ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Modeling user choice in the PassPoints graphical password scheme
Full text PdfPdf (446 KB)
Source
ACM International Conference Proceeding Series; Vol. 229 archive
Proceedings of the 3rd symposium on Usable privacy and security table of contents
Pittsburgh, Pennsylvania
SESSION: Passwords table of contents
Pages: 20 - 28  
Year of Publication: 2007
ISBN:978-1-59593-801-5
Authors
Ahmet Emir Dirik  Polytechnic University, Brooklyn, NY
Nasir Memon  Polytechnic University, Brooklyn, NY
Jean-Camille Birget  Rutgers University at Camden, Camden, NJ
Sponsor
: CyLab
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 22,   Downloads (12 Months): 165,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1280680.1280684
What is a DOI?

ABSTRACT

We develop a model to identify the most likely regions for users to click in order to create graphical passwords in the PassPoints system. A PassPoints password is a sequence of points, chosen by a user in an image that is displayed on the screen. Our model predicts probabilities of likely click points; this enables us to predict the entropy of a click point in a graphical password for a given image. The model allows us to evaluate automatically whether a given image is well suited for the PassPoints system, and to analyze possible dictionary attacks against the system. We compare the predictions provided by our model to results of experiments involving human users. At this stage, our model and the experiments are small and limited; but they show that user choice can be modeled and that expansions of the model and the experiments are a promising direction of research.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
 
2
S. Akula, V. Devisetty, "Image based registration and authentication system," Midwest Instruction and Computing Symposium (2004).
 
3
J. C. Birget, D. Hong, N. Memon, "Graphical passwords based on robust discretization", IEEE Transactions on Information Forensics and Security 1(3) (Sept. 2006) 395--399. (Earlier version: Cryptology ePrint Archive, http://eprint.iacr.org/2003/168, Aug. 2003.)
 
4
G. E. Blonder, "Graphical Passwords", United States Patent 5559961 (1996).
 
5
M. Boroditsky, "Passlogix Password Schemes" (2002). http://www.passlogix.com
 
6
Dorin Comaniciu , Peter Meer, Mean Shift Analysis and Applications, Proceedings of the International Conference on Computer Vision-Volume 2, p.1197, September 20-25, 1999
 
7
Dorin Comaniciu , Peter Meer, Mean Shift: A Robust Approach Toward Feature Space Analysis, IEEE Transactions on Pattern Analysis and Machine Intelligence, v.24 n.5, p.603-619, May 2002  [doi>10.1109/34.1000236]
8
Lynne Coventry , Antonella De Angeli , Graham Johnson, Usability and biometric verification at the ATM interface, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA  [doi>10.1145/642611.642639]
 
9
Darren Davis , Fabian Monrose , Michael K. Reiter, On user choice in graphical password schemes, Proceedings of the 13th conference on USENIX Security Symposium, p.11-11, August 09-13, 2004, San Diego, CA
 
10
Rachna Dhamija , Adrian Perrig, Déjà Vu: a user study using images for authentication, Proceedings of the 9th conference on USENIX Security Symposium, p.4-4, August 14-17, 2000, Denver, Colorado
 
11
G. Elias, G. Sherwin, J. Wise, "Eye movements while viewing NTSC format television", SMPTE Psychophysics Subcommittee, white paper (1984).
 
12
J. Findlay, "The visual stimulus for saccadic eye movement in human observers", Perception (1980) 7--21.
 
13
D. Hong, S. Man, B. Hawes, M. Mathews, "A password scheme strongly resistant to spyware", Proc. International Conference on Security and Management, Las Vegas NV (2004) 94--100.
 
14
Ian Jermyn , Alain Mayer , Fabian Monrose , Michael K. Reiter , Aviel D. Rubin, The design and analysis of graphical passwords, Proceedings of the 8th conference on USENIX Security Symposium, p.1-1, August 23-26, 1999, Washington, D.C.
 
15
Wei-Chi Ku , Maw-Jinn Tsaur, A Remote User Authentication Scheme Using Strong Graphical Passwords, Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary, p.351-357, November 15-17, 2005  [doi>10.1109/LCN.2005.16]
 
16
Jiebo Luo, Amit Singhal, "On measuring low-level saliency in photographic images", Proc. IEEE Conference on Computer Vision and Pattern Recognition (2000) 84--89.
17
Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
 
18
Wilfried Osberger , Anthony J. Maeder, Automatic Identification of Perceptually Important Regions in an Image, Proceedings of the 14th International Conference on Pattern Recognition-Volume 1, p.701, August 16-20, 1998
 
19
"The Passfaces System", Real User Technology and Products, (2004); http://www.realuser.com/published/RealUserTechnologyAndProducts.pdf
20
Andrew S. Patrick , A. Chris Long , Scott Flinn, HCI and security systems, CHI '03 extended abstracts on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA  [doi>10.1145/765891.766146]
 
21
J. Senders, "Distribution of attention in static and dynamic scenes", Proc. of SPIE, 3016 (1997) 186--194.
 
22
L. Sobrado, J. C. Birget, "Graphical passwords", The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4 (2002).
 
23
Xiaoyuan Suo , Ying Zhu , G. Scott. Owen, Graphical Passwords: A Survey, Proceedings of the 21st Annual Computer Security Applications Conference, p.463-472, December 05-09, 2005  [doi>10.1109/CSAC.2005.27]
 
24
Julie Thorpe , P. C. van Oorschot, Towards Secure Design Choices for Implementing Graphical Passwords, Proceedings of the 20th Annual Computer Security Applications Conference, p.50-60, December 06-10, 2004  [doi>10.1109/CSAC.2004.44]
 
25
M. Tkalcic, J. F. Tasic, "Colour spaces: perceptual, historical and applicational background", EUROCON 2003, Computer as a Tool (2003) 304--308.
26
Daphna Weinshall , Scott Kirkpatrick, Passwords you'll never forget, but can't recall, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985921.986074]
 
27
Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005  [doi>10.1016/j.ijhcs.2005.04.010]
 
28
Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005  [doi>10.1016/j.ijhcs.2005.04.010]
 
29
A. Yarbus, Eye Movements and Vision, Plenum Press, New York, NY (1967).
 
30
J. Zhao, Y. Shimazu, K. Ohta, R. Hayasaka, Y. Matsushita, "An outstandingness oriented image segmentation and its application", ISSPA (1996) 45--48.
 
31
J. Thorpe, P. C. van Oorschot, "Human-seeded attacks and exploiting hot-spots in graphical passwords", TR-07-05, School of Computer Science, Carleton University, (Feb. 2007), (Added in proofs).

CITED BY  6
Saranga Komanduri , Dugald R. Hutchings, Order and entropy in picture passwords, Proceedings of graphics interface 2008, May 28-30, 2008, Windsor, Ontario, Canada
Paul Dunphy , Jeff Yan, Do background images improve "draw a secret" graphical passwords?, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Paul Dunphy , James Nicholson , Patrick Olivier, Securing passfaces for description, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
Roman Weiss , Alexander De Luca, PassShapes: utilizing stroke based authentication to increase password memorability, Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges, October 20-22, 2008, Lund, Sweden
Sonia Chiasson , Alain Forget , Robert Biddle , P. C. van Oorschot, Influencing users towards better passwords: persuasive cued click-points, Proceedings of the 22nd British HCI Group Annual Conference on HCI 2008: People and Computers XXII: Culture, Creativity, Interaction, September 01-05, 2008, Liverpool, United Kingdom
K. V. Renaud, Guidelines for designing graphical authentication mechanism interfaces, International Journal of Information and Computer Security, v.3 n.1, p.60-85, June 2009

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Graphical user interfaces (GUI)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


Keywords:
dictionary attack, graphical passwords, password entropy, user behavior

Collaborative Colleagues:
Ahmet Emir Dirik: colleagues
Nasir Memon: colleagues
Jean-Camille Birget: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player