Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.646743
Title: Using cultural familiarity for usable and secure recognition-based graphical passwords
Author: Aljahdali, Hani Moaiteq
ISNI:       0000 0004 5363 0700
Awarding Body: University of Glasgow
Current Institution: University of Glasgow
Date of Award: 2015
Availability of Full Text:
Access through EThOS:
Full text unavailable from EThOS. Restricted access.
Access through Institution:
Abstract:
Recognition-based graphical passwords (RBGPs) are a promising alternative to alphanumeric passwords for user authentication. The literature presented several schemes in order to find the best types of pictures in terms of usability and security. This thesis contributes the positive use of cultural familiarity with pictures for usable and secure recognition-based graphical passwords in two different countries: Scotland and Saudi Arabia. This thesis presents an evaluation of a culturally-familiar graphical password scheme (CFGPS). This scheme is based on pictures that represent the daily life in different cultures. Those pictures were selected from a database containing 797 pictures representing the cultures of 30 countries. This database was created as the first step in this thesis from the responses of 263 questionnaires. The evaluation of the scheme goes through five phases: registration phase, usability phase, security phase, interviews phase, and guidelines phase. In the registration phase, a web-based study was conducted to determine the cultural familiarity impact on choosing the pictures for the GPs. A large number of participants (Saudi and Scottish) registered their GPs. The results showed that users were highly affected by their culture when they chose pictures for their GPs; however, the Saudis were significantly more affected by their culture than the Scottish. This study showed the developers the importance of having a selection of pictures that are as familiar as possible to users in order to create suitable GPs. In the usability phase, the participants were asked to log in with their GPs three months after the registration phase. The main results showed that the memorability rate for GPs consisting only of pictures belonging to participants’ culture was higher than the memorability rate for GPs consisting of pictures that did not belong to participants’ culture. However, there was no evidence regarding a cultural familiarity effect on login time. In the security phase, a within-subject user study was conducted to examine the security of culturally-familiar GPs against educated guessing attacks. This study was also the first attempt to investigate the risk of using personal information shared by users on social networks to guess their GPs. The results showed high guessability for CFGPs. The interviews phase evaluated the qualitative aspects of the CFGP password in order to improve its performance. In-depth interviews with the users of the scheme suggested guidelines for both developers and users to increase the usability and security of the scheme. Those guidelines are not exclusive to the culturally-familiar scheme, as they can be used for all RBGP schemes. Finally, as one of the instructions stated in the developers’ guidelines, different challenge sets’ designs were evaluated based on their cultural familiarity to users. The results showed a high usability of the culturally-familiar challenge set while the security target was met in the culturally-unfamiliar challenge set. To balance between these two factors, following the user guidelines covered the weaknesses of both designs.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.646743  DOI: Not available
Keywords: QA75 Electronic computers. Computer science ; QA76 Computer software
Share: