User:Md Sayfullah Al Noman Ranak/sandbox

VAP (vibration & pattern code) is a sense based graphical password input scheme developed by Dr. Saiful Azad, MSAN Ranak, Dr. Musfiq Rahman, BMFK Ruhee, NN Nisa, N Kabir, and published in a journal, Computers & Electrical Engineering, 59, 99-109, Elsevier in 2017.

Overview
In recent  time  when  consumers  around  the  globe  are  embracing  smart  devices  in  a  greater  ratio due to their recent advancements and their appealing applications; they are also turning into a point of attraction to the attackers who endeavor passionately to breach the security. As a result, a considerable amount of attacks is noted on these devices in the recent past; and hence, to combat with these attacks, many password-based authentication schemes are proposed. Amidst them, graphical password scheme is more compatible for the smart devices due to their heavily graphic-oriented nature. However, existing graphical password mechanisms suffer from various attacks, e.g., shoulder surfing, smudge attack, intersection attack, reflection attack, and  so  on. This new sense based graphical password  scheme,  namely Vibration-and-Pattern  (VAP) code  offers  protection  against  most  of these well-known attacks.

Related Works
The

graphical password scheme could be broadly classified into four main categories : i) recognition based  scheme, ii)  pure-recall  based  scheme, iii)  cued-recall  based  scheme, and iv) hybrid scheme.

In the recognition based scheme, the authentication system compares recently selected images or icons with saved images or icons, and unlocks the device when they are matched. Such graphical password is proposed in, called D ́ej`a vu, where, a non-expressible abstract image is chosen to produce  a  hash  value  over  simple  photograph,  since  the  latter  produces  a  larger  hash  value (greater  than  simple  text). However, one  of  the  major  limitations  of  this  scheme  is  that  due  to employing non-expressible abstract image, the people with weak vision experience difficulty in memorizing  the  sequence. Moreover, it  is  also  vulnerable  to  shoulder  surfing,  and  social engineering attacks.

Unlike the recognition based scheme, a user has to repeat a pre-registered drawing in pure recall based scheme,  which  is  also  known  as  a  drawn  metric  system. The Syukri is  one  such  scheme which  was  proposed  in  1998 ,  where  authentication  is  performed  by  drawing  a  signature using a mouse. Although, this scheme is easy to remember and difficult to fake, nonetheless, due to the  unconventional  input  method  and/or  requirement  of  costly  hardware,  deject  the  users  to embrace   this   scheme. In.

In the  cued-recall  based  graphical  password,  which  is  also  known  as  econometric  system/click-based graphical password, a user can unlock a device by tapping multiple pre-selected points. This scheme is easier than recalling something entirely from the memory, but harder than simply recognizing an  image,  whether  it  has  been  seen  before  or  not. This type  of  graphical  password was  introduced  by  Greg  E.  Blonder  in  1996,  through  an  authentication  scheme,  called  blonder scheme  [24]. In this  scheme,  a  pre selected  image  is  displayed  on  the  screen,  and  a  user  has  to tap one or more specific tap regions on the image in a specific order to prove the authenticity.

There is a couple of graphical password schemes proposed, which combines multiple schemes and could be classified as hybrid. The knock code which is embedded in the current LG devices is one  such  scheme. `A la  pure-and  cued-recall  based  system,  it  utilizes  a  2×2  grid,  and knock/tap,  respectively. Although, it is  partially  resilient  against smudge  attack;  however,  it  is unable to tackle shoulder surfing attack.

Proposed Schemes
Here a  new  graphical  password  scheme,  which  employs  the  existing vibration  technique  in  conjunction  with  a  suitable  pattern  locking  system  to  ensure  higher security for smart devices by allowing a larger password space, and resilience against most major attacks.

The details of the proposed graphical password scheme are segmented into four subsections for better understanding.