Title :
Make mine a quadruple: Strengthening the security of graphical one-time PIN authentication
Author :
Jhawar, Ravi ; Inglesant, Philip ; Courtois, Nicolas ; Sasse, M. Angela
Author_Institution :
Dept. of Comput. Sci., Univ. Coll. London, London, UK
Abstract :
Secure and reliable authentication is an essential prerequisite for many online systems, yet achieving this in a way which is acceptable to customers remains a challenge. GrIDsure, a one-time PIN scheme using random grids and personal patterns, has been proposed as a way to overcome some of these challenges. We present an analytical study which demonstrates that GrIDsure in its current form is vulnerable to interception. To strengthen the scheme, we propose a way to fortify GrIDsure against Man-in-the-Middle attacks through (i) an additional secret transmitted out-of-band and (ii) multiple patterns. Since the need to recall multiple patterns increases user workload, we evaluated user performance with multiple captures with 26 participants making 15 authentication attempts each over a 3-week period. In contrast with other research into the use of multiple graphical passwords, we find no significant difference in the usability of GrIDsure with single and with multiple patterns.
Keywords :
authorisation; message authentication; GrIDsure; graphical one-time PIN authentication security; man-in-the-middle attacks; personal patterns; random grids; reliable authentication; secret transmitted out-of-band; user performance evaluation; Authentication; Entropy; Pattern matching; Pins; Resistance; Usability; Entropy; GrIDsure; Graphical Passwords; Man-in-the-Middle; Usable Security; one-time PINs;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6059963
