Although PCCP was designed to generate random passwords, its effective password space as we measured can be as small as 30.58 bits, which is substantially weaker than its theoretical and commonly believed strength (43 bits). The IPM model is applicable to all click-based graphical password schemes, and our analyses can be extended to other graphical passwords as well.
Authentication, Dictionary attacks, Graphical honeywords, Image point memorability
1217-1231
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Yang, Maowei
ee8d852b-f889-4077-b74b-3045a40b3a8f
Wei, Dongchen
cb37afcc-e4c2-4a1a-8bae-ed79e8845e62
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Yang, Maowei
ee8d852b-f889-4077-b74b-3045a40b3a8f
Wei, Dongchen
cb37afcc-e4c2-4a1a-8bae-ed79e8845e62

Zhu, Bin B., Yan, Jeff, Yang, Maowei and Wei, Dongchen (2014) Security analyses of click-based graphical passwords via image point memorability. In, Proceedings of the ACM Conference on Computer and Communications Security. (Proceedings of the ACM Conference on Computer and Communications Security) pp. 1217-1231. (doi:10.1145/2660267.2660364).

Record type: Book Section

Abstract

We propose a novel concept and a model of image point memorability (IPM) for analyzing click-based graphical passwords that have been studied extensively in both the security and HCI communities. In our model, each point in an image is associated with a numeric index that indicates the point's memorability level. This index can be approximated either by automatic computer vision algorithms or via human assistance. Using our model, we can rank-order image points by their relative memorability with a decent accuracy. We show that the IPM model has both defensive and offensive applications. On the one hand, we apply the model to generate high-quality graphical honeywords. This is the first work on honeywords for graphical passwords, whereas all previous methods are only for generating text honeywords and thus inapplicable. On the other hand, we use the IPM model to develop the first successful dictionary attacks on Persuasive Cued Click Points (PCCP), which is the state-of-the-art click-based graphical password scheme and robust to all prior dictionary attacks. We show that the probability distribution of PCCP passwords is seriously biased when it is examined with the lens of the IPM model. Although PCCP was designed to generate random passwords, its effective password space as we measured can be as small as 30.58 bits, which is substantially weaker than its theoretical and commonly believed strength (43 bits). The IPM model is applicable to all click-based graphical password schemes, and our analyses can be extended to other graphical passwords as well.

This record has no associated files available for download.

More information

Published date: March 2014
Keywords: Authentication, Dictionary attacks, Graphical honeywords, Image point memorability
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 500793
URI: http://eprints.soton.ac.uk/id/eprint/500793
DOI: doi:10.1145/2660267.2660364
PURE UUID: 58eb7d4a-53bf-4368-8d1c-5883e1c3b915

Catalogue record

Date deposited: 13 May 2025 16:50
Last modified: 13 May 2025 16:50

Export record

Altmetrics

Contributors

Author: Bin B. Zhu
Author: Jeff Yan
Author: Maowei Yang
Author: Dongchen Wei

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×