Improved Design of Convex Hull Click (CHC) Graphical Password Scheme

Abstract

Passwords have always played a crucial role in cybersecurity. As known, al- phanumeric passwords are commonly used for authentication but they su er from issues of usability and shoulder-sur ng. By introducing new practices, like obligatory inclusion of special characters for better security, it has become increasingly di cult for humans to remember passwords. This results in peo- ple choosing weak and easy-to-remember passwords which lead to security breaches. Graphical password schemes are a favorable alternative to textual passwords because research, in psychology, shows that humans are better at recognizing than recalling. Although graphical password schemes o er better usability, they are susceptible to shoulder-sur ng too. Some graphical pass- word schemes do exist, which are shoulder-sur ng resistant and possess an appropriate degree of usability. Convex Hull Click (CHC) graphical password scheme is one such scheme which lessens the cognitive load on the user and mitigates shoulder-sur ng more e ectively, as compared to others. Although being still in its research phase, it holds great potential for use in the industry but like any other password scheme, it su ers from some attacks, which are, the brute-force attack and three probabilistic attacks. If the security issues of this password scheme are reduced while maintaining its ease-of-use, it can become a proper authentication scheme for the industry. The main objective of this research was the development and analysis of im- proved versions of CHC password scheme with a suitable balance between security and usability. By studying and analyzing other graphical password schemes and their techniques for resisting attacks and providing good enough usability, two variants of CHC scheme, named Centroid-Oriented Convex Hull Click (CO-CHC) and Rogue CHC password schemes were developed. Both schemes tackle di erent issues of security of CHC password scheme. A usability study was done to analyze the variants and compare them with each other and with CHC scheme. The results showed that both variants have trade-o s but they improve CHC password scheme and present new directions for research on graphical password schemes.