Lip Yee Por

Date of Award

8-9-2012

Thesis Type

phd

Document Type

Thesis

Divisions

fsktm

Department

Dept of Computer System & Technology

Institution

University of Malaya

Abstract

Over the years, various picture-based password systems were proposed to exploit the utility of pictures for user authentication. However, there are problems associated with these picture-based password authentication systems such as: vulnerability to security threats, and users’ memorability of the passwords. This research was undertaken to develop methods to mitigate shoulder-surfing attack. Two falsifying authentication methods using: (i) penup event and neighbouring connectivity manipulation; and (ii) partial password selection and metaheuristic randomisation algorithm methods, were proposed. The first and second proposed methods were incorporated into the proposed Background Pass-Go (BPG) system and Visual Identification Protocol Professional (VIP Pro) system respectively. To improve the users’ memorability, the upload background picture function and cued colour scheme were proposed for the BPG system; the grid line scaling function and the loose authentication method were proposed for the enhanced BPG system; and the chronological story-based cued recall technique was proposed for the VIP Pro system. Prototypes, simulations, observations and interviews were used as the data gathering methods. An offline FOA Java simulation was carried out to evaluate the capability of the MRA method in preventing FOA attack. Case studies were conducted to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. Kruskal Wallis test and calculation of the success rate in attacking were used to evaluate the capability of the proposed methods in mitigating shoulder-surfing attack. In general, the result of the case studies show that the two proposed falsifying authentication methods are able to mitigate shoulder-surfing attack regardless of the gender and competency levels of the shoulder-surfing attackers. Besides, the proposed MRA is effective in preventing FOA attack. A majority of the survey participants also stated that the proposed cued recall methods can aid users in memorising their password.

Note

Thesis submitted in fulfillment of the requirement for the degree of Doctor of Philosophy

Additional Files
3533-Full_chapters.pdf (4713 kB)
3533-References.pdf (150 kB)
3533-Appendices.pdf (6854 kB)
Download

Share

COinS