graphical password authentication

23

Click here to load reader

Upload: abha-nandan

Post on 14-Jan-2015

955 views

Category:

Technology


5 download

DESCRIPTION

note: A slide for any presentation should not contain more than 4-5 sentences but this presentation has more than the requirement.So, i suggest you to edit as per your requirement and to make it more effective, you can add animations as well.

TRANSCRIPT

Page 1: Graphical Password Authentication

GRAPHICAL PASSWORD

AUTHENTICATION

PRESENTED BY-ABHA NANDAN

Page 2: Graphical Password Authentication

OUTLINE/

CONTENTS: Introduction Overview of the Authentication Methods Text Password and drawbacks. Graphical Passwords. The Types Of Graphical Survey:

Recognition Based Techniques Recall Based Techniques

Discussion Advantages Disadvantages

Conclusion

Page 3: Graphical Password Authentication

INTRODUCTION:

Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random-appearing. Instead, they create short, simple, and insecure passwords.

Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure.Using a graphical password, users click on images rather than type alphanumeric characters.

Page 4: Graphical Password Authentication

Until recently computer and network security has been formulated as a technical problem. A key area in security research is authentication, the determination of whether a user should be allowed access to a given system or resource.

Traditionally, alphanumeric passwords have been used for authentication, but they are known to have security and usability problems.Today other methods, including graphical passwords, are possible alternatives.

Page 5: Graphical Password Authentication

What is PASSWORD?

PASSWORD is a secret word or string of characters that is used for

user authentication to prove his identity and gain access

to resources.

-> T H E M O S T C O M M O N L Y U S E D F O R M O F U S E R A U T H E N T I C A T I O N .

- > T H E W E A K E S T L I N K S O F C O M P U T E R S E C U R I T Y S Y S T E M S .

- > T W O C O N F L I C T I N G R E Q U I R E M E N T S O F A L P H A N U M E R I C

P A S S W O R D S :

( 1 ) E A S Y T O R E M E M B E R A N D

( 2 ) H A R D T O G U E S S .

M A N Y P E O P L E T E N D T O I G N O R E T H E S E C O N D R E Q U I R E M E N T

W H I C H L E A D T O W E A K P A S S W O R D S . M A N Y S O L U T I O N S H A V E B E E N

P R O P O S E D . G R A P H I C A L P A S S W O R D I S O N E O F T H E S O L U T I O N S .

Page 6: Graphical Password Authentication

PASSWORDS are used for?

Logging into accounts. Retrieving emails. Accessing applications. Networks. Websites Databases workstations

Page 7: Graphical Password Authentication

OVERVIEW OF THE AUTHENTICATION :

Token based authentication:key cards, band cards, smart card.

Biometric based authentication:Fingerprints, iris scan, facial recognition.

Knowledge based authentication:text-based passwords, picture-based passwordsmost widely used authentication techniques.

Page 8: Graphical Password Authentication

GRAPHICAL PASSWORDS is an authentication system that works by having

the user select from images, in a specific order, presented in a graphical user interface (GUI). For this reason, the graphical-password approach is sometimes called graphical user authentication (GUA).

• Graphical passwords were originally described by BLONDER in 1996.

It can be used in:– web log-in application– ATM machines– mobile devices

Page 9: Graphical Password Authentication

An example of a graphical password uses an image on the screen and lets the user choose a few click points;

these click points are the "password", and the user has to click closely to these points again in order to log in.

Page 10: Graphical Password Authentication

Two Categories Of Graphical Passwords:

Recall Based Techniques:

A user is asked to reproduce something that he created or selected earlier during the registration stage

Recognition Based Techniques:

A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage.

Page 11: Graphical Password Authentication

“PassPoint” Scheme:

User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence. Password Space: N^K

( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on ).

Recall Based Techniques:

Page 12: Graphical Password Authentication

Sobrado and Birget Scheme System display a number of

pass-objects (pre selected by user) among many other objects,user click inside the convex hull bounded by pass-objects.– authors suggested using 1000

objects, which makes the display very crowed and the objects almost indistinguishable.

password space: N!/K! (N-K)!( N-total number of picture

objectsK-number of pre-registered

objects)

Recognition Based Techniques

Page 13: Graphical Password Authentication

Other Schemes

Pass faces..

Using human faces as password.

Difficult to attack.

Select a sequence of images as password

Page 14: Graphical Password Authentication

Commonly used guidelines for alpha-numeric passwords are:

The password should be at least 8 characters long. The password should not be easy to relate to the

user (e.g., last name, birth date). Ideally, the user should combine upper and lower

case letters and digits.

Graphical passwords The password consists of some actions that the user

performs on an image. Such passwords are easier to remember & hard to

guess.

COMPARISION BETWEEN ALPHA-NUMERIC & GRAPHICAL PASSWORDS:

Page 15: Graphical Password Authentication

GRAPHICAL PASSWORDS - WHAT A CONCEPT!

Here you pick several icons to represent the password.

Then when you want to authenticate it, a screen is drawn as a challenge to which you must respond.

The screen has numerous icons, at some of which are your private password icons.

You must locate your icons visually on the screen and click on the screen to the password.

Page 16: Graphical Password Authentication

A S I M P L E G R A P H I C A L PA S S W O R D S C H E M EThe user choose these

regions when he or she created the password . The choice for the four regions is arbitrary, but the user will pick places that he or she finds easy to remember. The user can introduce his/her own pictures for creating graphical passwords. Also, for stronger security, more than four click points could be chosen.

Page 17: Graphical Password Authentication

A D VA N TA G E S O F G R A P H I C A L PA S S W O R D S

Graphical password schemes provide a way of making more human-friendly passwords .

Here the security of the system is very high.

Here we use a series of selectable images on successive screen pages.

Dictionary attacks are infeasible.

Page 18: Graphical Password Authentication

DRAWBACKSPassword registration and log-in process take too long.

Require much more storage space than text based passwords.

Shoulder Surfing: It means watching over people's shoulders as

they process information. Examples include observing the keyboard

as a person types his or her password, enters a PIN number, or views

personal information.Because of their graphic nature, nearly all

graphical password schemes are quite vulnerable to shoulder surfing.

Page 19: Graphical Password Authentication

SOLUTION TO SHOULDER SURFING PROBLEM

(1) TRIANGLE SCHEME

Page 20: Graphical Password Authentication

(2) MOVABLE FRAME SCHEME

Page 21: Graphical Password Authentication

CONCLUSIONGraphical passwords are an alternative to textual

alphanumeric password.

It satisfies both conflicting requirements i.e. it is easy to

remember & it is hard to guess.

By the solution of the shoulder surfing problem, it becomes

more secure & easier password scheme.

By implementing other special geometric configurations

like triangle & movable frame, one can achieve more

security.

Page 22: Graphical Password Authentication

It is more difficult to break graphical passwords using the traditional attack methods such as :

burte force search, dictionary attack or spyware.

Not yet widely used, current graphical password techniques are still immature.

Page 23: Graphical Password Authentication

THANK YOU..