Purpose: To determine the effects of grid size on authentication time and to compare results using two models, fill based (colour) and magnitude based (tile)
Parameters: The four grid sizes 2, 3, 4 and 5.
This experiment is designed to investigate the possibility that significant variations in mean authentication time will be observed across the various grid sizes of property based graphical authentication systems. In the course of this project, except where explicitly acknowledged, a fixed grid size of 3 (9 image grid) and step size of 2 (2 authentication steps) have been consistently used as control variables. This has helped in providing some form of control to the allocation of research variables to support the overall consistency of the results in the course of this work. In all the developed prototypes of property based systems, however, there are up to four grid size options to select from. Can the variation in grid sizes, if employed by system users, have any effect on the magnitude of a user’s authentication time? Grid size is an important parameter in the calculation of the password space of any authentication system.
5.8.1 Main Hypotheses
The experiment investigates the relation between grid size and authentication time (total login time and average login time). A number of hypotheses in relation to the relationship between the independent variables (grid sizes, 2, 3, 4 and 5) and the dependent variables (total authentication time and average authentication time) have been made. These hypotheses are
Ho1: None of the grid sizes will incur significantly greater mean total authentication time than other grid sizes.
H1: That at least one of the grid sizes will incur significantly greater mean total authentication time than the other grid sizes.
Ho2: None of the grid sizes will incur significantly greater mean average authentication time than other grid sizes.
H2: That at least one of the grid sizes will incur significantly greater mean average authentication time than the other grid sizes.
5.8.2 Research Participants
Thirty participants from a university’s undergraduate science student population, 18 male and 12 female, were recruited for a between users study of the various grid sizes. All participants were between the ages of 19 and 35 years and each has at least one email and one bank account, hence, each participant has at least one online password and one numerical PIN and thus has an experience in the use of passwords. All participants also claimed to have used computers and the internet for between one and six years and were thus all experienced in the use of computers. The use of a student population ensured little disparity in computing expertise among members of the participant population.
5.8.3 Experimental Design
A within users design was used for the experiment in which thirty participants were recruited and each was asked to create a password and then authenticate himself four times using the colour based model of the system prototype. In each of the four registration and login attempts, the participant selects a different grid size. As each participant uses the same authentication model for each of the four grid sizes, the design, procedure and layout of the system remains the same for all sessions. The only parameter that changes across authentication sessions is the grid size.
5.8.4 Experimental Variables
The independent variables in this experiment are the four grid size (NxN) options: 2, 3, 4, and 5. A grid size of 2 represents 4 images, 3 represents 9 images, 4 represents 16 images and 5 represents 25 images in the image selection grid. The dependent variable are the two timing variables representing the total and average authentication times automatically logged onto the system. The control variable is the number of authentication steps which remained fixed at 2.
5.8.5 Apparatus and Materials
• An ASUS N55s laptop PC running windows 10, 6. 00 GB RAM and 15.6” monitor
• A colour based prototype of the property based system installed on the system.
• An information sheet that provides the participants with information about the experiment and what they are expected to do.
• No questionnaires are issued for this experiment.
5.8.6 Experimental Procedure
The experiment was conducted as follows: The participants were recruited by means of a recruitment form. A consent form was provided to each of the participants to sign and confirm their consent before the conduct of the experiments.
There are basically two operations to be performed at each stage of the experiment on each of the four experimental conditions (four grid sizes) to be used in the experiment. These are subdivided into a number of tasks which include:
1. The registration phase
✓ Click on the “sign up” button
✓ Enter a chosen username in the textbox provided
✓ Select the number of authentication steps to be used in the experiment (which is 2)
✓ Select grid size (2, 3, 4, or 5, depending on the session)
✓ Select image properties for step 1 in the image properties window
✓ Select image properties for step 2 in the image properties window
2. The authentication phase
✓ Enter your chosen username in the textbox provided
✓ Click on the “continue” button
✓ Click on the “continue” button
✓ Select image for step 2 in the step 1 image grid
✓ Click on the “continue” button
The laboratory setting was selected for the experiment for ease of control and to the give the participants the desired isolation in doing the needed tasks without distraction while still using the systems in an environment they are familiar with. Each of the participants was made to undertake the tasks individually interference.
5.8.7 Experimental Results for Experiment 5
A one-way analysis of variance (ANOVA) was performed (Appendix 5) on the data set to compare the means of the dependent variables and to determine the statistical significance of the relationship between the independent variable (four grid sizes) and the dependent variable (total and average authentication times) in the data set. A Tukey post hoc test was done to determine the exact related variables and the statistical significance of the relationship.
From the ANOVA analysis it could be seen that significant mean variation was recorded for both the total login time between groups and the average login time between groups [F(3,116) = 2.744, p=0.046] for both variables. The Tukey post hoc test reveals that the mean login time varies significantly between grid size n=2 (condition 2, M = 17637.60, SD = 15851.669) and n=5 (condition 5, M = 36196.23, SD = 27092.755), p = 0.038 and the mean average login time varies significantly between grid size n=2 (condition 2, M = 8819.10, SD = 7925.849) and n=5 (condition 5, M = 18098.40, SD = 18773.146), p = 0.038. No statistically significant mean variation was recorded for any other pair of experimental conditions.
5.8.8 Discussion of Results for Experiment 5
The details of the results in appendix 5 indicate statistically significant mean variation between the grid size of 2 and the grid size of 5 in both total login time and average login time. Hence both of the null hypotheses (Ho1 and Ho2) that none of the grid sizes will incur significantly greater mean total and average authentication times than the other grid sizes had to be dropped. Looking at the results in appendix 5, however, one can observe that the mean total and average authentication times have increase steadily from grid size 2 to grid size 5. The increase between successive grid sizes, i.e., between 2 and 3 (17637.60 and 31383.10), between 3 and 4 (31383.10 and 31557.40) and between 4 and 5 (31557.40 and 36196.23), for the login time, have not been marked to be statistically significant. The same applies to the mean variation in average login time between
successive steps 2 and 3 (8819.10 and 15691.87), 3 and 4 (15691.87 and 15778.87), and 4 and 5 (15778.87 and 18098.40).
The grid size of 2 is the smallest grid size with just 4 images and the grid size of 5 is the largest with 25 images. It is thus hypothesized that a significant amount of time variation will be observed between the two variables as it will take more time to locate a user’s pass image in the 25 image grid as compared to the 4 image grid.