Graphical Password Security Evaluation by Fuzzy AHP

In today's day and age, one of the important topics in information security is authentication. There are several alternatives to text-based authentication of which includes Graphical Password (GP) or Graphical User Authentication (GUA). These methods stems from the fact that humans recognized and remembers images better than alphanumerical text characters. This paper will focus on the security aspect of GP algorithms and what most researchers have been working on trying to define these security features and attributes. The goal of this study is to develop a fuzzy decision model that allows automatic selection of available GP algorithms by taking into considerations the subjective judgments of the decision makers who are more than 50 postgraduate students of computer science. The approach that is being proposed is based on the Fuzzy Analytic Hierarchy Process (FAHP) which determines the criteria weight as a linear formula.

Authors:

• Arash Habibi Lashkari
• Azizah Abdul Manaf
• Maslin Masrom

Keywords:

• Graphical Password
• Authentication Security
• Attack Patterns
• Brute force attack
• Dictionary attack
• Guessing Attack
• Spyware attack
• Shoulder surfing attack
• Social engineering Attack
• Password Entropy
• Password Space.

References:

[1] Lashkari, A.H. and F. Towhidi, Graphical User Authentication (GUA).
2010: Lambert Academic Publisher.
[2] Lashkari, A.H., et al., Shoulder Surfing attack in graphical password
authentication. 2009, International Journal of Computer Science and
Information Security (IJCSIS).
[3] Lashkari, A.H., et al., Security Evaluation for Graphical Password, in
The International Conference on Digital Information and
Communication Technology and its Applications (DICTAP2011). 2011,
Communications in Computer and Information Science (CCIS) Series of
Springer LNCS: Université de Bourgogne, France.
[4] Saaty, T.L., How to make a decision: The Analytic Hierarchy Process.
European Journal of Operational Research 1990. 48 p. 9-26.
[5] Nguyen, H.T. and E.A. Walker, A First Course in Fuzzy Logic. 1997:
CRC Press.
[6] Klir, G.J. and B. Yuan, Fuzzy Sets and Fuzzy Logic Theory and
Applications. 1995, New Jersey: Prentice Hall.
[7] Zimmermann, H.-J., Fuzzy Set Theory and its Applications. Third
Edition ed. 1996: Kluwer Academic Publishers.
[8] Ball─▒, S. and S. Koruko─ƒlu, Operating System Selection using Fuzzy
AHP and Topsis Methods. Mathematical and Computational
Applications, 2009. 14(2): p. 119-130.
[9] Wang, Y.-M. and T.M.S. Elhag, Fuzzy TOPSIS method based on alpha
level sets with an application to bridge risk assessment. Expert Systems
with Applications, 2006. 31.
[10] Kreng, V.B. and C.Y. Wu, Evaluation of knowledge portal development
tools using a fuzzy AHP approach: The case of Taiwanese stone
industry. European Journal of Operational Research, 2005.
[11] Erensala, Y.C., T. Öncanb, and M.L. Demircan, Determining key
capabilities in technology management using fuzzy analytic hierarchy
process: A case study of Turkey. Information Sciences, 2006. 176(18):
p. 2755-2770
[12] Kahraman, C., U. Cebeci, and D. Ruan, Multi-attribute comparison of
catering service companies using fuzzy AHP: The case of Turkey.
International Journal of Production Economics, 2004. 87.
[13] Leung, L.C. and D. Cao, On consistency and ranking of alternatives in
fuzzy AHP. European Journal of Operational Research, 2000. 124: p.
102-113.