A thesis submitted to the Faculty of Science, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Doctor of Philosophy. Johannesburg, August 31, 2015. / Visual password schemes can be considered as an alternative to alphanumeric
passwords. Studies have shown that alphanumeric passwords
can, amongst others, be eavesdropped, shoulder surfed, or
guessed, and are susceptible to brute force automated attacks. Visual
password schemes use images, in place of alphanumeric characters,
for authentication. For example, users of visual password schemes either
select images (Cognometric) or points on an image (Locimetric)
or attempt to redraw their password image (Drawmetric), in order
to gain authentication. Visual passwords are limited by the so-called
password space, i.e., by the size of the alphabet from which users can
draw to create a password and by susceptibility to stealing of passimages
by someone looking over your shoulders, referred to as shoulder
surfing in the literature. The use of automatically generated highly
similar abstract images defeats shoulder surfing and means that an almost
unlimited pool of images is available for use in a visual password
scheme, thus also overcoming the issue of limited potential password
space.
This research investigated visual password schemes. In particular,
this study looked at the possibility of using tree picture grammars to
generate abstract graphics for use in a visual password scheme. In this
work, we also took a look at how humans determine similarity of abstract
computer generated images, referred to as perceptual similarity
in the literature. We drew on the psychological idea of similarity and
matched that as closely as possible with a mathematical measure of
image similarity, using Content Based Image Retrieval (CBIR) and
tree edit distance measures. To this end, an online similarity survey
was conducted with respondents ordering answer images in order
of similarity to question images, involving 661 respondents and 50
images. The survey images were also compared with eight, state of
the art, computer based similarity measures to determine how closely
they model perceptual similarity. Since all the images were generated
with tree grammars, the most popular measure of tree similarity, the
tree edit distance, was also used to compare the images. Eight different
types of tree edit distance measures were used in order to cover
the broad range of tree edit distance and tree edit distance approximation
methods. All the computer based similarity methods were
then correlated with the online similarity survey results, to determine
which ones more closely model perceptual similarity. The results were
then analysed in the light of some modern psychological theories of
perceptual similarity.
This work represents a novel approach to the Passfaces type of visual
password schemes using dynamically generated pass-images and their
highly similar distractors, instead of static pictures stored in an online
database. The results of the online survey were then accurately
modelled using the most suitable tree edit distance measure, in order
to automate the determination of similarity of our generated distractor
images. The information gathered from our various experiments
was then used in the design of a prototype visual password scheme.
The generated images were similar, but not identical, in order to defeat
shoulder surfing. This approach overcomes the following problems
with this category of visual password schemes: shoulder surfing,
bias in image selection, selection of easy to guess pictures and infrastructural
limitations like large picture databases, network speed and
database security issues. The resulting prototype developed is highly
secure, resilient to shoulder surfing and easy for humans to use, and
overcomes the aforementioned limitations in this category of visual
password schemes.
| Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:wits/oai:wiredspace.wits.ac.za:10539/19294 |
| Date | January 2016 |
| Creators | Okundaye, Benjamin |
| Source Sets | South African National ETD Portal |
| Language | English |
| Detected Language | English |
| Type | Thesis |
| Format | application/pdf, application/pdf |
Page generated in 0.0024 seconds