PASSBYOP: BRING YOUR OWN PICTURE FOR SECURING GRAPHICAL PASSWORDS

Author (s) : R.Sharmila, A.Akthar Ruksana

---

Abstract :

PassBYOP is a novel graphical password scheme for public terminals that replaces the static digital images typically used in graphical password systems with real-world physical tokens. Users present these images to a system camera and then enter their password as a sequence of selections on live video of the tokens. Highly distinctive optical features are extracted from these selections and used as the password.The authors conducted three feasibility studies of PassBYOP examining its reliability, usability, and security against observation. The reliability study showed that image feature-based passwords are feasible and suggests appropriate system thresholds: password templates should contain a minimum of 10 features, 40% of which must geometrically match originals stored on an authentication server in order to be judged equivalent. The usability study measured task completion times and error rates, revealing these to be 15% and 9%, respectively, broadly comparable with prior graphical password systems that use static digital images. Finally, the security study highlighted PassBYOP's resistance to observation attacks: attackers are unable to compromise a password using shoulder surfing, camera-based observation, or malware.These results indicate that PassBYOP shows promise for security while maintaining the usability of current graphical password schemes.

Keywords : graphical passwords, physical tokens, optical features, reliability, usability, security, observation attacks

Conference Date : 13/11/2020

Pages : 177

Paper ID : 20177