International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue4 pp 076-083
July 2012
www.ijsret.org
ISSN 2278 - 0882
CHESS GAME AS A TOOL FOR AUTHENTICATION SCHEME
Sandeep Kumar Pandey
Department of Information Technology
Institute of Technology and Management
Gorakhpur (U.P), India
[email protected]
ABSTRACT
First phase for information security is authentication
and the main phase for authentication is memorability
of password and rules that will be used for
authentication purpose. The most commonly used
scheme is textual scheme. However the strong
password of textual scheme is hard to memorize and
normal passwords are vulnerable to many attacks.
Hence, graphical authentication scheme has been
proposed as an alternative solution, motivated
particularly by the fact that humans can remember
images better than text. However, these are vulnerable
to shoulder surfing attack. To overcome this problem
many grid based authentication schemes has been
proposed. But, either these scheme’s shoulder surfing
resistant property is not strong or these have many
complex rules, which are hard to memorize. Hence, to
overcome these problems we propose an
authentication scheme which is based on chess game.
Since this scheme contains only two rules of chess,
hence easy to memorize.
Keywords: Session password, Password pair,
Memorability, Rook rule, Bishop Rule.
I.
resistant property is not strong. To overcome these
problems,
we
propose
a
textual-graphical
authentication scheme which is based on certain rule
of chess game. It is based on the fact that an estimated
600 to 700 million people worldwide know that how to
play chess [1]. Hence it is easier for user’s to use this
scheme because it is based on certain rule of
worldwide playing game and the users who did not
know about game, they can easily memorize these
rules, because these rules are certain interesting rule of
a game. Hence this authentication scheme is propose to
increase the capability of strong password and security
for user, because high capability of scheme is mainly
based on memorability. This scheme not only
increases the memorability but also increase usability
because it is based on a worldwide playing game. The
proposed authentication scheme will strongly resist the
many attacks such as shoulder-surfing, brute force
attack, dictionary attack, password stealing, hidden
cameras, random-click attack,. This paper is organized
as follows. In Section 2 related work is discussed. In
Section 3 the authentication scheme based on the tool
and its enhanced variants are proposed. Section 4
represents the analysis and discussion. Section 5
represents user study and Section 6 represents
conclusion.
II.
INTRODUCTION
The most commonly used schemes Textual scheme. In
this scheme, a simple string of password is used for
password. However the strong password of textual
scheme is hard to memorize and normal passwords are
vulnerable to many attacks such as hidden camera
attack, shoulder-surfing attack, brute force attack etc.
To increase the memorability of password, a graphical
password scheme has been proposed. This scheme
based on the fact that human can remember images
better than text; hence the capability of password will
be increased. But these are also vulnerable to many
attacks such that shoulder surfing and hidden camera.
To overcome these problems, Biometric system and
Textual-Graphical scheme have been proposed. But
biometric system’s devices are too much costly and
textual graphical methods either force to memorize too
many text strings and rules or their shoulder surfing
RELATED WORK
In old times, for securing communication between
soldiers, watchwords are used. Through this they
would challenge who wishes to enter their territory.
After some time, it was necessary to transmit these
watchwords in very secure way [2].Alpha-numeric
passwords were first introduced in the 1960s as a
solution to security issues that became most commonly
used password scheme for users. These are easy to use
but vulnerable to many attacks such as dictionary
attack, shoulder-surfing etc. These attacks take too
much less time to break alpha-numeric or textual
passwords. According to Adams and Sasses [3] users
tend to choose short and/or guessable passwords which
are easy to use and memorize. And these user’s acts
make authentication scheme vulnerable. But they also
came on conclusion that system developers and
operators can move beyond blaming users towards
developing security systems that users can actually
IJSRET @ 2012
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
use. Hence, many graphical schemes have been
proposed as an alternative to conventional textual
based schemes. These schemes based on the fact that
human can remember images better than textual
password, and it is also based on assumption that
images are too much worth than text Shepard
[4].Blonder [5] designed a graphical password scheme
in which a password is created by having the user click
on several locations and during authentication; the user
must click on pre-defined location of image.
Wiedenbeck et al. [6, 7, 8] proposed the “Pass Point”
system. This system extended Blonder’s idea by
allowing arbitrary images to be used and eliminating
the predefined boundaries. Hence, a user can click on
any place on an image (which is opposed to some predefined areas) to create his/her password. In this
system, tolerance is calculated around each chosen
pixel. During authentication, the user must have to
click within the tolerance of the chosen pixels.
Dhamija and Perrig [9] proposed a graphical
authentication scheme where the user has to identify
the predefined images to prove user’s authenticity. In
this system the user select a certain number of images
from a set of pictures during registration. Later during
login the user has to identify the pre-selected images
for authentication from a set of images. Passface [10]
is a technique based on the assumption that people can
recall human faces from a face database as their future
password. In this authentication scheme, the user is
presented with grid of nine faces, consisting of one
face previously chosen by the user and eight decoy
faces. The user recognizes the faces and click
anywhere on known face. Since there are four user
selected images, it is done for four times. Davis, et al.
[11] proposed a graphical authentication scheme that
used images instead of faces. Weinshall and
Kirkpatrick [12] proposed several authentication
schemes such as pseudo word recognition; object
recognition and picture recognition. They conducted
many user studies on these recognitions and came on
conclusion that pictures are most effective than the
other two proposed schemes. Jermyn, et al. [13]
proposed a technique called “Draw A Secret (DAS)”,
where the user is required to re-draw the predefined
picture on 2D grid. The coordinates of this drawing on
the grid are stored in order. For valid authentication
user have to redraw images which touches all
coordinates of image in same sequence. Some further
researches based on DAS were conducted [14, 15,
16].Goldberg [17] designed a technique known as
“pass doodle”. In this graphical authentication scheme,
stylus is used to draw handwritten design or text onto a
touch sensitive screen. They came on conclusion that
order should be neglected because order in which
password is drawn introduces too much complexity. S.
ISSN 2278 - 0882
Jansen [18, 19] proposed a graphical password
authentication scheme for mobile devices. During
password creation in registration phase, a user selects a
theme consisting photos in thumbnail size and set a
sequence of picture as password. But the password
space of this scheme is not large because the number
of images is limited to 30. Syukri [20] develop a
technique where authentication is done by drawing
user signature using mouse. But the main problem
associated with this scheme is that drawing with
mouse is not familiar to many people, because it is
difficult to draw the signature in the same coordinates
or same perimeters at the time of registration. Man, et
al. [21] proposed another shoulder surfing resistant
algorithm in which user select a number of pictures as
pass-objects. Each pass-object has several variants and
each variant is assigned a unique code. During
authentication, the user is challenged with several
scenes. Each scene contains several pass-objects and
many decoy objects. The user has to type in a string
with the unique code corresponding to the pass-object
variants present in the scene as well as code indicating
the relative location of the pass-objects in reference to
a pair of eyes. The common weakness in these entire
graphical password authentication schemes is that they
are vulnerable to shoulder surfing attacks. Hong, et al.
[22] later expended this approach to allow users to
assign their own codes to pass-object variants.
Haichang et al. [23] proposed a new shoulder surfing
resistant scheme, where the user is required to draw a
curve across their password images orderly rather than
clicking on them directly. However, these graphical
schemes have complex rule to memorize or their
shoulder-surfing resistant property are not strong.
More graphical password schemes have been
summarized in a recent survey paper [24]. To make
password scheme shoulder- surfing resistance, many
Biometric and Textual-Graphical schemes have been
proposed. But the devices of biometric system are too
much costly. Hence its usability is low. Zhao and Li
[25] proposed a shoulder-surfing resistant scheme
“S3PAS”. In this scheme user create a textual
password during registration and makes combination
of three pass characters. And use these pass-characters
to make session password by clicking inside the
triangle made by these pass-characters in a displayed
grid. The main problem of this scheme is that it
contains three click-rules. Hence, forces user to
memorize too may rules. . M Srilatha et al. [26]
proposed two authentication schemes for session
password using color and images. In his pair-based
authentication scheme, user make textual password in
registration phase and use this password to make pass
pair. The first symbol of pass pair is used to select the
row and second symbol is used to select column on
IJSRET @ 2012
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
displayed grid, and the intersection of row and column
is the session password for login phase. The main
problem with this scheme is that in this length of
textual password should be even and there should be
no pass pair having both symbol identical i.e. “SS”. In
his Hybrid textual authentication scheme, the user has
to rate the color. The first color of every pair in color
grid represents row and second represents column of
the number grid. The number in the intersection of the
row and column of the grid is part of the session
password. However, this method forces the user to
memorize color rating and not applicable for color
blindness user.
To increase usability many
authentication schemes has been proposed which are
based on games. Hai Tao and Adams [27] proposed
graphical scheme on the basis of ancient game “PassGo”. As the name implies, Pass-Go is a grid-based
scheme. However, different from DAS, Pass-Go
requires a User to select (or touch) intersections
instead of cells, as a way to input a password.
Consequently, the coordinate system refers to a matrix
of intersections, rather than cells as in DAS.
Malempati and Mogalla [28] proposed an
authentication scheme based on ancient Indian game.
This scheme increase usability as well as memorability
than other graphical scheme. But the main drawback of
these two schemes is that they are vulnerable to
shoulder surfing attack and to overcome these problem
they perform some mapping through which they can
make session password. These extra mapping not only
increase complexity but also decrease the
memorability and usability because due to use of these
mapping, user have to remember many rules.
III.
AUTHENTICATION SCHEME USING
“CHESSGAME”
This authentication scheme contains three phase:
Registration, Login and Verification. In registration
phase, user has to submit his/her user name and
Password. The minimum length of password should be
7. In login phase, an interface of grid (10×10 or
12×12) will be displayed, through which user have to
make his session password by using certain rule of
chess game (i.e. Bishop Rule and Rook rule). The
verification phase will verify the password of user and
allow him/her to access their account. The two pieces
of chess, whose rules used in this authentic cation
scheme, are Bishop and Rook. In chess, the bishop can
move any number of squares diagonally. And Rook
can move any number of squares along any rank or
file, or can move any number of square vertically or
horizontally. I called it Rook rule. The movement of
Bishop and Rook are shown in figure 1(a) and 1(b)
respectively.
ISSN 2278 - 0882
Fig1 (a).Bishop Movement Fig 1(b).Rook Movement
For Bishop Movement, I always select longest
diagonal for movement. This will be called as bishop
rule. To make ease for user, so that he/she can select
longest diagonal too easily; we divide the grid into
four quadrant and give the direction to each quadrant.
Hence, for Bishop Movement, user has to see that
his/her original password is in which quadrant, and
then select the movement according to the direction
given in respective quadrant. The fallowing figure
(Figure 2) shows the respective quadrant and direction
with grid.
Figure 2.Quadrants and respective direction for
selecting longest diagonal in Bishop Rule
3.1. Notation
There are the fallowing notations, which will be used
throughout the paper for analysis and discussion.
IJSRET @ 2012
 S: Set of all printable symbols which are used
in grid.
 |S|: Total number of printable symbolic grid.
 K: Original password which is Special
combination of printable symbol.
 |K|: Total number of printable symbol in
original password.
 |P|: Total number of Priority set.
 |L|: Length of session password in Enhanced
Scheme(i.e. based on priority set)
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
3.2. Basic Authentication Scheme
This scheme contains mainly two variants, which are
designed for different security and environment. The
basic authentication scheme is one of them. In
registration phase, user has to submit his password just
like conventional textual password i.e. K. This
password will be known as original password, which
has to be memorized to user. In this scheme, user has
to consider his original password in term of pair of
password or pass pair. To generate pass pair, let us
take a K, which is set of character K1,K2,K3.....,Km, m
= |K|(where K1 is first symbol of string K, K2 is second
symbol,K3 is third symbol and so on). User has to
consider his original pass in terms of pairs. First pair
will be K1K2, second will be K3K4 and so on. If |K| is
odd then last pair will be K1Km. The first symbol of
pass pair will be used for Bishop Rule, and the second
symbol will be used for movement of Rook in vertical
direction. The common square of these movements
(i.e. intersection symbol of these movements) will be
session password. If there is no common square, then
move Rook in horizontal direction. If both symbol of
pass pair are identical then using Bishop rule, select
the third-next symbol from symbol of pass pair(i.e. for
top two quadrant, next will be going downward in
diagonal and for other two quadrant will be going
upward) as session password.
To show the login process, let us take an example. I
assume that the user Bob’s original password K is
“SANDEE1”. Since the length of the password is, |K|
= 7, based on the Basic authentication scheme rule,
Bob has to click four times correctly in the right
sequence to be authenticated. Since the |K| is odd, the
first three combinations pair pass in order are “SA”,
“ND”, “EE” and last will be “S1”. The login procedure
consists of the following four steps and is also shown
in Figure 3(a) to (d).
1. Bob finds his characters of pair-pass “S” and
“A”, since the movement through Bishop rule
and vertical movement of Rook is not
intersecting, we move Rook in horizontal and
find the common square of movements as
session character (i.e., “R”).
2. Bob finds his characters of pair-pass “N” and
“D”, since the movement through Bishop Rule
and vertical movement of Rook, have a
common square, hence click or input the
session character (i.e., “j”).
3. Bob finds his characters of pair-pass “E” and
“E”, since they are identical, hence click at
third- next symbol from character of pass –pair
in diagonal using Bishop Rule or input the
session character (i.e., “b”).
IJSRET @ 2012
ISSN 2278 - 0882
4. Bob finds his characters of pair-pass “S” and
“1”, since the movement through Bishop Rule
and vertical movement of Rook have a
common square, hence click or input the
session character (i.e., “L”).
Figure 3(a).Common square for “SA” Pass-pair
Figure 3(b).Common square for “ND” Pass-pair
Figure 3(c).Square for “EE” Pass-pair
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
ISSN 2278 - 0882
Figure 3(d).Square for “S1” Pass-pair
In this example, Bob’s original password is
“SANDEE1”, and his session password is four clicks
in sequence or printable password “RjbL”. He has to
click four times using certain chess rule (i.e. Bishop
and Rook rule) or input the session passwords “RjbL”
to be authenticated.
Figure 4.Example of Priority Set
3.3 Enhancement
We increase the N in grid by using images instead of
text in grid layout. The increase in |S| not only
decrease the success probability of Random-click
attack but also decrease success probability of Guess
because |S| is inversely correlated to Guess and success
probability of Random click attack(see section 4).
Hence it will not only increase capability but also
increase security.
In the Basic scheme, if password is |K| in length, then
user has to click
times, which releases her
password length to attackers. However, users can
protect their password length information well by the
Priority set rule. In addition, it could be easier for users
to remember their own interest of selected Priority set.
This enhanced scheme can be used for high capability
and high security because it will decrease success
probability of all attack.
3.3.1. Priority-based Scheme
In this scheme, we can set priority as we want e.g. if
we want to move rook first or set priority for
horizontal or vertical move of Rook, then we can set
priority according to it. We use only 16 priority set, i.e.
|P|=16. The priority set can be increased by increasing
Rule for identical symbol. The priority set which we
use are shown in figure 4.
IV.
During registration phase, the user has to select one of
the Priority set. The primary advantage of this
enhanced scheme is that, this scheme will hide the rule
of clicking. In the basic scheme, the click-rule is open
to public, while in Enhanced scheme, only the users
themselves know their “Priority Set Rule”. Hence, it
will be become extremely hard for attackers to break
user’s password using password analysis techniques.
Further, the Priority-based scheme hides the length |K|
of user’s password.
ANALYSIS AND DISCUSSION
In this scheme, session password is used for login.
Since, interface changes at every login, session
password will be unique for each login. Hence, once
the session terminated, session password will be
invalid.Hence this scheme is resistant to Shoulders
surfing, Hidden cameras, Random click attack, Brute
force attack, Guessing, Dictionary attack etc.
4.1. Complexity
Complexity of this scheme is mainly depend son
original password because all clicks for session
passwords are related to original password. Hence,
complexity for original password of length |K| will be
|S||K|.
4.2. Shoulder Surfing Attack
A shoulder-surfing attack consists of a deliberate
attempt to gain knowledge of protected information
IJSRET @ 2012
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
ISSN 2278 - 0882
through observation [29]. This kind of attack is also
commonly known as a peeping attack [30].This
scheme is shoulder surfing resistance because we use
grid and session password, which changes at every
login. Hence, hacker will be not able to gain the
original password.
4.6. Guessing
Guessing is not possible for this scheme, because there
is
possible combination of original password
for Basic scheme and |P|×
for Enhanced scheme.
4.3. Brute Force Attack
It involves systematically checking all possible
combination of symbol until the correct combination is
found. But, due to use of changing interface and
session password, it is not possible. Hence, Brute force
attack is not possible in this scheme.
Is elected 30 students randomly, and told them about
rules and showed diagrams. These students were
divided into three subgroups, one who knew about
playing chess, second who knew only mathematics and
third who didn’t knew anything about both (i.e. chess
and math). The first subgroup had 3 students and they
knew about playing chess. The second subgroup had
18 students and they knew about math. And the third
subgroup has 9 students. I had divided groups into
these categories because chess is directly correlated to
math. The memorability of these groups is given in
below table for two subsequent weeks.
4.4. Random Click Attack
In this scheme, we choose the common squareand use
it as the session password. However, attackers have the
chance to click the right common squarejust by
random-click even though they do not really know the
password. This kind of attack is called “random-click
attack.”Due to uniqueness of common square, success
of random click is too much less or negligible.
i.e. success of probability of random click attack for
basic scheme is given by,
P (B) =
×|S|-|K|
=
And success of probability of random click attack for
Enhanced scheme is given by,
P (E) =
=|L|×|P| ×|S| , Where |L| ≥
-1
-|K|
.
Hence, in our Basic scheme, Maximum success of
probability of random click attack (i.e. when |S|= 100,
|K| =7) will be, Maximum P (B) =4×
, which is
too much less or negligible.
Similarly, for Enhanced scheme, Maximum success of
probability of random click attack (i.e. when |S|= 144,
|K| =7 and |P|=16) will be, Maximum P (E) =
4.87×
|L|, which is also negligible. This success
probability is Maximum because as we increase the |K|
or |N|, success probability will decrease. Hence,
Random click attack is not possible in this scheme.
4.5. Dictionary Attack
A dictionary attack tries only those possibilities which
are most likely to succeed and these are typically
derived from a list of words. But this attack fails
towards our authentication scheme, because our
scheme uses session password. Hence, due to change
in grid and session password, manipulation of “list of
word” is not possible.
V.
USER STUDY
TABLE 1
RESULT OF MEMORABILITY
Subgroup
Memorability
Memorability
after First Week
after Second
Week
first subgroup 1
1
second
subgroup
0.96
0.94
third
subgroup
0.83
0.78
Hence, I saw that first subgroup can easily memorize
because they had to only learn about pairing concept
which was also too much easy. This scheme was also
easy for second subgroup because they were already
knows about horizontal, vertical and diagonal concept,
they had to memorize only rule concept. The third
subgroups have slightly less memorability because
they had to remember rules, but, since it is based on
direction. It is also easy for them.
I found that 90% student of this groups are interested
in this authentication scheme, 80% want to use it for
high security purpose and only 10% are neither
interested in game nor want to use it for high security
purpose.
VI.
CONCLUSION
Propose an Authentication scheme which not only
increase security but also increase memorability and
usability. This scheme over comes the entire problems
(i.e. which are discussed in section 3). Hence this
scheme contains only two rules and no extra mapping
is required for shoulder surfing resistance or hidden
IJSRET @ 2012
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
ISSN 2278 - 0882
cameras. My user study is based on paper work. This
user study is done mainly to show memorability of this
scheme. To find time requirement (i.e. maximum and
minimum time of each phase) of this scheme are my
future work.
[12] D. Weinshall and S. Kirkpatrick, "Passwords You’ll
REFERENCE
[13]
[1] http://en.citizendium.org/wiki/chess
[2] Polybius, The General History of Polybius Volume 3
– The Roman Military System, Public
domaintranslation by N.S.Gill.
http://ancienthistory.about.com/library/bl/bl_text_pol
ybius6.htm
[3] Adams and M.A. Sasse. Users are not the enemy.
Why users compromises computer security
mechanism & how to take remedial measures.
Communication of the ACM.
42:41-46, 1999
[4] R. N. Shepard, "Recognition memory for words,
sentences,and pictures," Journal of Verbal Learning
and VerbalBehavior, vol. 6, pp. 156-163, 1967.
[5] G.E. Blonder. Graphical Passwords. United State
Patent.
559961, 1996
[6] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy,
and N. Memon, "Authentication using graphical
passwords: Basic results," in HumanComputerInteraction International (HCII 2005). Las
Vegas, NV, 2005
[7] S. Wiedenbeck, J. Waters, J. C. Birget, A.
Brodskiy,and N. Memon, "Authentication using
graphical passwords: Effects of tolerance and image
choice," in Symposium on Usable Privacy and
Security (SOUPS). Carnegie-Mellon University,
Pittsburgh, 2005.
[8] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy,
and N. Memon, "PassPoints: Design and
longitudinal evaluation of a graphical password
system,"International Journal of Human Computer
Studies, to appear.
[9] R. Dhamijaand A. Perrig. “De’ja’ Vu: A user study
using images for Authentication”. In 9th USENIX
security symposium, 2000.
[10] Real User Corporation: Passfaces.
www.passfaces.com
[11] Davis D., F. Monrose, and M.K. Reiter. “On User
Choice in Graphical Password Schemes” 13th
USENIX Security Symposium, 2004.
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
Never Forget, but Can’t Recall," in Proceedings of
Conference on Human Factors in Computing
Systems (CHI). Vienna, Austria: ACM, 2004, pp.
1399-1402.
I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and
A.D. Rubin in Proceeding of Design and Analysis of
Graphical password. In the 8th USENIX Security
Symposium, 1999.
J. Thorpe and P. C. v. Oorschot, "Graphical
Dictionaries and the Memorable Space of Graphical
Passwords," in Proceedings of the 13th USENIX
Security Symposium. San Deigo, USA: USENIX,
2004.
J. Thorpe and P. C. v. Oorschot, "Towards
SecureDesign Choices for Implementing Graphical
Passwords," in Proceedings of the 20th Annual
Computer Security Applications Conference.
Tucson, Arizona, 2004.
D. Nali and J. Thorpe, "Analyzing User Choice in
Graphical Passwords," Technical Report, School of
Information Technology and Engineering,
University of Ottawa, Canada May 27 2004.
J. Goldberg, J. Hagman, and V. Sazawal, "Doodling
Our Way to Better Authentication," presented at
Proceedings of Human Factors in Computing
Systems (CHI), Minneapolis, Minnesota, USA,
2002.
W. Jansen, "Authenticating Users on Handheld
Devices “in Proceedings of Canadian Information
Technology Security Symposium, 2003.
W. Jansen, "Authenticating Mobile Device User
through Image Selection," in Data Security, 2004.
F. Syukri, E. Okamoto and M. Mambo, “A User
Identification System Using Written with Mouse,” in
Australian Conference on Information Security and
Privacy (ACISP): Springer-Verlag Notes in
Computer Science (1438), 1998, pp. 403-441.
S. Man, D. Hong, and M. Mathews, "A shoulder
surfing resistant graphical password scheme," in
Proceedings of International conference on security
and management. Las Vegas, NV, 2003.
D. Hong, S. Man, B. Hawes and M. Mathews. A
Password scheme strongly resistant to spyware. In
proceeding of international conference on security
and management, Las Vegas, NV, 2002.
IJSRET @ 2012
International Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 1 Issue3 pp 076-083
July 2012
www.ijsret.org
[23] HaichangGao, ZhongjieRen, Xiuling Chang, Xiyong
[24]
[25]
[26]
[27]
[28]
[29]
[30]
Liu UweAickelin, “A New Graphical Password
Scheme Resistant to Shoulder-Surfing.”
ArashHabibiLashkari and SamanehFarmand , “A
Survey on usability and Security features in
graphical user authentication algorithms”, in IJCSNS
International Journal of Computer Science and
Network Security, VOL.9 No.9, September 2009.
H. Zhao and X. Li, “S3PAS: A Scalable ShoulderSurfing Resistant Textual-Graphical Password
Authentication Scheme,” in 21stInternational
Conference on Advanced Information Networking
and Application Workshops (AINAW 07), Vol.2.
Canada, 2007, pp. 467-472
M. Sreelatha, M. Shashi, M. Anirudh, MD. Sultan
Ahmar and V. Manoj Kumar, “Authentication
Schemes for session Passwords using Color and
Images”. InternationalJournal of Network Security
and its Application (IJNSA), Vol.3, No.3, May 2011.
H. Tao and C. Adams, “Pass-Go: A proposal to
improve the usability of graphical
passwords”,International Journal of Network
Security, vol. 7, no. 2, pp. 273-292, 2008.
SreelathaMalempati and ShashiMogalla, “An ancient
Indian Board Game as Tool for Authentication
scheme”, International Journal of Network Security
& Its Applications (IJNSA), Vol.3, No.4, July 2011.
CMS Information Systems - Threat Identification
Resource Version 1.0, Pages 2-3. Centers for
Medicare & Medicaid Services, Baltimore,
Maryland, May 7, 2002.
Tetsuji Takada. fakePointer: An Authentication
Scheme for Improving Security against Peeping
Attacks using Video Cameras. In The Second
International Conference on Mobile Ubiquitous
Computing, Systems, Services and Technologies,
Pages 395-400. National Institute of Advanced
Industrial Science and Technology, 2-41-6, Aomi,
Koto-ku, Tokyo, 135-0064, JAPAN, 2008.
IJSRET @ 2012
ISSN 2278 - 0882