Network Security:-Overcome Password Hacking Through

GRAPHICAL PASSWORD AUTHENTICATION

PRESENTED BY , R RIJIN VARGHESE 08,S7

OVERVIEW
Introduction Authentication Method Token based Authentication Biometric based Authentication Knowledge based Authentication Security issues and implementation issues Advantage Conclusion Future work References

INTRODUCTION
What is password? What is graphical password?

Use picture as password.

Why use graphical password?

Human can remember pictures better than text Text based passwords have many problems
4

Shortcomings of Text-Based Authentication

precise recall of the secret information they are easy to write down and to share with others Tends to pick passwords easily guessable Hard passwords :- Difficult to remember

Authentication Methods
Token based authentication Biometric based authentication Knowledge based

Text based Graphical password

Recognition based Recall based

Image Points Selection

Image Points Confirmation

Login by Selecting Appropriate Image Points

STEPS INVOLVED IN GRAPHICAL PASSWORD AUTHENTICATION METHOD

Recognition Based Passwords

User is presented with a set of images and the user passes the authentication by recognizing and identifying the images he or she selected during the registration stage Types :

Random Art Technique PassFaces PassObjects

Recognition Based Contd

Random Art Technique

Based on HashVisualisation Identify the prepreselected images to be authenticated Log in process can be slow Random art may not be easy to remember over long term
9

Recognition Based Contd

PassFace
Real User Corporation recall human faces easier than other pictures. very memorable over long intervals, the failure rate is smaller. smaller. LogLog-in process is slow.
10

Recognition Based Contd

PassObjects
Sobrado and Birget, 2002 Password space is relatively small Large number of pictures, could be very crowded Search for target objects can be tedious
11

Recall Based Approaches

Basic idea A user is asked to reproduce something that he or she created or selected earlier during the registration stage Two sub-categories subRepeat a drawing Repeat a sequence of actions

12

Repeat a drawing

Recall Based Contd

Draw - a - secret (DAS)

Draw a simple picture on a 2D grid Authenticate if the drawing touches the same grids in the same sequence Larger password space than text password People are less likely to recall the order

14

Recall Based Contd

Draw Signature
Users draw their signature with mouse Everyone remembers his/her signature and it is hard to fake. Reliability issues

15

Repeat a sequence of actions

Recall Based Contd

PassLogix
Click on various items in the image in the correct sequence to be authenticated The image can assist users to recall their passwords More convenient than unassisted recalls

17

Recall Based Contd

PassPoint
Wiedenbeck, et al. 2005 User click on any place in an image to create a password. more difficulties learning the graphical password, and took more time to input their passwords than the alphanumerical users.
18

Security Issues
Very little study in the security issues of graphical passwords Is graphical password as secure as texttextbased password? - brute force search - dictionary attacks - guessing - spyware (e.g. mouse logger) - shoulder surfing
19

Usability Issues
Are graphical passwords really easier to remember than the text based passwords?
studies mainly support the recognition based graphical password yet to find strong support for recall based graphical password Compare with what types of text based password? Most user studies are short term studies. We need long term studies.

20

Implementation
Touchscreen Android mobile phone handsets have userdefined patterns to unlock the screen after a period of inactivity, users trace a pattern over a grid of nine dots with their finger.

Conclusion
alternatives to text based password and biometric authentications difficult to break graphical passwords using the traditional attack very little research on the security issues of graphical passwords User studies are still very limited

22

Future work
Graphical Password logon is available for Windows 8 ,a system logon mode, prepares for the complete touch operation. codes are similar to the graphical codes of Android.
23

REFERENCES
1] Network Security-Overcome Password Hacking Through Graphical Password Authentication M.ArunPrakash#1, T.R.Gokul#2 #1,2Department of Information Technology, Thiagarajar College of Engineering, Madurai, Tamil Nadu, India [2] Adams and M. A. Sasse, "Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures," Communications of the ACM, vol. 42, pp. 41-46, 2005 [3] ATTNEAVE, F. 1955. Symmetry, Information and Memory Patterns. American Journal of Psychology 68, 209-222. [4] BIRGET, J., HONG, D., AND MEMON, N. 2003. Robust discretization, with an application to graphical passwords.Cryptology ePrint Archive, Report 2003/168. http://eprint.iacr.org/2003/168, last accessed on Jan 29, 2006. [5] BLONDER, G. 1996. Graphical passwords. United States Patent 5559961. [6] BOWER, G. H., KARLIN, M. B., AND DUECK, A. 1975. Comprehension and memory for pictures. Memory and Cognition 3, 216-220. [7] BROSTOFF, S. AND SASSE, M. A. 2000. Are PassfacesTM more usable than passwords? A field trial investigation. In Proceedings of Human Computer Interaction, pages 405 424, 2000. [8] DAVIS, D., MONROSE, F., AND REITER, M. K. 2004. On User Choice in Graphical Password Schemes. In Proceedings of the 13th USENIX Security Symposium. 151-164. [9] DHAMIJA, R. AND PERRIG, A. 2000. Dj Vu: A User Study Using Images for Authentication. In Proceedings of the 9th USENIX Security Symposium. [10] FELDMEIER, D. AND KARN, P. 1989. UNIX password security-Ten years later. In Proceedings of the 19th International Conference on Advances in Cryptology (CRYPTO '89). Lecture [12] L. D. Paulson, "Taking a Graphical Approach to the Password," Computer, vol. 35, pp. 19, 2002. [13] sfr, "www.viskey.com/tech.html," last accessed in June 2011 [14] S. Patrick, A. C. Long, and S. Flinn, "HCI and Security Systems," presented at CHI, Extended Abstracts (Workshops). Ft. Lauderdale, Florida, USA., 2007.
[