A Survey: Security Vulnerabilities and Protective Strategies for Graphical Passwords-Reference-Cited by-同舟云学术

A Survey: Security Vulnerabilities and Protective Strategies for Graphical Passwords

Published:2024-08-01 Issue:15 Volume:13 Page:3042
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Saadi Zena Mohammad¹^ORCID,Sadiq Ahmed T.¹^ORCID,Akif Omar Z.²,Farhan Alaa K.¹^ORCID

Affiliation:

1. Computer Science Department, University of Technology—Iraq, Baghdad 10066, Iraq

2. Department of Computer Science, College of Education for Pure Science (Ibn al-Haitham), University of Baghdad, Baghdad 10066, Iraq

Abstract

As technology advances and develops, the need for strong and simple authentication mechanisms that can help protect data intensifies. The contemporary approach to giving access control is through graphical passwords comprising images, patterns, or graphical items. The objective of this review was to determine the documented security risks that are related to the use of graphical passwords, together with the measures that have been taken to prevent them. The review was intended to present an extensive literature review of the subject matter on graphical password protection and to point toward potential future research directions. Many attacks, such as shoulder surfing attacks, SQL injection attacks, and spyware attacks, can easily exploit the graphical password scheme, which is one of the most widely used. To counter these security threats, several measures have been suggested, but none of the security attacks can be completely overcome. Each of the proposed measures has its pros and cons. This study begins by elucidating some of the graphical password schemes studied between 2012 and 2023, delving into potential threats and defense mechanisms associated with these schemes. Following a thorough identification and selection process, five of the reviewed papers explain the threat of shoulder surfing and spyware attacks on graphical password schemes, while two explain the threat of brute force attacks. One paper focuses on dictionary attacks, while four other papers address social engineering, SQL injection attacks, and guessing attacks as potential threats to graphical password schemes. In addition, the papers recognize other forms of attacks, such as video recording attacks, filtering attacks, reverse engineering attacks, multiple observation attacks, key/mouse logger attacks, insider attacks, computer vision attacks, image gallery attacks, sonar attacks, reply attacks, data interception attacks, and histogram manipulation attacks. These attacks are examined in three, three, eight, one, four, one, one, one, one, one, one, and one papers, respectively. Moreover, out of all such countermeasures, most of them are based on three categories—randomization, obfuscation, and password space complexity—which are the most commonly employed strategies for improving graphical password schemes.

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-9292/13/15/3042/pdf

Reference62 articles.

1. Adebimpe, L.A., Ng, I.O., Idris, M.Y.I., Okmi, M., Ku, C.S., Ang, T.F., and Por, L.Y. (2023). Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks. Appl. Sci., 13.

2. Honeyword Generation Using a Proposed Discrete Salp Swarm Algorithm;Yasser;Baghdad Sci. J.,2023

3. Khot, R.A., Kumaraguru, P., and Srinathan, K. (2012, January 26–30). WYSWYE: Shoulder surfing defense for recognition based graphical passwords. Proceedings of the 24th Australian Computer-Human Interaction Conference, Melbourne, Australia.

4. Nagothu, D., Chen, Y., Blasch, E., Aved, A., and Zhu, S. (2019). Detecting Malicious False Frame Injection Attacks on Surveillance Systems at the Edge Using Electrical Network Frequency Signals. Sensors, 19.

5. Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information;Ho;Sci. World J.,2014