RoundImage: Toward Secure Graphical Password Authentication via Rounded Image Selection in IoT

IF 8.9 1区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Xinyuan Qin;Wenjuan Li;Philip Rosenberg
{"title":"RoundImage: Toward Secure Graphical Password Authentication via Rounded Image Selection in IoT","authors":"Xinyuan Qin;Wenjuan Li;Philip Rosenberg","doi":"10.1109/JIOT.2025.3547816","DOIUrl":null,"url":null,"abstract":"User authentication is a basic security mechanism under Internet-of-Things (IoT) environments, which means to verify whether the logging user is legitimate or not. Due to known limitations of existing password-based authentication, graphical password is one promising solution to enhance the current user authentication process in IoT. However, it is an open question how to design a usable and robust graphical password scheme. In this work, we introduce RoundImage, a graphical password scheme that requires users to select images in rounds (e.g., three rounds) for authentication. It can resist against some typical threats, such as shoulder-surfing attacks and provide fault tolerance. In the evaluation, we set up an IoT scenario and test its performance with 100 participants. The results demonstrate the usability and potential of our scheme in a practical IoT environment.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 12","pages":"20473-20483"},"PeriodicalIF":8.9000,"publicationDate":"2025-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10909653","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10909653/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

User authentication is a basic security mechanism under Internet-of-Things (IoT) environments, which means to verify whether the logging user is legitimate or not. Due to known limitations of existing password-based authentication, graphical password is one promising solution to enhance the current user authentication process in IoT. However, it is an open question how to design a usable and robust graphical password scheme. In this work, we introduce RoundImage, a graphical password scheme that requires users to select images in rounds (e.g., three rounds) for authentication. It can resist against some typical threats, such as shoulder-surfing attacks and provide fault tolerance. In the evaluation, we set up an IoT scenario and test its performance with 100 participants. The results demonstrate the usability and potential of our scheme in a practical IoT environment.
RoundImage:在物联网中通过圆角图像选择实现安全图形密码认证
用户身份验证是物联网环境下的一种基本安全机制,用于验证登录用户是否合法。由于现有的基于密码的身份验证存在已知的局限性,图形密码是增强物联网中当前用户身份验证过程的一种有前途的解决方案。然而,如何设计一个可用且健壮的图形密码方案是一个悬而未决的问题。在这项工作中,我们介绍了RoundImage,这是一种图形密码方案,要求用户每轮(例如,三轮)选择图像进行身份验证。它可以抵御一些典型的威胁,例如肩扛式攻击,并提供容错功能。在评估中,我们建立了一个物联网场景,并与100名参与者一起测试其性能。结果证明了我们的方案在实际物联网环境中的可用性和潜力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Internet of Things Journal
IEEE Internet of Things Journal Computer Science-Information Systems
CiteScore
17.60
自引率
13.20%
发文量
1982
期刊介绍: The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信