{"title":"RoundImage: Toward Secure Graphical Password Authentication via Rounded Image Selection in IoT","authors":"Xinyuan Qin;Wenjuan Li;Philip Rosenberg","doi":"10.1109/JIOT.2025.3547816","DOIUrl":null,"url":null,"abstract":"User authentication is a basic security mechanism under Internet-of-Things (IoT) environments, which means to verify whether the logging user is legitimate or not. Due to known limitations of existing password-based authentication, graphical password is one promising solution to enhance the current user authentication process in IoT. However, it is an open question how to design a usable and robust graphical password scheme. In this work, we introduce RoundImage, a graphical password scheme that requires users to select images in rounds (e.g., three rounds) for authentication. It can resist against some typical threats, such as shoulder-surfing attacks and provide fault tolerance. In the evaluation, we set up an IoT scenario and test its performance with 100 participants. The results demonstrate the usability and potential of our scheme in a practical IoT environment.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 12","pages":"20473-20483"},"PeriodicalIF":8.9000,"publicationDate":"2025-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10909653","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10909653/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
User authentication is a basic security mechanism under Internet-of-Things (IoT) environments, which means to verify whether the logging user is legitimate or not. Due to known limitations of existing password-based authentication, graphical password is one promising solution to enhance the current user authentication process in IoT. However, it is an open question how to design a usable and robust graphical password scheme. In this work, we introduce RoundImage, a graphical password scheme that requires users to select images in rounds (e.g., three rounds) for authentication. It can resist against some typical threats, such as shoulder-surfing attacks and provide fault tolerance. In the evaluation, we set up an IoT scenario and test its performance with 100 participants. The results demonstrate the usability and potential of our scheme in a practical IoT environment.
期刊介绍:
The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.