Affiliation:
1. Instituto de Criptografía, Facultad de Matemática y Computación, Universidad de la Habana, Habana 10400, Cuba
2. Facultad de Ciencias Económicas y Empresariales, Universidad Panamericana, Álvaro del Portillo 49, Zapopan 45010, JAL, Mexico
Abstract
This research paper presents a new test based on a novel approach for identifying clustered graphical passwords within the Passpoints scenario. Clustered graphical passwords are considered a weakness of graphical authentication systems, introduced by users during the registration phase, and thus it is necessary to have methods for the detection and prevention of such weaknesses. Graphical authentication methods serve as a viable alternative to the conventional alphanumeric password-based authentication method, which is susceptible to known weaknesses arising from user-generated passwords of this nature. The test proposed in this study is based on estimating the distributions of the perimeter of the convex hull, based on the hypothesis that the perimeter of the convex hull of a set of five clustered points is smaller than the one formed by random points. This convex hull is computed based on the points that users select as passwords within an image measuring 1920 × 1080 pixels, using the built-in function convhull in Matlab R2018a relying on the Qhull algorithm. The test was formulated by choosing the optimal distribution that fits the data from a total of 54 distributions, evaluated using the Kolmogorov–Smirnov, Anderson–Darling, and Chi-squared tests, thus achieving the highest reliability. Evaluating the effectiveness of the proposed test involves estimating type I and II errors, for five levels of significance α∈{0.01,0.02,0.05,0.1,0.2}, by simulating datasets of random and clustered graphical passwords with different levels of clustering. In this study, we compare the effectiveness and efficiency of the proposed test with existing tests from the literature that can detect this type of pattern in Passpoints graphical passwords. Our findings indicate that the new test demonstrates a significant improvement in effectiveness compared to previously published tests. Furthermore, the joint application of the two tests also shows improvement. Depending on the significance level determined by the user or system, the enhancement results in a higher detection rate of clustered passwords, ranging from 0.1% to 8% compared to the most effective previous methods. This improvement leads to a decrease in the estimated probability of committing a type II error. In terms of efficiency, the proposed test outperforms several previous tests; however, it falls short of being the most efficient, using computation time measured in seconds as a metric. It can be concluded that the newly developed test demonstrates the highest effectiveness and the second-highest efficiency level compared to the other tests available in the existing literature for the same purpose. The test was designed to be implemented in graphical authentication systems to prevent users from selecting weak graphical passwords, enhance password strength, and improve system security.
Reference37 articles.
1. David, L., and Wool, A. (2021). An explainable online password strength estimator. Computer Security–ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, 4–8 October 2021, Springer International Publishing. Proceedings, Part I 26.
2. A Taxonomy of Multimedia-based Graphical User Authentication for Green Internet of Things;Awan;ACM Trans. Internet Technol. (TOIT),2021
3. Password and Passphrase Guessing with Recurrent Neural Networks;Nosenko;Inf. Syst. Front.,2023
4. Rando, J., Perez-Cruz, F., and Hitaj, B. (2023). PassGPT: Password Modeling and (Guided) Generation with Large Language Models. European Symposium on Research in Computer Security, Springer Nature.
5. Computational modelling of visual attention;Itti;Nat. Rev. Neurosci.,2001