• Balika J Chelliah S
  • Shobana M
  • Mandli Srikar Reddy
Keywords: Graphical Cryptographic, Graphical password, input, live video, observation, user study.


A Graphical Cryptographic Verification System that restores the static digital pictures naturally used in graphical password systems with personalized physical tokens, here in the form of digital pictures showed on a physical user-owned device such as a mobile phone. Users present these pictures to a scheme camera and then enter their password as a sequence of selections on live video of the token. Extremely distinctive optical characteristics are extracted from these selections and utilized as the password. We present three probability studies of examining its consistency, usability, and safety against surveillance. The consistency study Graphical Cryptographic Verification System demonstrates that image-feature based passwords are viable and suggests appropriate system thresholds password items should include a minimum of seven features, 40% of which must geometrically equal unique stored on an authentication server in order to be moderator equivalent. The usability study calculates task completion times and error rates, revealing these to be 7.5 s and 9%, broadly comparable with preceding graphical password systems that use static digital images. In the end, the safety study highlights Graphical Cryptographic Verification System conflict to observation attack three attackers are able to compromise a password using shoulder surfing, camera based observation, or malware. These results indicate that Graphical Cryptographic Verification System shows promise for safety while maintaining the usability of current graphical password schemes.


Download data is not yet available.

Author Biographies

Balika J Chelliah S

Assistant Professor, Department of Computer Science and Engineering, SRM University, Chennai, Tamil Nadu, India.

Shobana M

Department of Computer Science and Engineering, SRM University, Chennai, Tamil Nadu, India.

Mandli Srikar Reddy

Department of Computer Science and Engineering, SRM University, Chennai, Tamil Nadu, India.


[1] R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical passwords: Learning from the first twelve years,” ACM Comput. Surveys, vol. 44, no. 4, 2012.

[2] D. Davis, F. Monrose, and M. Reiter, “On user choice in graphical password schemes,” in Proc. USENIX Security, pp. 1–11, 2004.

[3] I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design and analysis of graphical passwords,” in Proc. 8th USENIX Security Symp., pp. 1–15, 1999.

[4] H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of graphical passwords,” Int. J. Netw. Security, vol. 7, no. 2, pp. 273–292, 2008.

[5] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “PassPoints: Design and longitudinal evaluation of a graphical password system,” Int. J. HCI, vol. 63, pp. 102–127, Jul. 2005.

[6] P. C. van Oorschot and J. Thorpe, “On predictive models and user-drawn graphical passwords,” ACM Trans. Inf. Syst. Security, vol. 10, no. 4, pp. 1–33, 2008.

[7] K. Golofit, “Click passwords under investigation,” in Proc. ESORICS, pp. 343–358, 2007.

[8] A. E. Dirik, N. Memon, and J.-C. Birget, “Modeling user choice in the passpoints graphical password scheme,” in Proc. Symp. Usable Privacy Security, pp. 20–28, 2007.

[9] J. Thorpe and P. C. van Oorschot, “Human-seeded attacks and exploiting hot spots in graphical passwords,” in Proc. USENIX Security, pp. 103–118, 2007.

[10] P. C. van Oorschot, A. Salehi-Abari, and J. Thorpe, “Purely automated attacks on passpoints-style graphical passwords,” IEEE Trans. Inf. Forensics Security, vol. 5, no. 3, pp. 393–405, Sep. 2010.

[11] D. Weinshall, “Cognitive authentication schemes safe against spyware,” in Proc. IEEE Symp. Security Privacy, pp. 300–306, May 2006.

[12] L. von Ahn, M. Blum, N. J. Hopper, and J. Langford, “CAPTCHA: Using hard AI problems for security,” in Proc. Eurocrypt, pp. 294–311, 2003.

[13] S. Chiasson, A. Forget, R. Biddle, and P. C. van Oorschot, “Influencing users towards better passwords: Persuasive cued click-points,” in Proc. Brit. HCI Group Annu. Conf. People Comput., Culture, Creativity, Interaction, vol. 1., pp. 121–130, 2008.

[14] B. Pinkas and T. Sander, “Securing passwords against dictionary attacks,” in Proc. ACM CCS, pp. 161–170, 2002. [15] P. C. van Oorschot and S. Stubblebine, “On countering online dictionary attacks with login histories and humans-in-the-loop,” ACM Trans. Inf. Syst. Security, vol. 9, no. 3, pp. 235–258, 2006.