Entry vanOorschot:2008:PMU from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{vanOorschot:2008:PMU,
  author =       "P. C. van Oorschot and Julie Thorpe",
  title =        "On predictive models and user-drawn graphical
                 passwords",
  journal =      j-TISSEC,
  volume =       "10",
  number =       "4",
  pages =        "5:1--5:??",
  month =        jan,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1284680.1284685",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Thu Jun 12 17:52:24 MDT 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "In commonplace text-based password schemes, users
                 typically choose passwords that are easy to recall,
                 exhibit patterns, and are thus vulnerable to
                 brute-force dictionary attacks. This leads us to ask
                 whether other types of passwords (e. g. , graphical)
                 are also vulnerable to dictionary attack because of
                 users tending to choose memorable passwords. We suggest
                 a method to predict and model a number of such classes
                 for systems where passwords are created solely from a
                 user's memory. We hypothesize that these classes define
                 weak password subspaces suitable for an attack
                 dictionary. For user-drawn graphical passwords, we
                 apply this method with cognitive studies on visual
                 recall. These cognitive studies motivate us to define a
                 set of password complexity factors (e. g. , reflective
                 symmetry and stroke count), which define a set of
                 classes. To better understand the size of these classes
                 and, thus, how weak the password subspaces they define
                 might be, we use the ``Draw-A-Secret'' (DAS) graphical
                 password scheme of Jermyn et al. [1999] as an example.
                 We analyze the size of these classes for DAS under
                 convenient parameter choices and show that they can be
                 combined to define apparently popular subspaces that
                 have bit sizes ranging from 31 to 41---a surprisingly
                 small proportion of the full password space (58 bits).
                 Our results quantitatively support suggestions that
                 user-drawn graphical password systems employ measures,
                 such as graphical password rules or guidelines and
                 proactive password checking.",
  acknowledgement = ack-nhfb,
  articleno =    "5",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "dictionary attack; Draw-a-Secret; graphical
                 dictionary; Graphical passwords; memorable passwords;
                 modeling user choice; password complexity factors",
}

Related entries

al., 2(1)3, 2(1)34, 9(2)181, 9(4)461, 10(2)6, 11(3)14, 13(4)37, 14(3)27, 15(3)11, 16(3)10, 18(3)10
analyze, 2(3)230, 2(4)416, 9(4)421, 10(1)4, 10(3)9, 11(2)1, 11(2)3, 11(3)14, 11(3)15, 11(4)23, 12(3)16, 12(3)17, 13(3)27, 15(1)5, 15(2)8, 15(3)11, 16(3)10, 16(4)16, 16(4)17, 18(1)1, 18(1)2, 18(1)3, 18(2)5
apply, 2(2)177, 2(3)269, 7(2)319, 10(4)4, 12(1)1, 13(4)40, 14(1)2, 14(1)6, 17(4)15, 18(1)4
ask, 13(4)40, 14(3)26, 17(3)11, 17(4)15
based, text-, 17(4)14
because, 1(1)66, 2(3)269, 11(4)18, 11(4)21, 12(1)2, 12(2)10, 14(1)3, 14(4)29, 16(2)7, 17(1)1, 17(1)4, 17(3)10
better, 11(1)4, 11(4)20, 11(4)23, 13(4)40, 17(1)1, 17(4)14, 17(4)15, 18(1)1, 18(3)10
bit, 13(4)35, 14(1)5, 18(1)1
checking, 1(1)3, 10(2)5, 10(2)7, 12(4)20, 14(1)12, 15(4)18, 18(2)6
choice, 2(3)230, 11(3)13, 15(3)14, 18(1)1
choose, 15(2)10, 15(3)14, 18(1)1
class, 2(2)177, 9(4)391, 10(1)2, 10(1)3, 11(2)1, 11(4)19, 12(1)2, 12(3)18, 12(4)20, 13(3)21, 14(1)13, 16(1)2, 16(4)17, 18(2)5, 18(4)13
combined, 10(4)3, 13(4)33, 14(2)15, 17(2)7, 17(4)16
complexity, 2(1)65, 9(4)391, 9(4)421, 10(2)5, 11(2)6, 12(3)16, 12(3)18, 12(4)20, 13(4)36, 13(4)40, 14(1)3, 14(1)14, 15(4)16, 16(1)3, 16(1)4, 16(3)10, 17(4)16, 18(2)6, 18(3)10, 18(4)13
convenient, 12(3)14
created, 16(2)5
define, 1(1)26, 2(2)177, 10(1)3, 10(1)4, 10(2)8, 10(4)2, 12(1)1, 12(3)19, 13(3)24, 13(3)27, 13(4)29, 13(4)36, 14(1)9, 14(1)14, 14(3)25, 16(1)4, 17(1)2, 17(1)4
dictionary, 1(1)3, 2(3)230, 9(3)235, 13(4)35, 14(2)17, 17(4)15, 18(1)1, 18(4)13
e., 10(3)11, 10(4)4, 11(2)4, 11(2)5, 11(2)6
easy, 2(3)269, 13(1)10, 14(3)27, 15(2)6, 18(1)3
employ, 2(3)295, 2(4)390, 11(2)1, 11(4)19, 12(3)16, 14(4)32, 16(4)16
et, 2(1)3, 2(1)34, 9(2)181, 9(4)461, 10(2)6, 11(3)14, 13(4)37, 14(3)27, 15(3)11, 16(3)10, 18(3)10
example, 12(1)1, 12(2)11, 12(3)19, 12(4)20, 13(3)20, 13(4)30, 13(4)35, 13(4)39, 13(4)40, 15(2)10, 16(1)3, 16(2)5, 16(3)10, 17(1)2, 17(1)4, 18(1)1, 18(2)8, 18(4)13
exhibit, 12(1)1, 18(1)4, 18(2)7
factor, 9(4)461, 10(4)4, 12(3)18, 13(4)37, 17(1)1, 17(2)8
full, 11(2)6, 13(3)24, 13(3)25, 13(4)37, 15(2)8, 16(3)12, 17(2)6
g., 10(3)11
guidelines, 18(2)5
have, 1(1)66, 1(1)93, 2(1)65, 2(2)138, 2(3)230, 2(3)269, 10(1)2, 10(1)4, 10(2)5, 10(3)10, 10(3)12, 10(4)4, 10(4)6, 11(1)2, 11(2)1, 11(2)5, 11(3)15, 11(3)16, 11(4)17, 11(4)18, 11(4)21, 12(1)1, 12(1)2, 12(2)10, 12(2)13, 12(3)15, 12(3)16, 12(3)17, 12(4)20, 13(3)20, 13(3)26, 13(3)27, 13(3)28, 13(4)32, 13(4)36, 13(4)39, 13(4)40, 14(1)6, 14(1)7, 14(1)10, 14(1)13, 14(1)14, 14(3)27, 14(4)28, 14(4)29, 15(2)7, 15(2)9, 15(2)10, 15(3)12, 15(4)18, 16(2)7, 16(2)8, 16(3)10, 16(4)15, 16(4)16, 17(1)3, 17(3)11, 17(3)12, 17(4)13, 17(4)15, 18(1)1, 18(1)3, 18(2)5, 18(2)7, 18(4)13
how, 2(1)3, 2(2)138, 2(3)269, 7(2)319, 10(2)5, 10(2)8, 10(4)1, 10(4)2, 11(3)13, 11(4)18, 12(1)2, 12(2)9, 12(2)12, 12(3)18, 12(3)19, 13(1)10, 13(2)13, 13(3)25, 13(4)31, 13(4)36, 14(1)2, 14(3)26, 15(1)5, 15(3)14, 15(4)15, 16(1)3, 16(2)5, 16(2)8, 17(1)1, 17(1)2, 17(1)3, 17(4)15, 18(1)1, 18(1)3, 18(2)6, 18(3)9, 18(4)14
lead, 1(1)3, 2(1)3, 10(4)4, 11(4)17, 12(1)2, 13(3)20, 13(4)29, 17(1)2, 18(3)10, 18(4)13
measure, 2(3)269, 2(3)295, 9(2)162, 11(4)17, 12(3)17, 12(4)22, 13(3)22, 13(4)36, 15(1)2, 16(2)6, 17(1)1, 18(1)1, 18(2)5
memory, 2(4)390, 12(2)8, 12(2)10, 15(2)8, 16(2)7, 17(3)10, 18(1)4
method, 1(1)3, 1(1)26, 2(2)159, 2(3)295, 2(3)332, 2(4)416, 9(3)259, 10(1)3, 10(3)10, 10(4)4, 11(2)2, 11(3)16, 11(4)19, 11(4)22, 12(1)2, 12(1)6, 12(2)13, 12(3)16, 13(2)15, 13(4)35, 15(1)4, 15(2)10, 15(3)12, 15(4)15, 15(4)17, 17(3)12, 18(3)9
might, 2(2)138, 2(4)416, 12(2)9
modeling, 8(1)78, 8(1)119, 10(1)2, 10(1)4, 11(4)19, 14(4)28, 15(3)13
motivate, 2(2)138
number, 7(2)319, 9(2)181, 10(1)4, 10(2)5, 10(3)11, 10(3)12, 11(1)2, 11(2)5, 11(3)12, 11(3)14, 11(3)15, 12(1)1, 12(1)2, 12(1)5, 12(1)6, 12(2)8, 12(2)9, 12(2)13, 12(3)16, 12(3)18, 12(4)21, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(4)32, 13(4)34, 14(1)11, 14(3)26, 14(4)31, 15(1)4, 15(2)7, 15(2)8, 15(4)15, 16(1)4, 16(2)7, 16(4)14, 16(4)16, 17(3)10, 17(4)16, 18(2)8
Oorschot, P. C. van, 10(3)11
other, 1(1)93, 2(4)354, 9(4)461, 10(3)9, 10(3)10, 10(3)11, 10(3)12, 10(4)1, 11(2)2, 11(2)6, 11(3)15, 11(4)18, 11(4)23, 12(1)3, 12(2)8, 12(2)10, 12(3)14, 12(3)17, 12(4)22, 13(3)24, 13(3)25, 13(4)40, 14(3)23, 14(3)27, 14(4)30, 15(1)5, 15(2)6, 15(3)11, 15(3)14, 15(4)15, 16(4)15, 17(2)8, 17(3)9, 18(1)1, 18(1)3, 18(2)6, 18(4)12
parameter, 9(4)461, 11(3)13, 12(1)2, 15(1)5, 17(3)10, 18(2)5
password, 1(1)3, 2(3)230, 2(4)390, 11(4)17, 13(4)37, 16(4)15, 17(2)6, 17(4)14, 18(1)1, 18(4)13
pattern, 11(2)3, 13(4)30, 16(3)12, 18(1)4, 18(3)11, 18(4)14
popular, 14(3)27, 15(2)8, 15(2)10, 15(3)11, 15(4)16, 16(4)13, 17(3)11, 17(4)15, 18(1)1
predict, 13(1)10, 14(1)2
predictive, 10(4)1
proactive, 1(1)3, 8(3)259, 13(4)34, 17(3)9, 18(1)1
ranging, 17(4)13, 18(1)1
recall, 18(4)13
result, 1(1)3, 1(1)26, 2(3)230, 2(4)390, 9(2)162, 10(1)3, 10(1)4, 10(2)5, 10(2)6, 10(3)9, 10(3)11, 10(4)2, 11(2)3, 11(2)5, 11(3)13, 11(3)15, 11(4)18, 11(4)20, 11(4)21, 11(4)22, 12(1)4, 12(2)9, 12(3)14, 12(3)17, 13(1)10, 13(3)22, 13(3)24, 13(3)25, 13(4)33, 13(4)35, 14(1)2, 14(1)14, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(3)13, 15(3)14, 15(4)15, 16(1)2, 16(1)3, 16(2)5, 16(2)6, 16(2)7, 16(3)10, 16(3)11, 16(4)14, 16(4)17, 17(2)7, 17(3)9, 17(3)10, 17(3)12, 17(4)14, 18(1)4, 18(2)5, 18(2)6, 18(3)9, 18(3)11, 18(4)12, 18(4)13
rule, 2(1)65, 10(1)4, 10(4)2, 10(4)4, 12(1)5, 12(4)21, 14(1)2, 15(2)6, 15(4)18, 16(4)16, 17(2)7
scheme, 7(2)206, 7(4)523, 8(2)228, 9(3)325, 9(4)461, 11(2)4, 11(2)5, 11(3)14, 11(3)15, 11(4)18, 11(4)22, 12(1)2, 12(1)3, 12(2)9, 12(3)15, 12(3)16, 12(3)18, 13(4)29, 13(4)31, 13(4)37, 13(4)41, 14(1)5, 15(2)9, 15(4)18, 17(2)6, 17(3)10, 17(4)14, 17(4)15
schemes, 3(3)161, 9(1)1, 9(4)461, 10(4)4, 11(2)1, 11(2)4, 11(2)5, 11(3)15, 11(4)22, 12(1)2, 12(1)3, 12(2)8, 12(3)18, 13(3)25, 13(4)39, 14(1)14, 14(4)29, 15(2)9, 17(1)4, 17(2)6, 17(4)15, 18(3)10
set, 2(1)34, 2(2)138, 2(4)390, 8(1)3, 9(4)421, 10(2)5, 10(3)12, 10(4)2, 10(4)3, 11(2)1, 11(2)3, 11(3)13, 11(4)18, 11(4)21, 12(2)11, 12(3)18, 12(3)19, 12(4)20, 12(4)21, 13(1)9, 13(1)10, 13(3)27, 13(4)40, 14(1)12, 14(3)25, 14(4)31, 15(1)2, 15(2)7, 15(2)10, 15(3)13, 15(4)15, 16(1)4, 17(1)2, 17(2)8, 17(3)11, 17(4)13, 17(4)14, 18(1)4, 18(3)10, 18(3)11
size, 2(3)295, 10(3)11, 11(2)6, 11(3)13, 11(4)18, 12(3)16, 12(4)20, 14(1)3, 14(4)29, 17(4)15, 18(1)4, 18(4)12
small, 2(3)295, 10(3)11, 10(4)3, 12(1)6, 12(3)15, 12(3)16, 12(3)18, 12(4)21, 14(1)12, 15(1)3, 15(1)4, 15(4)15, 16(1)1, 17(4)15, 18(2)5
solely, 12(2)8
space, 2(3)295, 6(1)43, 6(3)327, 12(2)8, 12(3)18, 12(3)19, 14(1)14, 15(1)2, 18(4)13
study, 2(3)230, 2(4)416, 7(2)206, 10(2)5, 11(1)3, 11(2)3, 11(4)23, 12(1)6, 12(3)14, 12(4)20, 13(4)40, 14(1)7, 14(2)18, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(2)10, 15(3)13, 17(1)1, 17(2)7, 17(3)12, 17(4)14, 18(1)1, 18(1)2, 18(1)4, 18(2)5, 18(2)7, 18(3)9, 18(4)13
suggest, 2(3)332, 12(1)5, 16(1)4, 17(1)1
suggestions, 14(3)26
suitable, 2(3)230, 2(4)354, 11(4)22, 12(1)3, 12(3)15, 15(2)9, 17(3)10
support, 2(2)159, 5(4)492, 6(4)443, 6(4)547, 10(1)2, 10(1)4, 10(2)5, 10(2)7, 10(3)12, 11(1)3, 11(2)5, 12(1)3, 12(3)14, 12(3)15, 12(4)21, 13(3)24, 13(4)31, 14(1)3, 14(1)11, 14(1)12, 14(4)29, 15(2)9, 15(3)13, 17(2)5, 17(2)7, 17(4)15, 18(2)8, 18(3)11
symmetry, 12(2)13
text-based, 17(4)14
thus, 2(2)138, 10(3)12, 13(3)20, 14(1)12, 14(3)26, 14(3)27, 15(1)4, 16(2)7, 17(3)10, 17(3)11, 18(1)1, 18(4)13
type, 10(1)2, 10(1)3, 10(3)11, 11(2)1, 11(3)14, 12(1)1, 12(3)15, 13(3)21, 13(3)25, 13(4)32, 15(2)7, 15(2)10, 16(1)4, 18(1)1, 18(3)9
typically, 2(1)65, 12(3)14, 15(4)16, 16(2)8
understand, 13(4)40
use, 2(1)3, 2(1)105, 2(2)138, 2(2)177, 2(3)230, 2(3)269, 2(3)332, 2(4)354, 2(4)390, 4(2)103, 7(1)21, 9(4)391, 9(4)421, 9(4)461, 10(1)4, 10(2)5, 10(3)11, 10(4)1, 10(4)3, 10(4)6, 11(1)2, 11(1)3, 11(1)4, 11(2)1, 11(2)4, 11(3)13, 11(3)14, 11(4)18, 11(4)19, 11(4)21, 11(4)22, 12(2)10, 12(3)16, 12(3)18, 13(3)22, 13(3)24, 13(3)25, 13(4)29, 13(4)31, 13(4)36, 14(1)6, 14(1)8, 14(1)10, 14(1)11, 14(4)31, 14(4)32, 15(1)3, 15(1)4, 15(1)5, 15(2)7, 15(3)12, 15(4)15, 15(4)16, 15(4)17, 16(2)8, 16(4)15, 16(4)17, 17(2)5, 17(2)6, 17(2)7, 17(2)8, 17(4)15, 17(4)16, 18(1)1, 18(2)6, 18(3)9, 18(4)14
vulnerable, 10(3)11, 10(4)6, 11(3)15, 11(4)22, 12(2)11, 13(1)10, 13(3)25, 14(3)24, 14(3)27, 15(4)16, 16(4)13, 17(1)4
weak, 1(1)3, 2(3)230, 2(4)390, 15(4)16, 16(4)17, 17(2)7, 18(1)1
where, 2(3)230, 9(4)461, 10(4)4, 10(4)6, 11(3)12, 11(3)13, 11(4)19, 12(1)3, 12(3)15, 12(3)16, 12(4)20, 13(3)20, 13(3)22, 13(4)33, 13(4)37, 14(1)7, 15(2)6, 15(3)12, 15(3)13, 16(1)4, 16(2)5, 17(3)10, 17(4)16, 18(1)2, 18(2)8
whether, 1(1)3, 1(1)26, 10(2)5, 10(4)2, 11(2)3, 11(2)6, 11(3)16, 12(1)1, 12(4)20, 13(3)26, 13(4)40, 14(3)25, 14(4)32, 16(1)3, 16(1)4, 17(1)1, 17(1)2