Aljahdali, Hani Moaiteq (2015) Using cultural familiarity for usable and secure recognition-based graphical passwords. PhD thesis, University of Glasgow.

Due to Embargo and/or Third Party Copyright restrictions, this thesis is not available in this service.

Abstract

Recognition-based graphical passwords (RBGPs) are a promising alternative to alphanumeric passwords for user authentication. The literature presented several schemes in order to find the best types of pictures in terms of usability and security. This thesis contributes the positive use of cultural familiarity with pictures for usable and secure recognition-based graphical passwords in two different countries: Scotland and Saudi Arabia.

This thesis presents an evaluation of a culturally-familiar graphical password scheme (CFGPS). This scheme is based on pictures that represent the daily life in different cultures. Those pictures were selected from a database containing 797 pictures representing the cultures of 30 countries. This database was created as the first step in this thesis from the responses of 263 questionnaires.

The evaluation of the scheme goes through five phases: registration phase, usability phase, security phase, interviews phase, and guidelines phase. In the registration phase, a web-based study was conducted to determine the cultural familiarity impact on choosing the pictures for the GPs. A large number of participants (Saudi and Scottish) registered their GPs. The results showed that users were highly affected by their culture when they chose pictures for their GPs; however, the Saudis were significantly more affected by their culture than the Scottish. This study showed the developers the importance of having a selection of pictures that are as familiar as possible to users in order to create suitable GPs.

In the usability phase, the participants were asked to log in with their GPs three months after the registration phase. The main results showed that the memorability rate for GPs consisting only of pictures belonging to participants’ culture was higher than the memorability rate for GPs consisting of pictures that did not belong to participants’ culture. However, there was no evidence regarding a cultural familiarity effect on login time. In the security phase, a within-subject user study was conducted to examine the security of culturally-familiar GPs against educated guessing attacks. This study was also the first attempt to investigate the risk of using personal information shared by users on social networks to guess their GPs. The results showed high guessability for CFGPs.

The interviews phase evaluated the qualitative aspects of the CFGP password in order to improve its performance. In-depth interviews with the users of the scheme suggested guidelines for both developers and users to increase the usability and security of the scheme. Those guidelines are not exclusive to the culturally-familiar scheme, as they can be used for all RBGP schemes.

Finally, as one of the instructions stated in the developers’ guidelines, different challenge sets’ designs were evaluated based on their cultural familiarity to users. The results showed a high usability of the culturally-familiar challenge set while the security target was met in the culturally-unfamiliar challenge set. To balance between these two factors, following the user guidelines covered the weaknesses of both designs.

Item Type:	Thesis (PhD)
Qualification Level:	Doctoral
Additional Information:	Due to copyright restrictions the full text of this thesis cannot be made available online. Access to the printed version is available.
Keywords:	Authentication, Graphical Password, Recognition-based, Information Security, Familiarity, Cultural Familairty.
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software
Colleges/Schools:	College of Science and Engineering > School of Computing Science
Supervisor's Name:	Poet, Dr. Ron
Date of Award:	2015
Depositing User:	Mr. HANI M ALJAHDALI
Unique ID:	glathesis:2015-6288
Copyright:	Copyright of this thesis is held by the author.
Date Deposited:	30 Apr 2015 13:09
Last Modified:	02 May 2018 14:42
URI:	https://theses.gla.ac.uk/id/eprint/6288

Actions (login required)

View Item

Downloads