Front. Comput. Sci., 2021, 15(2): 152803 https://doi.org/10.1007/s11704-019-9134-9 On designing an unaided authentication service with threat detection and leakage control for defeating opportunistic adversaries Nilesh CHAKRABORTY 1 , Samrat MONDAL 2 1 College of Computer Science and Software Engineering, Shenzhen University, Shenzhen 518060, China 2 Department of Computer Science, Indian Institute of Technology Patna, Bihar 801106, India c  Higher Education Press 2020 Abstract Unaided authentication services provide the flexi- bility to login without being dependent on any additional de- vice. The power of recording attack resilient unaided authen- tication services (RARUAS) is undeniable as, in some aspects, they are even capable of offering better security than the bio- metric based authentication systems. However, high login com- plexity of these RARUAS makes them far from usable in prac- tice. The adopted information leakage control strategies have often been identified as the primary cause behind such high lo- gin complexities. Though recent proposals have made some sig- nificant efforts in designing a usable RARUAS by reducing its login complexity, most of them have failed to achieve the de- sired usability standard. In this paper, we have introduced a new notion of controlling the information leakage rate. By maintain- ing a good security standard, the introduced idea helps to reduce the login complexity of our proposed mechanism - named as Textual-Graphical Password-based Mechanism or TGPM, by a significant extent. Along with resisting the recording attack, TGPM also achieves a remarkable property of threat detection. To the best of our knowledge, TGPM is the first RARUAS, which can both prevent and detect the activities of the oppor- tunistic recording attackers who can record the complete login activity of a genuine user for a few login sessions. Our study re- veals that TGPM assures much higher session resiliency com- pared to the existing authentication services, having the same or even higher login complexities. Moreover, TGPM stores the password information in a distributed way and thus restricts the adversaries to learn the complete secret from a single com- promised server. A thorough theoretical analysis has been per- formed to prove the strength of our proposal from both the se- curity and usability perspectives. We have also conducted an experimental study to support the theoretical argument made on the usability standard of TGPM. Keywords authentication, recording attack, premature attack, opportunistic adversary, leakage control, threat prevention, threat detection Received April 17, 2019; accepted December 17, 2019 E-mail: nilesh@szu.edu.cn; menilesh_szu@outlook.com 1 Introduction Password-based authentication is one of the simplest forms of authentication techniques as it reduces the human effort by a great extent [1]. Being usable, this factor of authentication has been challenged under different kinds of threats over the times [2,3]. Though most of these threats have been handled success- fully [4,5], there are a few, those are yet to be addressed effi- ciently. Recording attack is one such threat which has a severe impact on the password based authentication technique [6]. 1.1 Threat model Let a genuine user and an adversary be denoted by H and A, respectively. During the registration, it is always assumed that H successfully submits her login credentials to a remote ma- chine, M, in a safe environment. At the time of authentication, H sends her login information to M through a login terminal. To perform the recording attack during the time of authenti- cation by H , A first records the complete authentication ses- sion with the help of some recording devices (e.g., concealed camera). The available recording footages to A include almost everything, e.g., information from the device screen, from the keyboard, mouse, etc. Later, A uses these captured information or login credentials to impersonate the genuine H . This kind of threat is known as observation attack, more precisely, recording attack, on the password-based authentication systems. Handling such threat is particularly difficult as sometimes, biometric-based authen- tication services cannot even provide the adequate security against this threat (e.g., fingerprint of H can also be recorded for impersonation) [7]. The number of allowable recording sessions is one of the key factors that determines A ′ s strength. Considering this fac- tor, the following two categories for A are suggested in this paper where the classification is an influence from the authors’ proposal in [8]. • Type 1 Can capture video of the entire authentication process for once or very few times. • Type 2 Can capture video of the entire authentication