Article,
GPOD: An Efficient and Secure Graphical Password Authentication System by Fast Object Detection
Contributors
Ray, Palash
0000-0001-5741-7630
(Corresponding author)
[1]
Giri, Debasis
0000-0003-3033-3036
[2]
Meng, Wei-Zhi
0000-0003-4384-5786
[3]
Hore, Soumyadeep
0000-0002-9326-291X
[1]
Affiliations
- [1] Haldia Institute of Technology [NORA names: India; Asia, South];
- [2] Maulana Abul Kalam Azad University of Technology, West Bengal [NORA names: India; Asia, South];
- [3] Technical University of Denmark [NORA names: DTU Technical University of Denmark; University; Denmark; Europe, EU; Nordic; OECD]
Abstract
Nowadays, the graphical password has gained significant recognition and has become a subject of extensive investigation within the research community. The proliferation of Internet usage has resulted in individuals accessing various web applications from any location worldwide, utilizing personal computers, mobile phones, and other touch-enabled devices. However, individuals frequently employ passwords that are weak and commonly used due to their inability to recall complex passwords. This renders the systems susceptible to various forms of attacks. Hence, there is a requirement for an authentication scheme that possesses qualities such as resilience, ease of memorability, and security. Graphical passwords are significantly more effective than text-based passwords in terms of memorability. Nevertheless, numerous schemes are susceptible to various forms of attacks, such as shoulder surfing attacks, man-in-the-middle attacks, database attacks, random guess attacks, and so forth. Moreover, the compromise between security and usability concerns is evident in different graphical authentication schemes. Therefore, we present a novel graphical authentication scheme that ensures both security and usability. This scheme incorporates random graphical objects blended with a background image, resulting in the generation of a distinct graphical challenge. The objects that have been chosen must undergo verification through the utilization of an object detection algorithm known as YOLOv3. In order to strengthen the security of GPOD (Graphical password with object detection), user data is subjected to encryption and subsequently stored on the server, thereby mitigating the risk of potential database attacks. Additionally, the user data undergoes encryption prior to its transmission to the server in order to alleviate the risk of man-in-the-middle attacks. The proposed GPOD scheme is a straightforward, usable, resilient, shoulder-surf-resistant, and secure graphical authentication scheme. The scheme exhibits excellent performance, with an accuracy rate of up to 94.80% and a login time ranging from 9.61 to 14.56 seconds in two scenarios, respectively.
