Graphical Password Security Evaluation by Fuzzy AHP
In today's day and age, one of the important topics in
information security is authentication. There are several alternatives
to text-based authentication of which includes Graphical Password
(GP) or Graphical User Authentication (GUA). These methods stems
from the fact that humans recognized and remembers images better
than alphanumerical text characters. This paper will focus on the
security aspect of GP algorithms and what most researchers have
been working on trying to define these security features and
attributes. The goal of this study is to develop a fuzzy decision model
that allows automatic selection of available GP algorithms by taking
into considerations the subjective judgments of the decision makers
who are more than 50 postgraduate students of computer science. The
approach that is being proposed is based on the Fuzzy Analytic
Hierarchy Process (FAHP) which determines the criteria weight as a
linear formula.
[1] Lashkari, A.H. and F. Towhidi, Graphical User Authentication (GUA).
2010: Lambert Academic Publisher.
[2] Lashkari, A.H., et al., Shoulder Surfing attack in graphical password
authentication. 2009, International Journal of Computer Science and
Information Security (IJCSIS).
[3] Lashkari, A.H., et al., Security Evaluation for Graphical Password, in
The International Conference on Digital Information and
Communication Technology and its Applications (DICTAP2011). 2011,
Communications in Computer and Information Science (CCIS) Series of
Springer LNCS: Université de Bourgogne, France.
[4] Saaty, T.L., How to make a decision: The Analytic Hierarchy Process.
European Journal of Operational Research 1990. 48 p. 9-26.
[5] Nguyen, H.T. and E.A. Walker, A First Course in Fuzzy Logic. 1997:
CRC Press.
[6] Klir, G.J. and B. Yuan, Fuzzy Sets and Fuzzy Logic Theory and
Applications. 1995, New Jersey: Prentice Hall.
[7] Zimmermann, H.-J., Fuzzy Set Theory and its Applications. Third
Edition ed. 1996: Kluwer Academic Publishers.
[8] Ball─▒, S. and S. Koruko─ƒlu, Operating System Selection using Fuzzy
AHP and Topsis Methods. Mathematical and Computational
Applications, 2009. 14(2): p. 119-130.
[9] Wang, Y.-M. and T.M.S. Elhag, Fuzzy TOPSIS method based on alpha
level sets with an application to bridge risk assessment. Expert Systems
with Applications, 2006. 31.
[10] Kreng, V.B. and C.Y. Wu, Evaluation of knowledge portal development
tools using a fuzzy AHP approach: The case of Taiwanese stone
industry. European Journal of Operational Research, 2005.
[11] Erensala, Y.C., T. Öncanb, and M.L. Demircan, Determining key
capabilities in technology management using fuzzy analytic hierarchy
process: A case study of Turkey. Information Sciences, 2006. 176(18):
p. 2755-2770
[12] Kahraman, C., U. Cebeci, and D. Ruan, Multi-attribute comparison of
catering service companies using fuzzy AHP: The case of Turkey.
International Journal of Production Economics, 2004. 87.
[13] Leung, L.C. and D. Cao, On consistency and ranking of alternatives in
fuzzy AHP. European Journal of Operational Research, 2000. 124: p.
102-113.
[1] Lashkari, A.H. and F. Towhidi, Graphical User Authentication (GUA).
2010: Lambert Academic Publisher.
[2] Lashkari, A.H., et al., Shoulder Surfing attack in graphical password
authentication. 2009, International Journal of Computer Science and
Information Security (IJCSIS).
[3] Lashkari, A.H., et al., Security Evaluation for Graphical Password, in
The International Conference on Digital Information and
Communication Technology and its Applications (DICTAP2011). 2011,
Communications in Computer and Information Science (CCIS) Series of
Springer LNCS: Université de Bourgogne, France.
[4] Saaty, T.L., How to make a decision: The Analytic Hierarchy Process.
European Journal of Operational Research 1990. 48 p. 9-26.
[5] Nguyen, H.T. and E.A. Walker, A First Course in Fuzzy Logic. 1997:
CRC Press.
[6] Klir, G.J. and B. Yuan, Fuzzy Sets and Fuzzy Logic Theory and
Applications. 1995, New Jersey: Prentice Hall.
[7] Zimmermann, H.-J., Fuzzy Set Theory and its Applications. Third
Edition ed. 1996: Kluwer Academic Publishers.
[8] Ball─▒, S. and S. Koruko─ƒlu, Operating System Selection using Fuzzy
AHP and Topsis Methods. Mathematical and Computational
Applications, 2009. 14(2): p. 119-130.
[9] Wang, Y.-M. and T.M.S. Elhag, Fuzzy TOPSIS method based on alpha
level sets with an application to bridge risk assessment. Expert Systems
with Applications, 2006. 31.
[10] Kreng, V.B. and C.Y. Wu, Evaluation of knowledge portal development
tools using a fuzzy AHP approach: The case of Taiwanese stone
industry. European Journal of Operational Research, 2005.
[11] Erensala, Y.C., T. Öncanb, and M.L. Demircan, Determining key
capabilities in technology management using fuzzy analytic hierarchy
process: A case study of Turkey. Information Sciences, 2006. 176(18):
p. 2755-2770
[12] Kahraman, C., U. Cebeci, and D. Ruan, Multi-attribute comparison of
catering service companies using fuzzy AHP: The case of Turkey.
International Journal of Production Economics, 2004. 87.
[13] Leung, L.C. and D. Cao, On consistency and ranking of alternatives in
fuzzy AHP. European Journal of Operational Research, 2000. 124: p.
102-113.
@article{"International Journal of Information, Control and Computer Sciences:51792", author = "Arash Habibi Lashkari and Azizah Abdul Manaf and Maslin Masrom", title = "Graphical Password Security Evaluation by Fuzzy AHP", abstract = "In today's day and age, one of the important topics in
information security is authentication. There are several alternatives
to text-based authentication of which includes Graphical Password
(GP) or Graphical User Authentication (GUA). These methods stems
from the fact that humans recognized and remembers images better
than alphanumerical text characters. This paper will focus on the
security aspect of GP algorithms and what most researchers have
been working on trying to define these security features and
attributes. The goal of this study is to develop a fuzzy decision model
that allows automatic selection of available GP algorithms by taking
into considerations the subjective judgments of the decision makers
who are more than 50 postgraduate students of computer science. The
approach that is being proposed is based on the Fuzzy Analytic
Hierarchy Process (FAHP) which determines the criteria weight as a
linear formula.", keywords = "Graphical Password, Authentication Security, Attack
Patterns, Brute force attack, Dictionary attack, Guessing Attack,
Spyware attack, Shoulder surfing attack, Social engineering Attack,
Password Entropy, Password Space.", volume = "6", number = "6", pages = "755-6", }