This action might not be possible to undo. Are you sure you want to continue?
Joju P Antony R7A 41
Introduction Authentication Methods Requirements Of A Password Text Based Passwords Vulnerabilities An Alternative : Graphical Passwords Techniques Used For Graphical Password Recognition Based Techniques Dhamija And Perrig Scheme Sobrado And Birget Scheme Recall Based Techniques Pass Faces Pass Clicks Advantages Disadvantages References
Now a days, Information Security is the most describing problem Informations stored in the databases are much precious for the user To cop up with the security of the Informations, the passwords were introduced Thus the password is the benchmark that checks the authentication/role of the user in that database
Token based authentication
Key cards, band cards, smart card, …
Biometric based authentication
Fingerprints, iris scan, facial recognition, …
Knowledge based authentication
Text-based passwords, picture-based passwords, … Most widely used authentication techniques
Requirements of a password
Passwords should be easy to remember Should be quickly and easily executable Should be secure Should look random and should be hard to guess Should be changeable
Text Based Passwords
What about text-based passwords ?
Difficulty of remembering passwords
If easy to remember -> Easy to guess If hard to guess -> Hard to remember
Users tend to write passwords down or use the same passwords for different accounts
Shoulder surfing (watching a user log on as they type their password). Dictionary attacks (using L0phtCrack or Jack the Ripper). User may forget the password if it is too long and complicated.
Key logging software records all the keystrokes input from the keyboard and stores it for the hacker to look through and find what could be a password. So the user need to ensure that computer systems are secure which is practically infeasible for an untrained user.
An alternative: Graphical Passwords
Graphical passwords may be a solution to the text based password vulnerabilities. The idea of graphical passwords was pioneered by Greg Blonder who also holds the US patent 5559961 A graphical password is a secret that a human user inputs to a computer with the aid of the computers’ graphical input (e.g., mouse, stylus, or touch screen) and output devices.
Psychological studies: Human can remember pictures better than text Here the user uses visual recollection in order to gain authentication to a system Therefore the human factor in securing information is limited
Four techniques used for Graphical Passwords
Recognition Based Techniques Recall Based Techniques Pass Faces Pass Clicks
Recognition Based A user Techniques is presented with a set of images and the
user passes the authentication by recognizing and identifying the images he selected during the registration stage
Recognition Based Techniques
Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later in authentication. using Hash Visualization, which, given a seed, automatically generate a set of pictures
Recognition Based Techniques
Sobrado and Birget Scheme
System display a number of pass-objects (preselected by user) among many other objects, user click inside the convex hull bounded by passobjects. Suggested using 1000 objects, which makes the display very crowed and the objects Almost indistinguishable.
Recall Based Techniques
A user is asked to reproduce something that he created or selected earlier during the registration stage
Recall Based Techniques
Draw-A-Secret (DAS) Scheme : User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing Redrawing has to touch the same grids in the same sequence in authentication user studies showed the drawing sequences is hard to remember
Passfaces (formerly known as Real User Corporation) is an information security technology company based in Annapolis, Maryland. Commercial application leverages the brain’s innate cognitive ability to recognize human faces.
– Users are asked to pick their assigned Passfaces from a 3 x 3 grids containing one Passface and 8 decoys. – The faces appear in random positions within the grid each time. – This process is repeated until each of the assigned Passfaces is identified.
User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.
In the above example, the PassClicks are the points that are circled. The first was the light on the light post, then the headlight on the streetcar, followed by the middle of the clock tower, the face of the street clock, and the P on the parking sign. By looking at this picture, you can see that there are an extreme number of places you could set as PassClicks and still remember where they are. An individual could easily choose a face, something on the side of a building, or even the dashes on the street.
Advantages of Graphical Passwords
Human brains can process graphical images easily. Examples include places we visited, faces of people and things we have seen. Difficult to implement automated attacks (such as dictionary attacks) against graphical passwords.
Shoulder surfing problem.
(watching a user log on as they type their password).
More storage space required Hard to implement when compared to text passwords
Main argument for graphical passwords:
people are better at memorizing graphical passwords than text-based passwords
It is more difficult to break graphical passwords using the traditional attack methods such as : brute force search, dictionary attack or spyware. Not yet widely used, current graphical password techniques are
• • • • • • • • • • • • • • • • • • • • •  Fabian Monrose and Michael Reiter Chapter 9 - Security and Usability  The Graphical Passwords Project Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic), S.Man (SW Minn. State), S. Wiedenbeck (Drexel)  The Graphical Passwords Project Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic), S.Man (SW Minn. State), S. Wiedenbeck (Drexel)  Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University  Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University  Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University  Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University  A Password Scheme Strongly Resistant to Spyware