Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Comparing The Proof By Knowledge Authentication Techniques
Stamati Gkarafli , Anastasios A. Economides
Pages - 237 - 255     |    Revised - 30-04-2010     |    Published - 10-06-2010
Volume - 4   Issue - 2    |    Publication Date - May 2010  Table of Contents
graphical passwords, visual passwords, text passwords, user authentication
This paper presents a survey of proof by knowledge authentication techniques (text passwords, visual passwords and graphical passwords). Both new methods are more memorable, as people have to remember images and not characters and graphical passwords are also more secure. A total of 100 users participated in our survey, who after getting informed about the new authentication methods, they answered to the questionnaire that we have prepared. Based on their answers all users have many passwords for their everyday needs and they try to select passwords that are not only memorable, but also secure. Unfortunately, they can not deal with proper password selection and they become victims of dictionary attacks. Understanding this situation, participants were very positive in learning more about the new authentication methods. They found both techniques memorable and friendly – visual passwords at most, but they found graphical passwords a bit more complex and difficult to learn how to use them, something that they can overcome with small practice.
CITED BY (10)  
1 Sekulski, R., & Woda, M. (2015). Authorial, Adaptive Method of Users’ Authentication and Authorization. In Computational Intelligence and Efficiency in Engineering Systems (pp. 171-184). Springer International Publishing.
2 Dhankar, M. (2015). Network Security-Authentication Methods and Firewall. IITM Journal of Management and IT, 6(1), 73-79.
3 Sekulski, R., & Woda, M. (2015). A Novel Approach to Users Authentication and Authorization. Studia Informatica, 36(2), 5-22.
4 Chaczko, Z., Jacak, W., & Luba, T. (2015). Computational Intelligence and Efficiency in Engineering Systems (Vol. 595). G. Borowik (Ed.). Springer.
5 Sekulski, R., & Woda, M. (2014). Adaptive method of users authentication and authorisation. In Proceedings of the 2nd Asia-Pacific Conference on Computer-Aided System Engineering, APCASE (pp. 10-12).
6 van Eekelen, W., van den Elst, J., & Khan, V. J. (2014). Dynamic layering graphical elements for graphical password schemes. Creating the Difference, 65.
7 Shrivastava, A., & Rizvi, M. A. (2014). Network Security Analysis Based on Authentication Techniques.
8 van Eekelen, W. A., van den Elst, J., & Khan, V. J. (2013, April). Picassopass: a password scheme using a dynamically layered combination of graphical elements. In CHI'13 Extended Abstracts on Human Factors in Computing Systems (pp. 1857-1862). ACM.
9 Skracic, K., Pale, P., & Jeren, B. (2013, May). Knowledge based authentication requirements. In Information & Communication Technology Electronics & Microelectronics (MIPRO), 2013 36th International Convention on (pp. 1116-1120). IEEE.
10 Skracic, K., Pale, P., & Jeren, B. (2013, January). Knowledge based authentication requirements. In MIPRO 2012 International Convention Opatija.
1 Google Scholar 
2 Academic Journals Database 
3 ScientificCommons 
4 Academic Index 
5 CiteSeerX 
6 refSeek 
7 iSEEK 
8 Socol@r  
9 ResearchGATE 
10 Libsearch 
11 Bielefeld Academic Search Engine (BASE) 
12 Scribd 
13 WorldCat 
14 SlideShare 
16 PdfSR 
1 Bammigatti, P. H., and Rao, P. R. “Delegation in role based access control model for workflow systems”. International Journal of Computer Science and Security, 2(2): 1-10, 2008.
2 Chandrasekar, A., Rajasekar, V. R. and Vasudevan, V. “Improved authentication and key agreement protocol using elliptic curve cryptography”. International Journal of Computer Science and Security, 3(4): 325-333, 2009.
3 Kar, J. and Banshidhar, M. “An efficient password security of multi-party key exchange protocol based on ECDLP”. International Journal of Computer Science and Security, 3(5): 405-413, 2009.
4 Tahir, M. N. “Hierarchies in contextual role-based access control model (C-RBAC)”. International Journal of Computer Science and Security, 2(4): 28-42, 2008.
5 Tahir, M. N. “Testing of contextual role-based access control model (C-RBAC)”. International Journal of Computer Science and Security, 3(1): 62-75, 2009.
6 W. Jansen. “Authenticating users on handheld devices”. In Proceedings of the Canadian Information Technology Security Symposium, 2003.
7 Bhagwat, R. and Kulkarni, A. (2010). “An overview of registration based and registration free methods for cancelable fingerprint template”. International Journal of Computer Science and Security, 4(1): 23-30, 2010.
8 H. Davies. “Physiognomic access control”. Information Security Monitor, 10(3): 5-8, 2005.
9 K. Gilhooly. “Biometrics: Getting back to business”. Computerworld, May 2005.
10 D. Klein. “Foiling the Cracker: a survey of, and improvements to, password security”. In Proceedings of the 2n USENIX Security Workshop, pp. 5-14, 1990.
11 de A. Angeli, L. Coventry, G. Johnson and K. Renaud. “Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems”. International Journal of Human-Computer Studies, 63: 128-152, July 2005.
12 H. Bolande. “Forget passwords, what about pictures?”. http://zdnet.com.com/2102-11-525841.html
13 X. Suo, Y. Zhu and S. G. Owen. “Graphical passwords: A survey”. In Proceedings of the Annual Computer Security Applications Conference, Marriott University Park, Tucson, Arizona, 2005.
14 K. Renaud and de A. Angeli. “My password is here! An investigation into visuo-spatial authentication mechanisms”. Interacting with Computers, 16: 1017-1041, 2004.
15 L. Sobrado and C. J. Birget. “Graphical passwords”. The Rutgers Scholar, 4, 2002. http://RutgersScholar.rutgers.edu/volume04/contents.htm.
16 F. Tari, A. A. Ozok and H. S. Holden “A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords”. In ACM International Conference Proceeding Series, 149: 56-66, 2006.
17 ] A. Perrig and D. Song. “Hash visualization: A new technique to improve real-world security”. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CryTEC ’99).
18 Real User Corporation. “About passfaces”, http://www.realuser.com/cgi-bin/ru.exe/_/homepages/ technology/passfaces.htm, accessed in November 2006.
19 D. Davis, F. Monrose and M. Reiter. “On user choice in graphical password schemes”. In Proceedings of the 13th USENIX Security Symposium, 2004.
20 R. Dhamija and A. Perrig. “Déjà Vu: A user study using images for authentication”. In Proceedings of the 9th USENIX Security Symposium, 2000.
21 A. Bauer. “Gallery of random art”, 1998, http://andrej.com/art, accessed in December 2008.
22 W. Jansen. “Authenticating mobile device users through image selection”. Data Security, May 2004.
23 Passlogix. www.passlogix.com, accessed in November 2006.
24 E. G. Blonder. “Graphical passwords”. Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States, 1996.
25 S. Wiedenbeck, J. Waters, C. J. Birget, A. Brodskiy and N. Memon. “Authentication using graphical passwords: Basic results”. In Human-Computer Interaction International (HCII 2005). Las Vegas, NV, 2005.
26 S. Wiedenbeck, J. Waters, C. J. Birget, A. Brodskiy and N. Memon. “Authentication using graphical passwords: Effects of tolerance and image choice”. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS). Carnegie-Mellon University, Pittsburgh, 2005.
27 S. Wiedenbeck, J. Waters, C.J. Birget, A. Brodskiy and N. Memon. “PassPoints: Design and longitudinal evaluation of a graphical password system”. International Journal of Human Computer Studies (Special Issue on HCI Research in Privacy and Security), 63: 102-127, 2005.
28 I. Jermyn, A. Mayer, F. Monrose, K. M. Reiter and D. A. Rubin. “The design and analysis of graphical passwords”. In Proceedings of the 8th USENIX Security Symposium. 1999.
29 D. Nali and J. Thorpe. “Analysing user choice in graphical passwords”. Tech. Report TR-04-01, School of Computer Science, Carleton University, Canada, 2004.
30 C. P. van Oorschot and J. Thorpe. “On the security of graphical password schemes”. Technical Report TR-05-11. Integration and extension of USENIX Security 2004 and ACSAC 2004 papers.
31 J. Thorpe and P. Van Oorschot. “Graphical dictionaries and the memorable space of graphical passwords”. In Proceedings of the 13th UNIX Security Symposium, August 2004.
32 J. C. Birget, D. Hong and N. Memon. “Robust discretization with an application to graphical passwords”. Cryptology ePrint Archive, Report 2003/168, http://eprint.iacr.org,
33 K. Chalkias, A. Alexiadis and G. Stephanides. “A multi-grid graphical password scheme”. In Proceedings of the 6th International Conference on Artificial Intelligence and Digital Communications, Thessaloniki, Greece, 2006.
34 A. Alexiadis, K. Chalkias and G. Stephanides. “Implementing a graphical password scheme that uses nested grids”. In Proceedings of the International Conference for Internet Technology and Secured Transactions (ICITST 2006), London, United Kingdom, 2006.
35 I. Irakleous, M. S. Furnell, S. P. Dowland and M. Papadaki. “An experimental comparison of secret-based user authentication technologies”. Information Management & Computer Security, 10: 100-108, 2002.
36 B. Tribelhorn. “End user security”, 2002. http://www.cs.hmc.edu/~mike/public_html/courses/ security/s06/projects/index.html, accessed in November 2008.
37 Y. Kim and T. Kwon. “An authentication scheme based upon face recognition for the mobile environment”. In Proceedings of the International symposium on computational and information science No1, Shanghai, China, 2004.
38 J. Goldberg, J. Hagman and V. Sazawal. “Doodling our way to better authentication”. CHI '02 extended abstracts on Human Factors in Computer Systems, Minneapolis (ACM Press), 2002.
39 R. Weiss and A. del Luca. “PassShapes: Utilizing stroke based authentication to increase password memorability”. In Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges. Lund, Sweden, ACM pp. 383-392, 2008.
40 A. M. Eljetlawi and N. Ithnin. “Graphical password: Prototype usability survey”. In Proceedings IEEE International Conference on Advanced Computer Theory and Engineering, pp. 351-355, 2008.
41 K. M. Everitt, T. Bragin, J. Fogarty and T. Kohno. “A comprehensive study of frequency, interference, and training of multiple graphical passwords”. In Proceedings of the 27th international conference on Human factors in computing systems. Boston, MA, USA. ACM, pp. 889-898, 2009.
42 S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot and R. Biddle. “Multiple password interference in text passwords and click-based graphical passwords”. ACM CCS’09, November 9–13, 2009, Chicago, Illinois, USA, 2009.
43 A. A. Ozok and S. Holden “A strategy for increasing user acceptance of authentication systems: Insights from an empirical study of user preferences and performance”. International Journal of Business and Systems Research, 2(4): 343-364, 2008.
44 K. Johnson and S. Werner. “Graphical user authentication: A comparative evaluation of composite scene authentication vs. three competing graphical passcode systems”. Human Factors and Ergonomics Society Annual Meeting Proceedings, 52: 542-546, 2008.
45 M. D. Hafiz, A. H. Abdullah, N. Ithnin and H. K. Mammi. “Towards identifying usability and security features of graphical password in knowledge based authentication technique”. In Proceedings of the Second Asia International Conference on Modelling and Simulation, IEEE, pp. 396-403, 2008.
46 L. Y. Por and X. T. Lin. “Multi-grid background Pass-Go”. WSEAS Transactions on Information Science and Applications, 7(7): 1137-1148, 2008.
Mr. Stamati Gkarafli
- Greece
Mr. Anastasios A. Economides
- Greece