TY - JOUR
T1 - GPOD: An Efficient and Secure Graphical Password Authentication System by Fast Object Detection
AU - Ray, Palash
AU - Giri, Debasis
AU - Meng, Weizhi
AU - Hore, Soumyadeep
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2023
Y1 - 2023
N2 - Nowadays, the graphical password has gained significant recognition and has become a subject of extensive investigation within the research community. The proliferation of Internet usage has resulted in individuals accessing various web applications from any location worldwide, utilizing personal computers, mobile phones, and other touch-enabled devices. However, individuals frequently employ passwords that are weak and commonly used due to their inability to recall complex passwords. This renders the systems susceptible to various forms of attacks. Hence, there is a requirement for an authentication scheme that possesses qualities such as resilience, ease of memorability, and security. Graphical passwords are significantly more effective than text-based passwords in terms of memorability. Nevertheless, numerous schemes are susceptible to various forms of attacks, such as shoulder surfing attacks, man-in-the-middle attacks, database attacks, random guess attacks, and so forth. Moreover, the compromise between security and usability concerns is evident in different graphical authentication schemes. Therefore, we present a novel graphical authentication scheme that ensures both security and usability. This scheme incorporates random graphical objects blended with a background image, resulting in the generation of a distinct graphical challenge. The objects that have been chosen must undergo verification through the utilization of an object detection algorithm known as YOLOv3. In order to strengthen the security of GPOD (Graphical password with object detection), user data is subjected to encryption and subsequently stored on the server, thereby mitigating the risk of potential database attacks. Additionally, the user data undergoes encryption prior to its transmission to the server in order to alleviate the risk of man-in-the-middle attacks. The proposed GPOD scheme is a straightforward, usable, resilient, shoulder-surf-resistant, and secure graphical authentication scheme. The scheme exhibits excellent performance, with an accuracy rate of up to 94.80% and a login time ranging from 9.61 to 14.56 seconds in two scenarios, respectively.
AB - Nowadays, the graphical password has gained significant recognition and has become a subject of extensive investigation within the research community. The proliferation of Internet usage has resulted in individuals accessing various web applications from any location worldwide, utilizing personal computers, mobile phones, and other touch-enabled devices. However, individuals frequently employ passwords that are weak and commonly used due to their inability to recall complex passwords. This renders the systems susceptible to various forms of attacks. Hence, there is a requirement for an authentication scheme that possesses qualities such as resilience, ease of memorability, and security. Graphical passwords are significantly more effective than text-based passwords in terms of memorability. Nevertheless, numerous schemes are susceptible to various forms of attacks, such as shoulder surfing attacks, man-in-the-middle attacks, database attacks, random guess attacks, and so forth. Moreover, the compromise between security and usability concerns is evident in different graphical authentication schemes. Therefore, we present a novel graphical authentication scheme that ensures both security and usability. This scheme incorporates random graphical objects blended with a background image, resulting in the generation of a distinct graphical challenge. The objects that have been chosen must undergo verification through the utilization of an object detection algorithm known as YOLOv3. In order to strengthen the security of GPOD (Graphical password with object detection), user data is subjected to encryption and subsequently stored on the server, thereby mitigating the risk of potential database attacks. Additionally, the user data undergoes encryption prior to its transmission to the server in order to alleviate the risk of man-in-the-middle attacks. The proposed GPOD scheme is a straightforward, usable, resilient, shoulder-surf-resistant, and secure graphical authentication scheme. The scheme exhibits excellent performance, with an accuracy rate of up to 94.80% and a login time ranging from 9.61 to 14.56 seconds in two scenarios, respectively.
KW - Authentication
KW - Encryption
KW - Graphical passwords
KW - Shoulder surfing attack
KW - YOLOv3
U2 - 10.1007/s11042-023-17571-4
DO - 10.1007/s11042-023-17571-4
M3 - Journal article
AN - SCOPUS:85179345672
SN - 1380-7501
JO - Multimedia Tools and Applications
JF - Multimedia Tools and Applications
ER -