Sosa-Gómez, Guillermo
Thumbnail Image
Preferred name
Sosa-Gómez, Guillermo
Official Name
Sosa Gómez, Guillermo
Alternative Name
gsosag
Main Affiliation
ORCID
Scopus Author ID
57202400202
Researcher ID
ABA-2857-2020

Research Output
Now showing 1 - 6 of 6
No Thumbnail Available
Publication

Analysis of the Number of Sides of Voronoi Polygons in PassPoint

2021 , Lisset Suárez-Plasencia , Joaquín A. Herrera-Macías , Carlos M. Legón-Pérez , Raisa Socorro-LLanes , Rojas, Omar , Sosa-Gómez, Guillermo

View
No Thumbnail Available
Publication

Detection of DIAG and LINE Patterns in PassPoints Graphical Passwords Based on the Maximum Angles of Their Delaunay Triangles

2022 , Lisset Suárez-Plasencia , Joaquín Alberto Herrera-Macías , Carlos Miguel Legón-Pérez , Sosa-Gómez, Guillermo , Rojas, Omar

An alternative authentication method to traditional alphanumeric passwords is graphical password authentication, also known as graphical authentication, for which one of the most valuable cued-recall techniques is PassPoints. This technique stands out for its security and usability. However, it can be violated if the user follows a predefined pattern when selecting the five points in an image as their passwords, such as the DIAG and LINE patterns. Dictionary attacks can be built using these two patterns to compromise graphical passwords. So far, no reports have been found in the state of the art about any test capable of detecting graphical passwords with DIAG or LINE patterns in PassPoints. Studies carried out in other scenarios have shown the effectiveness of the characteristics of Delaunay triangulations in extracting information about the dependence between the points. In this work, graphical passwords formed by five randomly selected points on an image are compared with passwords whose points contain patterns of the DIAG or LINE type. The comparison is based on building for each password its Delaunay triangulation and calculating the mean value of the maximum angles of the triangles obtained; such a mean value is denoted by amadt. It is experimentally shown that in passwords containing DIAG and LINE patterns, the value of amadt is higher than the one obtained in passwords formed by random dots. From this result, it is proposed to use this amadt value as a statistic to build a test of means. This result constitutes the work’s main contribution: The proposal of a spatial randomness test to detect weak graphic passwords that contain DIAG and LINE type patterns. The importance and novelty of this result become evident when two aspects are taken into account: First, these weak passwords can be exploited by attackers to improve the effectiveness of their attacks; second, there are no prior criteria to detect this type of weak password. The practical application of said test contributes to increasing PassPoints security without substantially affecting its efficiency.

View
No Thumbnail Available
Publication

New Test to Detect Clustered Graphical Passwords in Passpoints Based on the Perimeter of the Convex Hull

2024 , Joaquín Alberto Herrera-Macías , Lisset Suárez-Plasencia , Carlos Miguel Legón-Pérez , Sosa-Gómez, Guillermo , Rojas, Omar

This research paper presents a new test based on a novel approach for identifying clustered graphical passwords within the Passpoints scenario. Clustered graphical passwords are considered a weakness of graphical authentication systems, introduced by users during the registration phase, and thus it is necessary to have methods for the detection and prevention of such weaknesses. Graphical authentication methods serve as a viable alternative to the conventional alphanumeric password-based authentication method, which is susceptible to known weaknesses arising from user-generated passwords of this nature. The test proposed in this study is based on estimating the distributions of the perimeter of the convex hull, based on the hypothesis that the perimeter of the convex hull of a set of five clustered points is smaller than the one formed by random points. This convex hull is computed based on the points that users select as passwords within an image measuring 1920 × 1080 pixels, using the built-in function convhull in Matlab R2018a relying on the Qhull algorithm. The test was formulated by choosing the optimal distribution that fits the data from a total of 54 distributions, evaluated using the Kolmogorov–Smirnov, Anderson–Darling, and Chi-squared tests, thus achieving the highest reliability. Evaluating the effectiveness of the proposed test involves estimating type I and II errors, for five levels of significance α∈{0.01,0.02,0.05,0.1,0.2}, by simulating datasets of random and clustered graphical passwords with different levels of clustering. In this study, we compare the effectiveness and efficiency of the proposed test with existing tests from the literature that can detect this type of pattern in Passpoints graphical passwords. Our findings indicate that the new test demonstrates a significant improvement in effectiveness compared to previously published tests. Furthermore, the joint application of the two tests also shows improvement. Depending on the significance level determined by the user or system, the enhancement results in a higher detection rate of clustered passwords, ranging from 0.1% to 8% compared to the most effective previous methods. This improvement leads to a decrease in the estimated probability of committing a type II error. In terms of efficiency, the proposed test outperforms several previous tests; however, it falls short of being the most efficient, using computation time measured in seconds as a metric. It can be concluded that the newly developed test demonstrates the highest effectiveness and the second-highest efficiency level compared to the other tests available in the existing literature for the same purpose. The test was designed to be implemented in graphical authentication systems to prevent users from selecting weak graphical passwords, enhance password strength, and improve system security.

View
No Thumbnail Available
Publication

Test for Detection of Weak Graphic Passwords in Passpoint Based on the Mean Distance between Points

2021 , Joaquín Alberto Herrera-Macías , Carlos Miguel Legón-Pérez , Lisset Suárez-Plasencia , Luis Ramiro Piñeiro-Díaz , Rojas, Omar , Sosa-Gómez, Guillermo

This work demonstrates the ineffectiveness of the Ripley’s K function tests, the distance to the nearest neighbor, and the empty space function in the Graphical Authentication scenario with Passpoint for the detection of non-random graphical passwords. The results obtained show that none of these tests effectively detect non-random graphical passwords; the reason for their failure is attributed to the small sample of the spatial pattern in question, where only the five points of the graphical password are analyzed. Consequently, a test based on mean distances is proposed, whose experiments show that it detects with good efficiency non-random graphical passwords in Passpoint. The test was designed to be included in the Graphical Authentication systems with Passpoint to warn the user about a possibly weak password during the registration phase, and in this way, the security of the system is increased.

View
No Thumbnail Available
Publication

Weak PassPoint Passwords Detected by the Perimeter of Delaunay Triangles

2022 , Lisset Suárez-Plasencia , Carlos Miguel Legón-Pérez , Joaquín Alberto Herrera-Macías , Raisa Socorro-Llanes , Rojas, Omar , Sosa-Gómez, Guillermo , Sridhar Adepu

PassPoint is a graphical authentication technique that is based on the selection of five points in an image. A detected vulnerability lies in the possible existence of a pattern in the points that make up the password. The objective of this work is to detect nonrandom graphical passwords in the PassPoint scenario. A spatial randomness test based on the average of Delaunay triangles’ perimeter is proposed, given the ineffectiveness of the classic tests in this scenario, which only consists of five points. A state-of-the-art of various applications of Voronoi polygons and Delaunay triangulations are presented to detect clustered and regular patterns. The distributions of the averages of the triangles’ perimeters in the PassPoint scenario for various sizes of images are disclosed, which were unknown. The test’s decision criterion was constructed from one of the best distributions to which the data were adjusted. Type I and type II errors were estimated, and it was concluded that the proposed test could detect clustered and regular graphical passwords in PassPoint, therefore being more effective in detecting clustering than regularity.

View
No Thumbnail Available
Publication

Effectiveness of Some Tests of Spatial Randomness in the Detection of Weak Graphical Passwords in Passpoint

2021 , Joaquín A. Herrera-Macías , Lisset Suárez-Plasencia , Carlos M. Legón-Pérez , Luis R. Piñeiro-Díaz , Rojas, Omar , Sosa-Gómez, Guillermo

View