graphical password authentication system
DESCRIPTION
New ieee seminar topic for VTU !TRANSCRIPT
A Graphical Password Authentication System
Presented by:Nishan H Kumar4ES09CS025
Guided by:Ms. Divya Shettigar
Outline
• Introduction• Overview of the Authentication Methods• Graphical Password Scheme: Two Categories– Recognition Based Techniques– Recall Based Techniques
• Working• Proposed System• Conclusion• References
Introduction• How about text-based passwords ?– Difficulty of remembering passwords
• easy to remember -> easy to guess• hard to guess -> hard to remember
– Users tend to write passwords down or use the same passwords for different accounts
• An alternative: Graphical Passwords– Psychological studies: Human can remember pictures
better than text
Overview of the Authentication Methods
• Token based authentication– key cards, bank cards, smart card, …
• Biometric based authentication– Fingerprints, iris scan, facial recognition, …
• Knowledge based authentication– text-based passwords, picture-based passwords, …– most widely used authentication techniques.
Graphical Password Scheme
• Using Pictures as Passwords.• Easy to remember, as humans remember pictures better
than words.• Resistant to brute force attack because the search space
is practically infinite.• Graphical Passwords are classified into two main
categories:- Recognition based techniques.
- Recall based techniques.
Graphical Password: Two categories
Graphical Password: Two categories
• Recognition Based Techniques– A user is presented with a set of images and the user
passes the authentication by recognizing and identifying the images he selected during the registration stage
• Recall Based Techniques– A user is asked to reproduce something that he
created or selected earlier during the registration stage
Recognition Based Techniques
• Dhamija and Perrig SchemePick several pictures out of many choices, identify them later in authentication.
– Using Hash Visualization, which, given a seed, automatically generate a set of pictures– Take longer to create graphicalpasswords
Password Space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)
Recognition Based Techniques
• Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the convex hull bounded by pass-objects.
– Sobrado and Birget suggested using 1000 objects, which makes the display very crowed and the objects almost indistinguishable.
Password Space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)
Recognition Based Techniques
• Other Schemes
Using human faces as password
Select a sequence of images as password
Recall Based Techniques• Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing.
• Redrawing has to touch thesame grids in the same sequence in authentication.
• User studies showed the drawing sequences is hard to Remember.
Recall Based Techniques• “PassPoint” SchemeUser click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order tobe authenticated, user must click within the tolerances incorrect sequence.
• It can be hard to remember the sequences
Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )
Recall Based Techniques
• Other Schemes
Signature Scheme
Working of Graphical Password Authentication Systems
• Registration Phase
• Verification Phase
NEW USER REGISTER
DATABASE
New user registration process.
Enter the username in the username field.
Click on NEW USER REGISTER button
Verifies the username and store into the database
//EXAMPLE:
User Registration Process
How to Select pictures?
There are two ways for selecting an picture for password authentication.
Creating Picture Password
Pictures are selected by the user from the hard disk or any other image supported devices..
PICTURE
User Defined Pictures
Pictures are selected by the user from the database of the password system.
PICTURE
DATABASE
System Defined Pictures
DATABASE
USER DEFINED PICTURE
SYSTEM DEFINED PICTURE
OR
THE PICTURE SELECTED FROM ONE
OF THE SYSTEM
Picture + Gridlines
User click on the point
MESSAGE BOX:
DO YOU WISH TO CONTINUE WITH THIS POINT
YESYES NONO
DATABASE
Point and the image will be stored into database.Now the user can select another image and followsthe same steps above.
Select another point
User with username
DATABASE
User enters the username
Verifies the usernameUsername verification
Checks the usernamein the database
Correct username
Incorrect username
Reenter the username
If username not matched
Generates an message“ username doesn't match ““Please Reenter the username”
Proposed System by Ahmad Almulhem
An example of creating a graphicalpassword using the proposed system
Proposed System by Ahmad Almulhem
Login Screen
Implementation of Proposed System
• The proposed system was implemented using Visual Basic.net 2005 (VB.net). The implementation has three main classes:
• LoginInfo: Contains username, graphical password,and related methods.
• GraphicalPassword: Contains graphical password information and related methods.
• SelReg: Contains fields about selected regions (POIs).
Advantages of Graphical Password Authentication System
•Graphical password schemes provide a way of making more human-friendly passwords .
•Here the security of the system is very high.
• It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.
•Dictionary attacks are infeasible.
Drawbacks of Graphical Password Authentication System
• Password registration and log-in process take too long.
• Require much more storage space than text based passwords.
• Shoulder Surfing: It means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.
Solution to Shoulder Surfing Problem
• Triangle Scheme
(For clarity, this collection contains only a little over 100 objects. Typical screens can fit over 1000.)
Solution to Shoulder Surfing Problem
• Movable Frame Scheme
Conclusion• Main argument for graphical passwords:
People are better at memorizing graphical passwords than text-based passwords.
• It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.
• It is more difficult to break graphical passwords using the traditional attack methods such as burte force method, dictionary attack or spyware.
• Not yet widely used, current graphical password techniques are still immature.
References
[1] A graphical password authentication system, Ahmad Almulhem Computer Engineering DepartmentKing Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia.“www. ieeexplore.ieee.org”
[2] Graphical Passwords: A Survey by Xiaoyuan Suo, Ying Zhu, G. Scott. Owen Department of Computer Science Georgia State University.
[3] L. Sobrado and J.-C. Birget, "Graphical passwords,"The Rutgers Scholar, An Electronic Bulletin forUndergraduate Research, vol. 4, 2002.
[4] Ian Jermyn Aviel D. Rubin “The Design and Analysis of Graphical Passwords”.
ThankThank youyou
QueriesQueries??