1. Home
  2. Issues
  3. Volume 33, Issue 2 (2022)
  4. Layered Battleship Game Changer Password ...

Informatica


Layered Battleship Game Changer Password System
Volume 33, Issue 2 (2022), pp. 225–246
Pub. online: 17 June 2022      Type: Research Article      Open accessOpen Access
Received
1 February 2022
Accepted
1 May 2022
Published
17 June 2022

Abstract

The paper presents a secure and usable variant of the Game Changer Password System, first proposed by McLennan, Manning, and Tuft. Unlike the initial proposal based on inadequately secure Monopoly and Chess, we propose an improved version based on a layered “Battleship” game resilient against brute force and dictionary attacks. Since the initially proposed scheme did not check for the memorability and usability of a layered version, we conducted an experiment on the usability and memorability aspects. Surprisingly, layered passwords are just as memorable as single ones and, with an 80% recall rate, comparable to other graphical password systems. The claim that memorability is the most vital aspect of game-based password systems cannot be disproved. However, the experiment revealed that the usability decreased to such a low level that users felt less inclined to use such a system daily or recommend it to others.
Our study has once again shown that optimizing the password security–memorability–usability triangle is hard to achieve without compromising one of its cornerstones. However, the layered Game Changer Password System can be used in specific applications where usability is of secondary importance, while security and memorability augmented by its graphical interface are at the forefront.

References

 
Adama, V.N., Oyefolahan, I.O., Ndunagu, J. (2021). Pure recall-based graphical user authentication schemes: perspectives from a closer look. In: 3rd African Human-Computer Interaction Conference: Inclusiveness and Empowerment. Association for Computing Machinery, Maputo, Mozambique, pp. 141–145.
 
Al-Ameen, M.N., Fatema, K., Wright, M., Scielzo, S. (2015). The impact of cues and user interaction on the memorability of system-assigned recognition-based graphical passwords. In: Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security, 22–24 July 2015. USENIX Association Ottawa, Canada pp. 185–196.
 
Biernacki, P., Waldorf, D. (1981). Snowball sampling: problems and techniques of chain referral sampling. Sociological Methods & Research, 10(2), 141–163.
 
Bošnjak, L., Brumen, B. (2020). Shoulder surfing experiments: a systematic literature review. Computers & Security, 99, 102023.
 
Brumen, B. (2019). Security analysis of game changer password system. International Journal of Human – Computer Studies, 126, 44–52.
 
Brumen, B., Taneski, V. (2015). Moore’s curse on textual passwords. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE, Opatija, Croatia.
 
Constantinides, A. Fidas, C., Belk, M., Pietron, A.M., Han, T., Pitsillides, A. (2021). From hot-spots towards experience-spots: leveraging on users’ sociocultural experiences to enhance security in cued-recall graphical authentication. International Journal of Human-Computer Studies, 149, 102602.
 
Demaine, E.D. (2001). Playing games with algorithms: algorithmic combinatorial game theory. In: Mathematical Foundations of Computer Science 2001, Springer Berlin Heidelberg.
 
Grassi, P.A., Fenton, J.L., Newton, E.M., Perlner, R.A., Regenscheid, A.R., Burr, W.E., Richer, J.P. (2017). NIST Special Publication 800-63B. Digital Identity Guidelines. Authentication and Lifecycle Management. National Institute of Standards and Technology, Gaithersburg, MD, USA.
 
Heckathorn, D.D. (2002). Respondent-driven sampling II: deriving valid population estimates from chain-referral samples of hidden populations. Social Problems, 49(1), 11–34.
 
Kiesel, J., Stein, B., Lucks, S. (2017). A large-scale analysis of the mnemonic password advice. In: Proceedings of NDSS, 26 February–1 March 2017. Internet Society, San Diego, CA, USA.
 
Larriba, A.M. Cerdà i Cucó, A., Sempere, J.M., López, D. (2021). Distributed trust, a blockchain election scheme. Informatica, 32(2), 321–355.
 
Lugo, M. (2009). Battleship Permutations. Available from: https://mathoverflow.net/questions/8374/battleship-permutations. Archived at http://archive.vn/wip/Rtvn7.
 
McLennan, C.T., Manning, P., Tuft, S.E. (2017). An evaluation of the game changer password system: a new approach to password security. International Journal of Human-Computer Studies, 100, 1–17.
 
Moser, M.-B., Rowland, D.C., Moser, E.I. (2015). Place cells, grid cells, and memory. Cold Spring Harbor Perspectives in Biology, 7(2).
 
Norman, T.L. (2014). Integrated Security Systems Design: A Complete Reference for Building Enterprise-wide Digital Security Systems. Butterworth-Heinemann.
 
Nizamani, S.Z. Hassan, S.R., Shaikh, R.A., Abozinadah, E.A., Mehmood, R. (2021). A novel hybrid textual-graphical authentication scheme with better security, memorability, and usability. IEEE Access, 9, 51294–51312.
 
Raptis, G.E., Katsini, C., Jian-Lan Cen, A., Arachchilage, N.A., Nacke, L. (2021). Better, funner, stronger: a gameful approach to nudge people into making less predictable graphical password choices. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery.
 
Sevenster, M. (2004). Battleships as decision problem. ICGA Journal, 27(3), 142–149.
 
Stobert, E., Biddle, R. (2013). Memory retrieval and graphical passwords. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, Newcastle, United Kingdom, July 24–26, 2013. Association for Computing Machinery.
 
SURS (2020). Socioeconomic characteristics of the population, Slovenia. Available from: https://www.stat.si/StatWeb/en/News/Index/9263.
 
Tao, H., Adams, C. (2008). Pass-Go: a proposal to improve the usability of graphical passwords. International Journal of Network Security, 7(2), 273–292.
 
Thielemann, H. (2016). Battleship combinatorics: compute number of possible arrangements in the battleship game. Available from: https://hub.darcs.net/thielema/battleship-combinatorics/. Archived at: http://www.webcitation.org/728inn2Nq.
 
Thorpe, J., van Oorschot, P.C. (2007). Human-seeded attacks and exploiting hot-spots in graphical passwords. In: SS’07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, Boston, MA, August 06–10. USENIX Association.
 
Vu, K.-P.L., Proctor, R.W., Bhargav-Spantzel, A., Tai, B.-L., Cook, J., Schultz, E.E. (2007). Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies, 65(8), 744–757.
 
Woods, N., Siponen, M. (2019). Improving password memorability, while not inconveniencing the user. International Journal of Human-Computer Studies, 128, 61–71.
 
Zhu, Y., Gurary, J., Corser, G., Oluoch, J., Alnahash, N., Fu, H., Tang, J. (2018). CMAPS: a chess-based multi-facet password scheme for mobile devices. IEEE Access, 6, 54795–54810.

Biographies

Brumen Boštjan
https://orcid.org/0000-0002-0560-1230
bostjan.brumen@uni-mb.si

B. Brumen received his PhD in computer science from University of Maribor, Slovenia, in 2004. From 2004 he held is an associate professor of computer science. He served two terms as a university secretary general (provost) from 2004 to 2011. Dr. Brumen (co)authored more than 300 scientific and professional works, several of them published in world-renown journals and conference proceedings, including top-ranking journals. His primary research areas are data processing, machine learning algorithms, data security, and privacy.

Crepulja Darko

D. Crepulja is a master of computer science, working as a project manager at Metronik Ltd (Slovenia), specializing in automation and digitalization of industry processes. He is also consulting on digitalization and automation.

Bošnjak Leon
https://orcid.org/0000-0001-6754-4967

L. Bošnjak received his PhD in computer science from University of Maribor, Slovenia, in 2022. His research are is in computer security and his work is focused on security of passwords. Dr. Bošnjak is a young researcher and has published his works in high ranking journals.


Full article Related articles PDF XML
Full article Related articles PDF XML

Copyright
© 2022 Vilnius University
Open access article under the CC BY license.

Keywords
security authentication passwords graphical passwords cryptanalysis games memory memorability usability

Funding
The author acknowledges the financial support from the Slovenian Research Agency (research core funding No. P2-0057) and the University of Maribor (http://www.um.si,corefunding).

Metrics
since January 2020
781

Article info
views

525

Full article
views

409

PDF
downloads

136

XML
downloads


Share


RSS