20419613 graphical passwords

7/31/2019 20419613 Graphical Passwords

1/31

Graphical Passwords

Submitted By:Joju P AntonyR7A 41

Guided By :Sindhu Vino


2/31

ContentsIntroduction

Authentication Methods

Requirements Of A Password

Text Based Passwords

Vulnerabilities

An Alternative : Graphical PasswordsTechniques Used For Graphical Password

Recognition Based Techniques

Dhamija And Perrig Scheme

Sobrado And Birget Scheme

Recall Based TechniquesPass Faces

Pass Clicks

Advantages

Disadvantages

References


3/31

Introduction

Now a days, Information Security is the mostdescribing problemInformations stored in the databases are muchprecious for the userTo cop up with the security of theInformations, the passwords were introduced

Thus the password is the benchmark thatchecks the authentication/role of the user inthat database


4/31

Authentication Methods

Token based authenticationKey cards, band cards, smart card,

Biometric based authenticationFingerprints, iris scan, facial recognition,

Knowledge based authentication

Text-based passwords, picture- based passwords, Most widely used authentication techniques


5/31

Requirements of a password

Passwords should be easy to remember

Should be quickly and easily executable

Should be secureShould look random and should be hard toguess

Should be changeable


6/31

Text Based Passwords

What about text-based passwords ?Difficulty of remembering passwords

If easy to remember -> Easy to guess

If hard to guess -> Hard to remember

Users tend to write passwords down or use the

same passwords for different accounts


7/31

Vulnerabilities

Shoulder surfing (watching a user log on as they typetheir password).

Dictionary attacks (using L0phtCrack or Jack theRipper).

User may forget the password if it is too long andcomplicated.


8/31

Contd

Key logging software records all the keystrokesinput from the keyboard and stores it for thehacker to look through and find what could bea password.So the user need to ensure that computersystems are secure which is practicallyinfeasible for an untrained user.


9/31

An alternative: Graphical Passwords

Graphical passwords may be a solution to the textbased password vulnerabilities.

The idea of graphical passwords was pioneered by

Greg Blonder who also holds the US patent 5559961A graphical password is a secret that a human userinputs to a computer with the aid of the computersgraphical input (e.g., mouse, stylus, or touch screen)and output devices.


10/31

Contd

Psychological studies: Human can rememberpictures better than text

Here the user uses visual recollection in orderto gain authentication to a system

Therefore the human factor in securinginformation is limited


11/31

Four techniques used for GraphicalPasswords


Recall Based TechniquesPass Faces

Pass Clicks


12/31

Recognition Based TechniquesA user is presented with a set of images and the user passes

the authentication by recognizing and identifying theimages he selected during the registration stage


13/31


Dhamija and Perrig SchemePick several pictures out of many choices, identify them later

in authentication.

using Hash Visualization, which,iven a seed, automatically

enerate a set of pictures


14/31


Sobrado and Birget Scheme

System display a number of pass-objects (pre-selected byuser) among many other objects, user click inside the convex

hull bounded by pass-objects .Suggested using 1000 objects,

which makes the display

very crowed and the objectsAlmost indistinguishable.


15/31

Recall Based TechniquesA user is asked to reproduce something that he

created or selected earlier during the registration stage


16/31

Recall Based Techniques

Draw-A-Secret (DAS) Scheme : User draws a simple picture ona 2D grid, the coordinates of the grids occupied by the pictureare stored in the order of drawing

Redrawing has to touch the

same grids in the same

sequence in authentication

user studies showed the

drawing sequences is hard toremember


17/31

PASS FACES


18/31

PASS FACES

Passfaces (formerly known as Real UserCorporation) is an information securitytechnology company based in Annapolis,Maryland.Commercial application leverages the brainsinnate cognitive ability to recognize humanfaces.


19/31

PASS FACES


20/31

PASS FACES

Logon Process: Users are asked to pick their assigned Passfaces

from a 3 x 3 grids containing one Passface and 8

decoys. The faces appear in random positions within the

grid each time.

This process is repeated until each of the assignedPassfaces is identified.


21/31

PASS FACES


22/31

PASS CLICK


23/31

PASS CLICK

PassClick Scheme:User click on any place on an

image to create a password.

A tolerance around each chosenpixel is calculated. In order to be

authenticated, user must click

within the tolerances in correct

sequence.


24/31

PASS CLICK


25/31

PASS CLICK

In the above example, the PassClicks are the points that arecircled. The first was the light on the light post, then theheadlight on the streetcar, followed by the middle of the clocktower, the face of the street clock, and the P on the parking

sign.By looking at this picture, you can see that there are anextreme number of places you could set as PassClicks and stillremember where they are.

An individual could easily choose a face, something on theside of a building, or even the dashes on the street.


26/31

Advantages of Graphical Passwords

Human brains can process graphical imageseasily.

Examples include places we visited, faces of people and things we have seen.

Difficult to implement automated attacks(such as dictionary attacks) against graphicalpasswords.


27/31

Disadvantages

Shoulder surfing problem.

(watching a user log on as they type theirpassword).

More storage space required

Hard to implement when compared to textpasswords


28/31

Conclusion

Main argument for graphical passwords:people are better at memorizing graphical passwordsthan text-based passwords

It is more difficult to break graphicalpasswords using the traditional attackmethods such as : brute force search,

dictionary attack or spyware.Not yet widely used, current graphicalpassword techniques are still immature


29/31

References [01] Fabian Monrose and Michael Reiter Chapter 9 - Security and Usability [02] The Graphical Passwords Project Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic),

S.Man (SW Minn. State), S. Wiedenbeck (Drexel) [03] The Graphical Passwords Project

Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic),

S.Man (SW Minn. State), S. Wiedenbeck (Drexel) [04] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [05] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [06] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [07] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [08] A Password Scheme Strongly Resistant to Spyware


30/31


31/31

20419613 graphical passwords

Documents