Cargando…
Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles
An alternative authentication method to traditional alphanumeric passwords is graphical password authentication, also known as graphical authentication, for which one of the most valuable cued-recall techniques is PassPoints. This technique stands out for its security and usability. However, it can...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8914638/ https://www.ncbi.nlm.nih.gov/pubmed/35271135 http://dx.doi.org/10.3390/s22051987 |
| _version_ | 1784667767458234368 |
|---|---|
| author | Suárez-Plasencia, Lisset Herrera-Macías, Joaquín Alberto Legón-Pérez, Carlos Miguel Sosa-Gómez, Guillermo Rojas, Omar |
| author_facet | Suárez-Plasencia, Lisset Herrera-Macías, Joaquín Alberto Legón-Pérez, Carlos Miguel Sosa-Gómez, Guillermo Rojas, Omar |
| author_sort | Suárez-Plasencia, Lisset |
| collection | PubMed |
| description | An alternative authentication method to traditional alphanumeric passwords is graphical password authentication, also known as graphical authentication, for which one of the most valuable cued-recall techniques is PassPoints. This technique stands out for its security and usability. However, it can be violated if the user follows a predefined pattern when selecting the five points in an image as their passwords, such as the DIAG and LINE patterns. Dictionary attacks can be built using these two patterns to compromise graphical passwords. So far, no reports have been found in the state of the art about any test capable of detecting graphical passwords with DIAG or LINE patterns in PassPoints. Studies carried out in other scenarios have shown the effectiveness of the characteristics of Delaunay triangulations in extracting information about the dependence between the points. In this work, graphical passwords formed by five randomly selected points on an image are compared with passwords whose points contain patterns of the DIAG or LINE type. The comparison is based on building for each password its Delaunay triangulation and calculating the mean value of the maximum angles of the triangles obtained; such a mean value is denoted by amadt. It is experimentally shown that in passwords containing DIAG and LINE patterns, the value of amadt is higher than the one obtained in passwords formed by random dots. From this result, it is proposed to use this amadt value as a statistic to build a test of means. This result constitutes the work’s main contribution: The proposal of a spatial randomness test to detect weak graphic passwords that contain DIAG and LINE type patterns. The importance and novelty of this result become evident when two aspects are taken into account: First, these weak passwords can be exploited by attackers to improve the effectiveness of their attacks; second, there are no prior criteria to detect this type of weak password. The practical application of said test contributes to increasing PassPoints security without substantially affecting its efficiency. |
| format | Online Article Text |
| id | pubmed-8914638 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-89146382022-03-12 Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles Suárez-Plasencia, Lisset Herrera-Macías, Joaquín Alberto Legón-Pérez, Carlos Miguel Sosa-Gómez, Guillermo Rojas, Omar Sensors (Basel) Article An alternative authentication method to traditional alphanumeric passwords is graphical password authentication, also known as graphical authentication, for which one of the most valuable cued-recall techniques is PassPoints. This technique stands out for its security and usability. However, it can be violated if the user follows a predefined pattern when selecting the five points in an image as their passwords, such as the DIAG and LINE patterns. Dictionary attacks can be built using these two patterns to compromise graphical passwords. So far, no reports have been found in the state of the art about any test capable of detecting graphical passwords with DIAG or LINE patterns in PassPoints. Studies carried out in other scenarios have shown the effectiveness of the characteristics of Delaunay triangulations in extracting information about the dependence between the points. In this work, graphical passwords formed by five randomly selected points on an image are compared with passwords whose points contain patterns of the DIAG or LINE type. The comparison is based on building for each password its Delaunay triangulation and calculating the mean value of the maximum angles of the triangles obtained; such a mean value is denoted by amadt. It is experimentally shown that in passwords containing DIAG and LINE patterns, the value of amadt is higher than the one obtained in passwords formed by random dots. From this result, it is proposed to use this amadt value as a statistic to build a test of means. This result constitutes the work’s main contribution: The proposal of a spatial randomness test to detect weak graphic passwords that contain DIAG and LINE type patterns. The importance and novelty of this result become evident when two aspects are taken into account: First, these weak passwords can be exploited by attackers to improve the effectiveness of their attacks; second, there are no prior criteria to detect this type of weak password. The practical application of said test contributes to increasing PassPoints security without substantially affecting its efficiency. MDPI 2022-03-03 /pmc/articles/PMC8914638/ /pubmed/35271135 http://dx.doi.org/10.3390/s22051987 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Suárez-Plasencia, Lisset Herrera-Macías, Joaquín Alberto Legón-Pérez, Carlos Miguel Sosa-Gómez, Guillermo Rojas, Omar Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles |
| title | Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles |
| title_full | Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles |
| title_fullStr | Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles |
| title_full_unstemmed | Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles |
| title_short | Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles |
| title_sort | detection of diag and line patterns in passpoints graphical passwords based on the maximum angles of their delaunay triangles |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8914638/ https://www.ncbi.nlm.nih.gov/pubmed/35271135 http://dx.doi.org/10.3390/s22051987 |
| work_keys_str_mv | AT suarezplasencialisset detectionofdiagandlinepatternsinpasspointsgraphicalpasswordsbasedonthemaximumanglesoftheirdelaunaytriangles AT herreramaciasjoaquinalberto detectionofdiagandlinepatternsinpasspointsgraphicalpasswordsbasedonthemaximumanglesoftheirdelaunaytriangles AT legonperezcarlosmiguel detectionofdiagandlinepatternsinpasspointsgraphicalpasswordsbasedonthemaximumanglesoftheirdelaunaytriangles AT sosagomezguillermo detectionofdiagandlinepatternsinpasspointsgraphicalpasswordsbasedonthemaximumanglesoftheirdelaunaytriangles AT rojasomar detectionofdiagandlinepatternsinpasspointsgraphicalpasswordsbasedonthemaximumanglesoftheirdelaunaytriangles |