Академический Документы
Профессиональный Документы
Культура Документы
University of
Bedfordshire: U.K.
Chapter 5
True Discretization
101
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
-dimensional image,
make sure that all points of an image are at a safe distance from grid edges. Hence, in a
2-dimensional environment relying on 3 grids is sufficient. For each click-point, the
system assigns the best grid by storing its identifier in the database. This approach
guarantees that every pixel in the background image is at a safe distance away from the
edge of at least one of the grids. However, using three grids only partially prevents the
edge problem, because it still does not imply that the tolerance distance is equal around
the original click-point in all cases. Figure 5.1 illustrates how this can still result in false
rejections and false acceptance. In Figure 5.1 the small circle is the original click-point.
The centered-tolerance square is the evenly distributed tolerance likely expected by a
user. The dotted square is the grid-square used by Robust Discretization in the worstcase. The non-overlapping region of the centered tolerance square is the area where
false rejects would occur in Robust Discretization, while the non-overlapping region of
the Robust Discretization square indicates false accepts in Robust Discretization For
further details about the limitation of this method refer to (Chiasson et al., 2008c).
102
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
Figure 5.1: False rejects and false accepts in Robust Discretization (Chiasson et al.,
2008c).
is moved until
as
Parameter
103
in
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
Figure 5.2: Centred Discretization. The continuous line L is divided into segments of
length 2r+1, where the value of 1 represents the original click-point.
), while is hashed
). The offset
of
or in other
is within
and hence
).
is not the same as the original segment, the two hashes are
clicks
are
stored
as
plaintext,
) Note that
),
while
the
hash
) of
consists
of
from the original point. However, since the same approach was
suggested for the 2-D environment of VPs without further improvements, false
acceptance occurs.
When implementing centred discretization in a 2-D space, the tolerance shape is
represented as a grid square. Hence, the tolerance distance ( ) is not equal around the
original click-point, which in the worst case means a click-point 8.48 pixels distant from
the original click-point towards the edge of a 13x13 grid square (where
) is falsely
accepted. And a click-point 12.72 pixels distant will also be considered within tolerance
in a 19x19 grid square despite
pixels.
104
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
Figure 5.3 illustrates the problem and also shows that while
is a consistent value,
pixels within tolerance around the original click-point shape a circle inside that square,
hence further formulas should extend centred discretization calculations to only accept
click-points that are within
Figure 5.3: Occurrence of false accepts. Each square represents a tolerance grid in
centred discretization, and the circle inside contains the true tolerance space in a 2-D
environment
Increasing the tolerance distance ( ) increases the size of the grid square, which in
return increases the area of false accepts in centred discretization grid square as shown
in Table 5.1. In the table, tolerance within (
located outside tolerance, however they fall along the tolerance circle line as seen in
Figure 5.3. Including these pixels is suggested to enhance usability and make the
application more convenient to end users.
Table 5.1: The number of false accepts click-points in the Centred Discretization
tolerance grid square.
(pixels)
Tolerance
4
6
9x9
13x13
32 points
56 points
12 points
32 points
19x19
116 points
68 points
105
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
) in section 5.3, if
identical), a second step follows to check that all click-points are within
(or
) we compute
((
) is within
) and similarly
of (
((
) of
). Now that we
have retrieved the original click-point, we calculate the distance using the Euclidean
)
distance formula: (
If |(
) .
) |
then (
)
) |
then (
) is outside the
accepted tolerance , although it is located inside the grid square. Note that in an actual
implementation (
) and
following:
Also,
(
)
If a user clicks (
)
(
and
Similarly,
Now, (
106
).
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
We notice that
and
segment (first segment) and the two hashes match. True Discretization now checks if the
click is within the real tolerance or not. To do that, the original click point is retrieved:
((
((
|(
) |
|(
) |
the accepted tolerance, so the click is rejected although it is located inside the grid
square.
5.6. Security analysis
From a security perspective, using true discretization increases the theoretical password
space by increasing the possible number of clicks on the background image. For
instance, images used in PassPoints (Wiedenbeck et al., 2005c) were 451x331 pixels,
is: (
For end users, the accuracy of true discretization becomes more effective and
obvious when
Table 5.2: The number of possible clicks (N) while using Centred Discretization (CD)
and True Discretization (TD) in PassPoints.
N (CD)
N (TD)
N (TD)
4
6
1842
883
3046
Tolerance
1321
2163
Tolerance
1089
413
609
(pixels)
509
)
107
al-Khateeb, H. M. (2011). Security and usability in click-based authentication systems. Ph.D. Thesis. University of
Bedfordshire: U.K.
5.7. Conclusion
Representing the tolerance area as a grid square in click-based authentication systems
reduces the number of possible clicks on the background image, which in return reduces
the theoretical password space of the system. Application of True Discretization adds to
the systems accuracy by allowing discretization with zero false accepts rate since all
clicks outside the accepted distance are rejected.
108