Investigating background pictures for picture gesture authentication
Loading...
Authors
Monroy, Pauline
Subjects
password
authentication
picture gesture authentication
background picture
strength requirements
authentication
picture gesture authentication
background picture
strength requirements
Advisors
Clark, Paul C.
Shaffer, Alan
Date of Issue
2017-06
Date
Jun-17
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
The military relies heavily on computer systems. Without a strong method of authentication to access these systems, threats to confi-dentiality, integrity, and availability of government information are likely to be more successful. A recent method of authentication for the Windows 8 and Windows 10 operating systems is picture gesture authentication (PGA), a new approach to entering a password to authenticate a user during system login. Each PGA password is composed of three gestures that are drawn over a picture chosen by the user. Strength requirements are set for PGA passwords similarly to text-based passwords. For simplicity, users tend to use shapes, colors, and objects in a picture, called points of interest (POI), as guidance when creating each gesture for their password. This concept provides an opportunity for potential hackers to make logical password guesses, decreasing the security of PGA. Previous work on PGA security used a proprietary brute-force algorithm to guess passwords based on POIs. We present a similar brute-force algorithm that is publicly available. We evaluate the eciency of the new algorithm against various background pictures and propose strength requirements to improve the security of PGA.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.