Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks

IF 2.5 4区 综合性期刊 Q2 CHEMISTRY, MULTIDISCIPLINARY
L. A. Adebimpe, Ian Ouii Ng, Mohd Yamani Idna Idris, Mohammed Okmi, Chin Soon Ku, T. F. Ang, L. Y. Por
{"title":"Systemic Literature Review of Recognition-Based Authentication Method Resistivity to Shoulder-Surfing Attacks","authors":"L. A. Adebimpe, Ian Ouii Ng, Mohd Yamani Idna Idris, Mohammed Okmi, Chin Soon Ku, T. F. Ang, L. Y. Por","doi":"10.3390/app131810040","DOIUrl":null,"url":null,"abstract":"The rapid advancement of information technology (IT) has given rise to a new era of efficient and fast communication and transactions. However, the increasing adoption of and reliance on IT has led to the exposure of personal and sensitive information online. Safeguarding this information against unauthorized access remains a persistent challenge, necessitating the implementation of improved computer security measures. The core objective of computer security is to ensure the confidentiality, availability, and integrity of data and services. Among the mechanisms developed to counter security threats, authentication stands out as a pivotal defense strategy. Graphical passwords have emerged as a popular authentication approach, yet they face vulnerability to shoulder-surfing attacks, wherein an attacker can clandestinely observe a victim’s actions. Shoulder-surfing attacks present a significant security challenge within the realm of graphical password authentication. These attacks occur when an unauthorized individual covertly observes the authentication process of a legitimate user by shoulder surfing the user or capturing the interaction through a video recording. In response to this challenge, various methods have been proposed to thwart shoulder-surfing attacks, each with distinct advantages and limitations. This study thus centers on reviewing the resilience of existing recognition-based graphical password techniques against shoulder-surfing attacks by conducting a comprehensive examination and evaluation of their benefits, strengths, and weaknesses. The evaluation process entailed accessing pertinent academic resources through renowned search engines, including Web of Science, Science Direct, IEEE Xplore, ProQuest, Scopus, Springer, Wiley Online Library, and EBSCO. The selection criteria were carefully designed to prioritize studies that focused on recognition-based graphical password methods. Through this rigorous approach, 28 studies were identified and subjected to a thorough review. The results show that fourteen of them adopted registered objects as pass-objects, bolstering security through object recognition. Additionally, two methods employed decoy objects as pass-objects, enhancing obfuscation. Notably, one technique harnessed both registered and decoy objects, amplifying the security paradigm. The results also showed that recognition-based graphical password techniques varied in their resistance to different types of shoulder-surfing attacks. Some methods were effective in preventing direct observation attacks, while others were vulnerable to video-recorded and multiple-observation attacks. This vulnerability emerged due to attackers potentially extracting key information by analyzing user interaction patterns in each challenge set. Notably, one method stood out as an exception, demonstrating resilience against all three types of shoulder-surfing attacks. In conclusion, this study contributes to a comprehensive understanding of the efficacy of recognition-based graphical password methods in countering shoulder-surfing attacks by analyzing the diverse strategies employed by these methods and revealing their strengths and weaknesses.","PeriodicalId":48760,"journal":{"name":"Applied Sciences-Basel","volume":null,"pages":null},"PeriodicalIF":2.5000,"publicationDate":"2023-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Sciences-Basel","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.3390/app131810040","RegionNum":4,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0

Abstract

The rapid advancement of information technology (IT) has given rise to a new era of efficient and fast communication and transactions. However, the increasing adoption of and reliance on IT has led to the exposure of personal and sensitive information online. Safeguarding this information against unauthorized access remains a persistent challenge, necessitating the implementation of improved computer security measures. The core objective of computer security is to ensure the confidentiality, availability, and integrity of data and services. Among the mechanisms developed to counter security threats, authentication stands out as a pivotal defense strategy. Graphical passwords have emerged as a popular authentication approach, yet they face vulnerability to shoulder-surfing attacks, wherein an attacker can clandestinely observe a victim’s actions. Shoulder-surfing attacks present a significant security challenge within the realm of graphical password authentication. These attacks occur when an unauthorized individual covertly observes the authentication process of a legitimate user by shoulder surfing the user or capturing the interaction through a video recording. In response to this challenge, various methods have been proposed to thwart shoulder-surfing attacks, each with distinct advantages and limitations. This study thus centers on reviewing the resilience of existing recognition-based graphical password techniques against shoulder-surfing attacks by conducting a comprehensive examination and evaluation of their benefits, strengths, and weaknesses. The evaluation process entailed accessing pertinent academic resources through renowned search engines, including Web of Science, Science Direct, IEEE Xplore, ProQuest, Scopus, Springer, Wiley Online Library, and EBSCO. The selection criteria were carefully designed to prioritize studies that focused on recognition-based graphical password methods. Through this rigorous approach, 28 studies were identified and subjected to a thorough review. The results show that fourteen of them adopted registered objects as pass-objects, bolstering security through object recognition. Additionally, two methods employed decoy objects as pass-objects, enhancing obfuscation. Notably, one technique harnessed both registered and decoy objects, amplifying the security paradigm. The results also showed that recognition-based graphical password techniques varied in their resistance to different types of shoulder-surfing attacks. Some methods were effective in preventing direct observation attacks, while others were vulnerable to video-recorded and multiple-observation attacks. This vulnerability emerged due to attackers potentially extracting key information by analyzing user interaction patterns in each challenge set. Notably, one method stood out as an exception, demonstrating resilience against all three types of shoulder-surfing attacks. In conclusion, this study contributes to a comprehensive understanding of the efficacy of recognition-based graphical password methods in countering shoulder-surfing attacks by analyzing the diverse strategies employed by these methods and revealing their strengths and weaknesses.
基于识别的认证方法抗肩部冲浪攻击的系统文献综述
信息技术的飞速发展带来了一个高效快捷的通信和交易的新时代。然而,对信息技术的日益采用和依赖导致个人和敏感信息在网上暴露。保护这些资料不受未经授权的查阅,仍是一项长期的挑战,因此必须实施更完善的电脑保安措施。计算机安全的核心目标是确保数据和服务的机密性、可用性和完整性。在为应对安全威胁而开发的机制中,身份验证作为一种关键的防御策略脱颖而出。图形密码已经成为一种流行的身份验证方法,但它们面临着肩冲浪攻击的脆弱性,攻击者可以秘密地观察受害者的行为。肩冲浪攻击在图形密码身份验证领域提出了重大的安全挑战。当未经授权的个人暗中观察合法用户的身份验证过程时,就会发生这些攻击,方法是通过肩部浏览用户或通过视频记录捕获交互。为了应对这一挑战,人们提出了各种方法来阻止肩部冲浪攻击,每种方法都有不同的优点和局限性。因此,本研究的重点是通过对现有的基于识别的图形密码技术的优点、优点和缺点进行全面的检查和评估,来审查其抗肩冲浪攻击的弹性。评估过程需要通过著名的搜索引擎访问相关的学术资源,包括Web of Science、Science Direct、IEEE Xplore、ProQuest、Scopus、施普林格、Wiley Online Library和EBSCO。选择标准经过精心设计,以优先考虑基于识别的图形密码方法的研究。通过这种严格的方法,确定了28项研究并对其进行了彻底审查。结果表明,其中14个采用注册对象作为通过对象,通过对象识别增强了安全性。另外,两种方法采用诱饵对象作为传递对象,增强了混淆。值得注意的是,有一种技术同时利用了注册对象和诱饵对象,从而放大了安全性范例。研究结果还表明,基于识别的图形密码技术在抵御不同类型的肩冲浪攻击方面存在差异。一些方法在防止直接观察攻击方面是有效的,而另一些方法则容易受到视频记录和多重观察攻击。此漏洞的出现是由于攻击者可能通过分析每个挑战集中的用户交互模式来提取关键信息。值得注意的是,有一种方法作为例外脱颖而出,展示了对所有三种类型的肩部冲浪攻击的弹性。总之,本研究通过分析这些方法采用的不同策略并揭示其优缺点,有助于全面了解基于识别的图形密码方法在对抗肩部冲浪攻击中的功效。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Applied Sciences-Basel
Applied Sciences-Basel CHEMISTRY, MULTIDISCIPLINARYMATERIALS SCIE-MATERIALS SCIENCE, MULTIDISCIPLINARY
CiteScore
5.30
自引率
11.10%
发文量
10882
期刊介绍: Applied Sciences (ISSN 2076-3417) provides an advanced forum on all aspects of applied natural sciences. It publishes reviews, research papers and communications. Our aim is to encourage scientists to publish their experimental and theoretical results in as much detail as possible. There is no restriction on the length of the papers. The full experimental details must be provided so that the results can be reproduced. Electronic files and software regarding the full details of the calculation or experimental procedure, if unable to be published in a normal way, can be deposited as supplementary electronic material.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信