Network Security-Overcome Password Hacking Through Graphical Password Authentication

Presented by:SAHIL1511249

OutlineIntroductionOverview of the Authentication MethodsThe surveyRecognition Based TechniquesRecall Based TechniquesDesign and Implementation of Graphical PasswordDiscussionSecurityUsabilityShoulder surfing problem and its solutionAdvantage of Graphical Password over Text based passwordConclusion

IntroductionAuthentication is the process to allow users to confirm his or her identity to a Web application. Human factors are often considered the weakest link in a computer security system. Pointout that there are three major areas where human-computer interaction is important: authentication, security operations, and developing secure systems. Here we focus on the authentication problem.A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied access accordingly.

ContinuedHow about text-based passwords ?Difficulty of remembering passwordseasy to remember -> easy to guesshard to guess -> hard to remember

Users tend to write passwords down or use the same passwords for different accounts

An alternative: Graphical PasswordsPsychological studies: Human can remember pictures better than text

Graphical Password SchemeIf the number of possible pictures is sufficiently large, the possible password space may exceed that of text-based schemes, thus offer better resistance to dictionary attacks.can be used to:workstationweb log-in applicationATM machinesmobile devices

In this paperConduct a comprehensive survey of the existing graphical password techniques

Discuss the strengths and limitations of each method

Point out future research directions

Overview of the Authentication MethodsToken based authenticationkey cards, bank cards, smart card,

Biometric based authenticationFingerprints, iris scan, facial recognition,

Knowledge based authenticationtext-based passwords, picture-based passwords, most widely used authentication techniques

The survey : two categoriesRecognition Based Techniquesa user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage

Recall Based TechniquesA user is asked to reproduce something that he created or selected earlier during the registration stage

Recognition Based TechniquesDhamija and Perrig SchemePick several pictures out of many choices, identify them laterin authentication.

using Hash Visualization, which, given a seed, automatically generate a set of picturestake longer to create graphicalpasswords

password space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)

Recognition Based TechniquesSobrado and Birget Scheme System display a number of pass-objects (pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects.

authors suggested using 1000 objects, which makes the display very crowed and the objects almostindistinguishable.

password space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)

Recognition Based TechniquesOther Schemes

Using human faces as password

Select a sequence of images as password

Recall Based TechniquesDraw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing

redrawing has to touch thesame grids in the same sequence in authenticationuser studies showed the drawing sequences is hard to Remember

Recall Based TechniquesPass Point SchemeUser click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.

can be hard to remember the sequences

Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )

Recall Based TechniquesOther Schemes

Grid Selection SchemeSignature Scheme

Schemes Not In This PaperUsing distorted images to prevent revealing of passwordsUsing images with random tracks of geometric graphical shapes

Design and Implementation of Graphical PasswordTo make sure that this project will be done, a Hardware and Software requirements are needed as follows:The Software needed to develop the new scheme is: 1- Delphi programming language. 2- Microsoft operating system (XP).The Hardware needed to develop the new scheme will have these specifications because the Graphical Password schemes need to deal with pictures or photos which need more memory and storing space where these requirements are:1- PC with high performance processor2- DDR Memory minimum 512MB3- HDD for large data storedFor example we can implement authentication of graphical password method for our college. The interface designed to login to the system for both theexisting user and new user.

Continued

Choosing a password

SecurityIs a graphical password as secure as text-based passwords?text-based passwords have a password space of 94^N (94 number of printable characters, N- length of passwords).

Some graphical password techniques can compete: Draw-A-Secret Scheme, PassPoint Scheme.

Brute force search / Dictionary attacksThe attack programs need to automatically generate accurate mouse motionto imitate human input, which is more difficult compared to text passwords.

Guessing: guessing of graphical passwords is difficult.

UsabilityPictures are easier to remember than text strings

Password registration and log-in process take too long

Require much more storage space than text based passwords

Shoulder Surfing problem and its solutionLike text based passwords, most of the graphical passwords are vulnerable to shoulder surfing. At this point, only a few recognition-based techniques are designed to resist shoulder-surfing . None of the recall-based based techniques are considered shoulder-surfing resistant.To overcome this shoulder surfing problem, we implement a new idea when we move our mouse over the password selection area, then the mouse pointer becomes small dot point and another method is to rearrange the images randomly in the password selection image.so that shoulder surfing problem can be reduced.

Advantage of Graphical Password over Text based password

Graphical passwords may offer better security than text based password because many people in attempt to memorize text based passwords, use plain words(rather than recommended jumble of characters).A dictionary search can often hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selectable images is used on successive screen page, and if there are many images on each page, a hacker must try every possible combination at random.If there are 100 images on each of the 8 pages in a 8-image password, there are 100^8 or 10 quadrillion (10,000,000,000,000,000), possible combinations that could form the graphical password. If the system has the built-in delay of only 0.1 second following the selection of each image until the selection of the next page, it would take millions of years to break into the system by hitting it with random image sequences. Therefore hacking by random combination is impossible.

Conclusionmain argument for graphical passwords: people are better at memorizing graphical passwords than text-based passwords

It is more difficult to break graphical passwords using the traditional attack methods such as:burte force search, dictionary attack or spyware.

Not yet widely used, current graphical password techniques are still immature

Thank you

Queries?