| Shoulder-surfing is a known risk where an attacker can capture a password bydirect observation or by recording the authentication session. Due to the visual interface,this problem has become exacerbated in graphical passwords. However, most of theexisting graphical password schemes are vulnerable to shoulder-surfing. There havebeen some graphical schemes resistant or immune to shoulder-surfing, but they havesignificant usability drawbacks, usually in the effort and time to log in, or inmemorability, which obstruct their popularity.In this paper, we propose a new shoulder-surfing resistant graphical passwordscheme, called CDS (Come from DAS and Story), which has a desirable usability forhandheld devices, such as PDAs. As an extension and improvement of DAS and Story,CDS inherits the drawing method in DAS and the sequential components in Storytogether with the association mnemonics for sequence retrieval. By introducingredundant information in authentication, CDS provides a resistance to shoulder-surfing.Furthermore, it randomly selects two images as the origin and terminal positions for theinput and dynamically erases the drawing trace, to avoid revealing passwords throughusers‘behavior. In addition, the complementary measures in CDS such as the randomdistribution of images, use of degraded images, limitation to the drawing trace length,improve the security further. Besides the design principle, the paper also presents thedetailed implementation of CDS, based on which a series of experiments are conducted.The experiment results and the associate analysis illustrate that CDS can protectpasswords against human observation, and users can create passwords successfully aswell as remember them over time. |
PDF Full Text Request