• No results found

Recall-based Graphical Passwords

2.3 Alphanumeric Passwords

2.4.1 Recall-based Graphical Passwords

Recall-based graphical passwords require users to remember credentials in the absence of a memory cue (thus deployments of alphanumeric passwords are also usually recall- based). This genre of graphical password was proposed with the aim of generating credentials with crypto level [5] entropy and as such can be deployed in the modes of both local and direct authentication. Draw a Secret (DAS) [68] is the exemplar recall- based system and was proposed to exploit the stylus capability of Personal Digital Assistants (PDAs). At the enrolment phase the user is presented with an nxn grid and is asked to draw something memorable within its boundaries; the drawing is encoded internally as a sequence of cells (x, y) crossed by the pen of the user punctuated by pen lift events which are represented in the as (n + 1, n + 1) (see Figure 3). The benefit of such a raw encoding, when contrasted with more sophisticated methods of pattern matching, is that the raw encoding is exactly reproducible by the user without the need for an exact visual correspondence between the enrolled drawing and the authentication attempt. As a result, the encoded drawing can be used as an encryption key and can be securely stored using a one-way function [32]: a function that is easy to compute but prohibitively difficult to invert. In order to authenticate using the enrolled drawing, the user must re-sketch the drawing ensuring the same grid cells are crossed in the same order, and the pen is lifted at the same points in the sequence. However, one usability constraint is that users are not permitted to draw into so-called fuzzy boundaries, areas of the grid that could lead to complexity being added to the drawing that is difficult to replicate later (e.g. lines cutting cell intersections or cell borders) as illustrated in Figure 4.

An authentication mechanism that represents a constrained instantiation of DAS is available on the Google Android platform for local authentication to touchscreen devices. This system presents a 3x3 grid, and users are restricted to the creation of patterns comprised of straight lines. In addition this variant restricts users to a single stroke and only allows users to visit each of the nine cells once. The formula used to calculate the DAS password space [68] can be modified to calculate the password space of the Android patterns; the full password space is 18.6 bits. Such a small password space is still suitable for local authentication when a restriction is enforced upon the number of permitted incorrect attempts to safeguard against guessing attacks.

Figure 3: An example of a DAS [68] graphical password that has a single stroke and length of seven. The raw encoding of the drawing is (2,2) (2,3) (3,3) (3,2) (2,2) (1,2) (5,5).

Figure 4: Examples of lines that cross fuzzy boundaries in the DAS system. Such lines would difficult for users to recreate according to the rules of DAS due to proximity to the cell boundaries.

2.4.1.1 Security of Recall-based Graphical Passwords

DAS is the canonical recall-based graphical password system; studies have been con- ducted into its theoretical security in terms of its password space, however relatively few conducted with respect to other attack vectors; a summary of the possible threats is as follows:

• Replay Attack: the credentials can be used by an unauthorised person.

• Dictionary Attack: where user choice is allowed, there may be a vulnerability to guessing attacks.

• Brute Force Attack: where users choose credentials from a predictable set, it may be possible to mount a guessing attack using all possible graphical passwords passwords.

• Phishing: users may be tricked to provide their graphical password to unautho- rised services.

• Observation attack: observation of a single login may reveal enough information to facilitate a replay attack [151].

The theoretical password space for DAS is large (or as large as user motivation allows). The key determinants of the security of a DAS graphical password are: (i) length: the number of cells crossed in the drawing; and (ii) stroke count: the number of separate lines, captured as the number of pen-up events; a drawing that crosses 11 cells has 53 bits of entropy, which is greater than an eight character password drawn from the full ASCII set. As with alphanumeric passwords, the threat of automated guessing attacks has been prioritised as the most significant threat. Thorpe and Van Oorschot [131] studied the password space of DAS and determined that the number of strokes present in a drawing had a greater security impact than the length of a drawing; this led to the recommendation that for a drawing of length L the stroke count should be at least L/2. In later work [130], the same authors proposed that the theoretical password space of a knowledge-based authentication system has little significance if users are shown to choose credentials from a much smaller memorable password space (as observed with alphanumeric passwords). To illustrate this point in a graphical password context, they constrained their analysis to drawings of maximum length 12 and approximated the memorable password space for DAS using the set of possible mirror symmetric drawings. In fact, their smallest attack dictionary assumed mirror symmetry about the centre horizontal and vertical axes, which reduced the theoretical password space from 57 bits to 42 bits; although, this is still a large attack dictionary. Such results are striking but the predicted biases were not born out of empirical evidence with users of DAS. Nali and Thorpe [88] report the results of a small empirical study of DAS which used a 6x6 grid in which 45% of drawings collected were symmetric and 80% of drawings had a small number of strokes (1-3) which provided preliminary evidence that earlier theoretical predictions may be born out in practice.

When gathering empirical data from the usage of graphical password mechanisms, the most common way to reason over usability is to measure the memory accuracy of the user who has been tasked to remember authentication credentials across a period of time. The end measurement is usually referred to as the success rate S which can typically be calculated in two ways: a function of the number of successful and unsuccessful login attempts recorded across all study participants Sa; or the fraction of

users who were able to authenticate successfully using a particular system (irrespective of the number of attempts required) Sp.

Sa = |attemptss| |attempts| (1) Sp = |userss| |users| (2)

Equation 1 is most commonly used2, where attempts refers to all authentication

attempts (successful and unsuccessful) recorded across all users of a system, and

Figure 5: The Pass-Go [127] system requires users select cell intersections to assemble a graphical password.

attemptss refers to the subset of those attempts that resulted in successful authenti-

cation. In Equation 2 users refers to the set of users who were asked to use a system and userss refers to the set of users who were able to authenticate successfully.

Tao and Adams [127] propose Pass-Go, a system based upon a Chinese board game; the system is designed to provide a larger password space than DAS, and overcome the likely usability issues caused by fuzzy boundaries (see Figure 5). In a user study with 167 computer science students across 13 weeks the success rate was 78%.

Due to the difficulty of executing automated guessing attacks upon credentials perceived to be strong, it is likely that much less sophisticated attacks such as obser- vation attack become more attractive. Zakaria et al. [151] explored how interaction design could help to secure DAS for observation attack. They empirically evaluated a number of defence techniques: disappearing strokes: where each stroke would dis- appear after it was completed; decoy strokes: where randomly positioned and shaped strokes would appear on screen for obfuscation; and line snaking: where the tail of the stroke fades away whilst the user is still in the process of drawing. In an empirical study they identified the disappearing stroke technique as providing the best balance between usability and security, and that the decoy stroke technique provided little protection.

2.4.1.2 Summary

DAS is a promising candidate to enable users to choose and remember high entropy authentication credentials, as proposed attack dictionaries still appear prohibitively large. However, research to-date has focused upon theoretical analysis of the password

space and the prediction of biases that could reduce this space in practice [130]. Such predicted weakness has been observed to some extent in a small study [88], however, no formal empirical studies have been conducted to explore likely user behaviour with this system to determine the types of drawings users are likely to create, if such drawings are memorable, or if scaffolding can be provided to support the choice of drawings that are difficult to predict. Such research would be important to determine whether in practice DAS and potential variants would be usable and secure in practice.