Authentication by cued recall on image recognition

Abstract

Graphical passwords have been studied by a variety of methods. According to the psychological beliefs, human can remember an image better than text. Therefore, clicking on a graphical password is easier than typing a text password. Moreover, graphical password can avoid the limitation of text password. This research introduces a method for improving the security of authentication by using a blurred image with a cue as a graphical password that is an integration of recognition-based graphical password and cued-recall based graphical passwords together. The objective of this research was to compare the recall and guessing rates of the proposed scheme with the recall rate and the guessing rate of the Use Your Illusion (UYI) scheme. The proposed method randomly selects a new set of images every time from the user register database when a registered user logs ins. The aim was to reduce the chance of an attacker guessing the correct graphical password. Furthermore, this research utilized the Diffie-Hellman algorithm to compute the position of the secret image. The secret image was used to merge with the selected graphical password. The research also utilized a hash algorithm to create a graphic digest for resisting the message masquerade and reducing the transmission time. This proposed scheme utilized SSL/TLS to maintain security.

Based on the simulation study, the findings indicated that the recall rate of the proposed scheme was better than the recall rate of the UYI scheme and the system login time was lower with the proposed graphical passwords with UYI graphical passwords. However, the guessing rates of these schemes were very similar.