Google Map-based Password Authentication Systems Using Tolerant Distance and Homomorphic Encryption

Passwords are widely used for authentication in Internet applications. Recently, users tend to adopt graphical passwords instead of traditional alphanumeric passwords, since it is much easier for humans to remember images than verbal representations. However, the existing graphical password authentication systems generally suffer from three main issues. 1) It is required to remember and perform complicated operations during the registration/login phases, which significantly limits the systems' usability; 2) The users' passwords are simply stored as plaintexts in servers, and thus the security is compromised; 3) The users need to register/login to each server separately when they are applied in multi-server environment. To address the above issues, we propose a user-friendly and secure Google map-based graphical password (FS-GMGP) system using tolerant distance and homomorphic encryption. By using a homomorphic encryption scheme, each user encrypts his password point and response point selected on Google map, while the servers compute and decrypt the distance between the two encrypted points and then compare the resulting value with a tolerant distance for authentication. Moreover, the FS-GMGP system is extended for multi-server environment. The evaluation results and security analysis show that the FS-GMGP and its extended version achieve desirable usability and security in single-server environment and multi-server environment, respectively