Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks-Reference-Cited by-同舟云学术

Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

Published:2023-09-06 Issue:18 Volume:13 Page:10040
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Adebimpe Lateef Adekunle¹²,Ng Ian Ouii¹,Idris Mohd Yamani Idna¹,Okmi Mohammed¹³,Ku Chin Soon⁴^ORCID,Ang Tan Fong¹,Por Lip Yee¹^ORCID

Affiliation:

1. Department of Computer System and Technology, Faculty of Computer Science and Information Technology, Universiti Malaya, Kuala Lumpur 50603, Malaysia

2. Department of Computer Science, Emmanuel Alayande University of Education, Oyo 211225, Nigeria

3. Department of Information Technology and Security, Jazan University, Jazan 45142, Saudi Arabia

4. Department of Computer Science, Universiti Tunku Abdul Rahman, Kampar 31900, Malaysia

Abstract

The rapid advancement of information technology (IT) has given rise to a new era of efficient and fast communication and transactions. However, the increasing adoption of and reliance on IT has led to the exposure of personal and sensitive information online. Safeguarding this information against unauthorized access remains a persistent challenge, necessitating the implementation of improved computer security measures. The core objective of computer security is to ensure the confidentiality, availability, and integrity of data and services. Among the mechanisms developed to counter security threats, authentication stands out as a pivotal defense strategy. Graphical passwords have emerged as a popular authentication approach, yet they face vulnerability to shoulder-surfing attacks, wherein an attacker can clandestinely observe a victim’s actions. Shoulder-surfing attacks present a significant security challenge within the realm of graphical password authentication. These attacks occur when an unauthorized individual covertly observes the authentication process of a legitimate user by shoulder surfing the user or capturing the interaction through a video recording. In response to this challenge, various methods have been proposed to thwart shoulder-surfing attacks, each with distinct advantages and limitations. This study thus centers on reviewing the resilience of existing recognition-based graphical password techniques against shoulder-surfing attacks by conducting a comprehensive examination and evaluation of their benefits, strengths, and weaknesses. The evaluation process entailed accessing pertinent academic resources through renowned search engines, including Web of Science, Science Direct, IEEE Xplore, ProQuest, Scopus, Springer, Wiley Online Library, and EBSCO. The selection criteria were carefully designed to prioritize studies that focused on recognition-based graphical password methods. Through this rigorous approach, 28 studies were identified and subjected to a thorough review. The results show that fourteen of them adopted registered objects as pass-objects, bolstering security through object recognition. Additionally, two methods employed decoy objects as pass-objects, enhancing obfuscation. Notably, one technique harnessed both registered and decoy objects, amplifying the security paradigm. The results also showed that recognition-based graphical password techniques varied in their resistance to different types of shoulder-surfing attacks. Some methods were effective in preventing direct observation attacks, while others were vulnerable to video-recorded and multiple-observation attacks. This vulnerability emerged due to attackers potentially extracting key information by analyzing user interaction patterns in each challenge set. Notably, one method stood out as an exception, demonstrating resilience against all three types of shoulder-surfing attacks. In conclusion, this study contributes to a comprehensive understanding of the efficacy of recognition-based graphical password methods in countering shoulder-surfing attacks by analyzing the diverse strategies employed by these methods and revealing their strengths and weaknesses.

Funder

Universiti of Tunku Abdul Rahman in Malaysia

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/18/10040/pdf

Reference53 articles.

1. Faircloth, C., Hartzell, G., Callahan, N., and Bhunia, S. (2022, January 6–9). A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft. Proceedings of the 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA.

2. Development Status and Prospects of Graphical Password Authentication System in Korea;Yang;KSII Trans. Internet Inf. Syst.,2019

3. Siddiqui, M.U., Umar, M.S., and Siddiqui, M. (2018, January 14–15). A Novel Shoulder-Surfing Resistant Graphical Authentication Scheme. Proceedings of the 2018 4th International Conference on Computing Communication and Automation (ICCCA), Greater Noida, India.

4. Passblot: A highly scalable graphical one time password system;Gupta;Int. J. Netw. Secur. Appl.,2012

5. A Face Recognition and Graphical Password Based Hybrid Technique of Information Security;Wajid;Pak. J. Sci.,2018