Skip to main content
QUICK REVIEW

[论文解读] A Survey on Recognition Based Graphical User Authentication Algorithms

Farnaz Towhidi, Maslin Masrom|ArXiv.org|Dec 4, 2009
User Authentication and Security Systems参考文献 16被引用 37
一句话总结

本文综述了八种基于识别的图形化用户认证算法,利用ISO可用性标准和常见攻击模式分析其可用性与安全性的权衡。研究识别出关键漏洞,并提出对比评估方法,以指导设计更稳健且用户友好的图形化认证系统。

ABSTRACT

Nowadays, user authentication is one of the important topics in information security. Strong textbased password schemes could provide with certain degree of security. However, the fact that strong passwords are difficult to memorize often leads their owners to write them down on papers or even save them in a computer file. Graphical authentication has been proposed as a possible alternative solution to textbased authentication, motivated particularly by the fact that humans can remember images better than text. In recent years, many networks, computer systems and Internet based environments try used graphical authentication technique for their users authentication. All of graphical passwords have two different aspects which are usability and security. Unfortunately none of these algorithms were being able to cover both of these aspects at the same time. In this paper, we described eight recognition based authentication algorithms in terms of their drawbacks and attacks. In the next section, the usability standards from ISO and the related attributes for graphical user authentication usability are discussed. The related attack patterns for graphical user authentication security part are also discussed. Finally, a comparison table of all recognition based algorithms is presented based on ISO and attack patterns standards.

研究动机与目标

  • 分析基于识别的图形化用户认证(GUA)方案中的可用性与安全性权衡。
  • 识别影响GUA算法的常见漏洞与攻击模式。
  • 根据既定的ISO可用性标准评估现有GUA方法。
  • 基于安全性和可用性标准,建立一种对比框架以评估基于识别的GUA算法。
  • 为未来研究提供指导,以在图形化认证系统中实现安全与可用性的平衡。

提出的方法

  • 调研了八种基于识别的GUA算法,包括Draw-a-Secret(DAS)、点击式和图像式方案。
  • 采用ISO 9241-11标准评估可用性,重点关注可学习性、效率和用户满意度。
  • 通过识别常见攻击模式(如侧视窥探、猜测攻击和计时攻击)分析安全性。
  • 将每种算法映射到可用性与安全性标准,以支持跨算法比较。
  • 基于ISO可用性属性和抗攻击能力构建详细对比表格。
  • 利用先前研究的实证发现,评估每种算法在现实世界中的性能与局限性。

实验结果

研究问题

  • RQ1根据ISO 9241-11标准,基于识别的图形化认证算法在可用性方面表现如何?
  • RQ2针对基于识别的GUA方案,最普遍的攻击向量是什么?
  • RQ3现有GUA算法在可用性与安全性之间平衡到何种程度?
  • RQ4哪些GUA算法对特定攻击模式(如侧视窥探或暴力猜测)最为脆弱?
  • RQ5如何建立标准化的对比框架以评估基于识别的GUA方法?

主要发现

  • 没有任何一种基于识别的GUA算法能同时实现高可用性与强安全性。
  • 图像式方案(如Passfaces)具有更高的记忆性,但易受侧视窥探和人脸识别攻击影响。
  • 点击式方案对猜测攻击具有更好的抵抗力,但用户满意度较低,且可学习性差。
  • DAS(Draw-a-Secret)方法由于可预测的绘制模式,极易受到计时攻击和侧信道攻击。
  • ISO可用性度量显示,大多数GUA方案在可学习性和效率方面得分较低,尤其对首次使用者而言。
  • 开发了全面的对比表格,表明仅有少数算法在满足基本可用性阈值的同时,仍能有效抵御常见攻击。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。