A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords

Por, Lip Yee and Ng, Ian Ouii and Chen, Yen-Lin and Yang, Jing and Ku, Chin Soon (2024) A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords. IEEE Access, 12. pp. 53408-53423. ISSN 2169-3536, DOI https://doi.org/10.1109/ACCESS.2024.3373662.

Full text not available from this repository.
Official URL: https://doi.org/10.1109/ACCESS.2024.3373662

Abstract

This systematic literature review delves into the dynamic realm of graphical passwords, focusing on the myriad security attacks they face and the diverse countermeasures devised to mitigate these threats. The core objective of this paper is to identify existing security threats to graphical password schemes and the corresponding countermeasures developed to mitigate these attacks. The study process begins by identifying the usable databases and search engines to identify all the relevant resources. The inclusion and exclusion criteria were carefully selected to prioritize the study, focusing mostly on attacks and countermeasures related to graphical password schemes between 2009 and 2023. After thorough identification and selection progress, 59 studies met all the criteria. Among these studies, 47 mentioned shoulder surfing as a threat to graphical password schemes, while 20 discussed brute force attacks. Additionally, there were 21 papers on dictionary attacks, 13 on smudge attacks, spyware attacks, and social engineering, and 19 that discussed guessing attacks as threats to graphical password schemes. Furthermore, the papers identified several other attacks, including frequency of occurrence analysis attacks, video recording, eavesdropping, computer vision, sonar, and image gallery attacks, with the corresponding numbers of papers being 9, 17, 5, 2, 2, and 1, respectively. The results also highlight the countermeasures proposed in the study papers to mitigate the aforementioned attacks. Among the various countermeasures identified, most revolve around randomization, obfuscation, and password space complexity as the most commonly used techniques for enhancing the security of graphical password schemes.

Item Type: Article
Funders: National Science and Technology Council in Taiwan
Uncontrolled Keywords: Passwords; Graphical models; Security; Cyberattack; Authentication; Computer security; User centered design; User experience; Performance evaluation; Graphical passwords; security attacks; countermeasures; authentication; cybersecurity
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Computer Science & Information Technology
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 13 Nov 2024 09:03
Last Modified: 13 Nov 2024 09:03
URI: http://eprints.um.edu.my/id/eprint/45886

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.