Authors: Arash Habibi Lashkari, Azizah Abdul Manaf, Maslin Masrom

Abstract:

In today's day and age, one of the important topics in information security is authentication. There are several alternatives to text-based authentication of which includes Graphical Password (GP) or Graphical User Authentication (GUA). These methods stems from the fact that humans recognized and remembers images better than alphanumerical text characters. This paper will focus on the security aspect of GP algorithms and what most researchers have been working on trying to define these security features and attributes. The goal of this study is to develop a fuzzy decision model that allows automatic selection of available GP algorithms by taking into considerations the subjective judgments of the decision makers who are more than 50 postgraduate students of computer science. The approach that is being proposed is based on the Fuzzy Analytic Hierarchy Process (FAHP) which determines the criteria weight as a linear formula.

Keywords: Graphical Password, Authentication Security, Attack Patterns, Brute force attack, Dictionary attack, Guessing Attack, Spyware attack, Shoulder surfing attack, Social engineering Attack, Password Entropy, Password Space.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1057661

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1895

References:

[1] Lashkari, A.H. and F. Towhidi, Graphical User Authentication (GUA). 2010: Lambert Academic Publisher.
[2] Lashkari, A.H., et al., Shoulder Surfing attack in graphical password authentication. 2009, International Journal of Computer Science and Information Security (IJCSIS).
[3] Lashkari, A.H., et al., Security Evaluation for Graphical Password, in The International Conference on Digital Information and Communication Technology and its Applications (DICTAP2011). 2011, Communications in Computer and Information Science (CCIS) Series of Springer LNCS: Université de Bourgogne, France.
[4] Saaty, T.L., How to make a decision: The Analytic Hierarchy Process. European Journal of Operational Research 1990. 48 p. 9-26.
[5] Nguyen, H.T. and E.A. Walker, A First Course in Fuzzy Logic. 1997: CRC Press.
[6] Klir, G.J. and B. Yuan, Fuzzy Sets and Fuzzy Logic Theory and Applications. 1995, New Jersey: Prentice Hall.
[7] Zimmermann, H.-J., Fuzzy Set Theory and its Applications. Third Edition ed. 1996: Kluwer Academic Publishers.
[8] Ball─▒, S. and S. Koruko─ƒlu, Operating System Selection using Fuzzy AHP and Topsis Methods. Mathematical and Computational Applications, 2009. 14(2): p. 119-130.
[9] Wang, Y.-M. and T.M.S. Elhag, Fuzzy TOPSIS method based on alpha level sets with an application to bridge risk assessment. Expert Systems with Applications, 2006. 31.
[10] Kreng, V.B. and C.Y. Wu, Evaluation of knowledge portal development tools using a fuzzy AHP approach: The case of Taiwanese stone industry. European Journal of Operational Research, 2005.
[11] Erensala, Y.C., T. Öncanb, and M.L. Demircan, Determining key capabilities in technology management using fuzzy analytic hierarchy process: A case study of Turkey. Information Sciences, 2006. 176(18): p. 2755-2770
[12] Kahraman, C., U. Cebeci, and D. Ruan, Multi-attribute comparison of catering service companies using fuzzy AHP: The case of Turkey. International Journal of Production Economics, 2004. 87.
[13] Leung, L.C. and D. Cao, On consistency and ranking of alternatives in fuzzy AHP. European Journal of Operational Research, 2000. 124: p. 102-113.