A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications
Knowledge-based authentication techniques remain one of the proven ways of maintaining confidentiality, ensuring integrity, and guaranteeing the availability of an information system. They employ what a user knows (Passwords or PINs) to authorize or grant access to an information system. While passw...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10762890/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846150390136963072 |
|---|---|
| author | Jiaming Gong Oluwatobi Noah Akande Chia-Chen Lin Saurabh Agarwal |
| author_facet | Jiaming Gong Oluwatobi Noah Akande Chia-Chen Lin Saurabh Agarwal |
| author_sort | Jiaming Gong |
| collection | DOAJ |
| description | Knowledge-based authentication techniques remain one of the proven ways of maintaining confidentiality, ensuring integrity, and guaranteeing the availability of an information system. They employ what a user knows (Passwords or PINs) to authorize or grant access to an information system. While passwords employ a fixed combination of characters, Personal Identification Numbers (PINs) are majorly numbers. Existing implementations of these authentication techniques involve the repetitive use of static passwords and PINs at every login instance. These have been exposed to various attacks, such as keyloggers, shoulder surfing, brute force, and dictionary attacks. To overcome these attacks, this study presents an authentication technique where users’ PINs are incremented during successive login attempts. Users are expected to choose a preferred incremental factor, which can be any number they can remember, that will be added to the default 6-digit PIN to produce a dynamic PIN that can be used in subsequent login sessions. Furthermore, an additional layer of security that involves the use of a dynamic 4 by 4 graphical grid was integrated into the proposed incremented PIN technique. At every login session, users are presented with a set of 16 possible PINs to choose from. The security analysis of the proposed authentication technique revealed that the proposed technique could resist existing password attacks, thereby enhancing security. A performance testing and usability analysis was also carried out among 1145 individuals who interacted with the web application that uses the incremental authentication technique. The questionnaire items were structured based on the constructs of the Unified Theory of Acceptance and Use of Technology (UTAUT) Model. Statistical analysis of the responses received showed an appreciable level of acceptance in terms of performance expectancy, effort expectancy, social influence, and facilitating conditions. The positive user acceptance results provide reassurance about the practicality and effectiveness of the proposed technique. It is believed that the proposed incremental graphical grid authentication technique will further enhance the security of our growing mobile and web applications. |
| format | Article |
| id | doaj-art-542c55e7e3bc43ff8731560b4d60baa0 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-542c55e7e3bc43ff8731560b4d60baa02024-11-29T00:01:33ZengIEEEIEEE Access2169-35362024-01-011217483117484910.1109/ACCESS.2024.350363710762890A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web ApplicationsJiaming Gong0https://orcid.org/0009-0001-4505-7890Oluwatobi Noah Akande1https://orcid.org/0000-0002-4940-5709Chia-Chen Lin2https://orcid.org/0000-0003-4480-7351Saurabh Agarwal3https://orcid.org/0000-0003-3836-2595School of Economics and Management, Beijing Forestry University, Beijing, ChinaDepartment of Computer Science, Baze University, Abuja, NigeriaDepartment of Computer Science and Information Engineering, National Chin-Yi University of Technology, Taichung, TaiwanDepartment of Information and Communication Engineering, Yeungnam University, Gyeongsan, Republic of KoreaKnowledge-based authentication techniques remain one of the proven ways of maintaining confidentiality, ensuring integrity, and guaranteeing the availability of an information system. They employ what a user knows (Passwords or PINs) to authorize or grant access to an information system. While passwords employ a fixed combination of characters, Personal Identification Numbers (PINs) are majorly numbers. Existing implementations of these authentication techniques involve the repetitive use of static passwords and PINs at every login instance. These have been exposed to various attacks, such as keyloggers, shoulder surfing, brute force, and dictionary attacks. To overcome these attacks, this study presents an authentication technique where users’ PINs are incremented during successive login attempts. Users are expected to choose a preferred incremental factor, which can be any number they can remember, that will be added to the default 6-digit PIN to produce a dynamic PIN that can be used in subsequent login sessions. Furthermore, an additional layer of security that involves the use of a dynamic 4 by 4 graphical grid was integrated into the proposed incremented PIN technique. At every login session, users are presented with a set of 16 possible PINs to choose from. The security analysis of the proposed authentication technique revealed that the proposed technique could resist existing password attacks, thereby enhancing security. A performance testing and usability analysis was also carried out among 1145 individuals who interacted with the web application that uses the incremental authentication technique. The questionnaire items were structured based on the constructs of the Unified Theory of Acceptance and Use of Technology (UTAUT) Model. Statistical analysis of the responses received showed an appreciable level of acceptance in terms of performance expectancy, effort expectancy, social influence, and facilitating conditions. The positive user acceptance results provide reassurance about the practicality and effectiveness of the proposed technique. It is believed that the proposed incremental graphical grid authentication technique will further enhance the security of our growing mobile and web applications.https://ieeexplore.ieee.org/document/10762890/Authentication techniquesinformation securitypersonal identification numberUTAUT model |
| spellingShingle | Jiaming Gong Oluwatobi Noah Akande Chia-Chen Lin Saurabh Agarwal A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications IEEE Access Authentication techniques information security personal identification number UTAUT model |
| title | A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications |
| title_full | A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications |
| title_fullStr | A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications |
| title_full_unstemmed | A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications |
| title_short | A Dynamic and Incremental Graphical Grid Authentication Technique for Mobile and Web Applications |
| title_sort | dynamic and incremental graphical grid authentication technique for mobile and web applications |
| topic | Authentication techniques information security personal identification number UTAUT model |
| url | https://ieeexplore.ieee.org/document/10762890/ |
| work_keys_str_mv | AT jiaminggong adynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT oluwatobinoahakande adynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT chiachenlin adynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT saurabhagarwal adynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT jiaminggong dynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT oluwatobinoahakande dynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT chiachenlin dynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications AT saurabhagarwal dynamicandincrementalgraphicalgridauthenticationtechniqueformobileandwebapplications |