Jebriel, Salem Meftah (2014) Empirical approach towards investigating usability, guessability and social factors affecting graphical based passwords security. PhD thesis, University of Glasgow.

Full text available as:

PDF Download (13MB)

Abstract

This thesis investigates the usability and security of recognition-based graphical authentication schemes in which users provide simple images. These images can either be drawn on paper and scanned into the computer, or alternatively, they can be created with a computer paint program.
In our first study, looked at how culture and gender might affect the types of images drawn. A large number of simple drawings were provided by Libyan, Scottish and Nigerian participants and then divided into categories. Our research found that many doodles (perhaps as many as 20%) contained clues about the participants’ own culture or gender. This figure could be reduced by providing simple guidelines on the types of drawings which should be avoided.
Our second study continued this theme and asked the participants to try to guess the culture of the person who provided the image. This provided examples of easily guessable and harder to guess images.
Our third study we built a system to automatically register simple images provided by users. This involved creating a website where the users could register their images and which they could later login to. Image analysis software was also written which corrected any mistakes the user might make when scanning in their images or using the Paint program. This research showed that it was possible to build an automatic registration system, and that users preferred using a paint tool rather than drawing on paper and then scanning in the drawing. This study also exposed poor security in some user habits, since many users kept their drawings or image files. This research represents one of the first studies of interference effects where users have to choose two different graphical passwords. Around half of the users provided very similar set of drawings.
The last study conducted an experiment to find the best way of avoiding ‘shoulder surfing’ attacks to security when selecting simple images during the login stage. Pairs of participants played the parts of the observer and the user logging in. The most secure approaches were selecting using a single keystroke and selecting rows and columns with two key strokes.

Item Type:	Thesis (PhD)
Qualification Level:	Doctoral
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software
Colleges/Schools:	College of Science and Engineering > School of Computing Science
Supervisor's Name:	Poet, Dr Ron
Date of Award:	2014
Depositing User:	Mr Salem Jebriel
Unique ID:	glathesis:2014-5399
Copyright:	Copyright of this thesis is held by the author.
Date Deposited:	06 Aug 2014 09:58
Last Modified:	06 Aug 2014 09:59
URI:	https://theses.gla.ac.uk/id/eprint/5399

Actions (login required)

View Item

Downloads