7/31/2019 20419613 Graphical Passwords
1/31
Graphical Passwords
Submitted By:Joju P AntonyR7A 41
Guided By :Sindhu Vino
7/31/2019 20419613 Graphical Passwords
2/31
ContentsIntroduction
Authentication Methods
Requirements Of A Password
Text Based Passwords
Vulnerabilities
An Alternative : Graphical PasswordsTechniques Used For Graphical Password
Recognition Based Techniques
Dhamija And Perrig Scheme
Sobrado And Birget Scheme
Recall Based TechniquesPass Faces
Pass Clicks
Advantages
Disadvantages
References
7/31/2019 20419613 Graphical Passwords
3/31
Introduction
Now a days, Information Security is the mostdescribing problemInformations stored in the databases are muchprecious for the userTo cop up with the security of theInformations, the passwords were introduced
Thus the password is the benchmark thatchecks the authentication/role of the user inthat database
7/31/2019 20419613 Graphical Passwords
4/31
Authentication Methods
Token based authenticationKey cards, band cards, smart card,
Biometric based authenticationFingerprints, iris scan, facial recognition,
Knowledge based authentication
Text-based passwords, picture- based passwords, Most widely used authentication techniques
7/31/2019 20419613 Graphical Passwords
5/31
Requirements of a password
Passwords should be easy to remember
Should be quickly and easily executable
Should be secureShould look random and should be hard toguess
Should be changeable
7/31/2019 20419613 Graphical Passwords
6/31
Text Based Passwords
What about text-based passwords ?Difficulty of remembering passwords
If easy to remember -> Easy to guess
If hard to guess -> Hard to remember
Users tend to write passwords down or use the
same passwords for different accounts
7/31/2019 20419613 Graphical Passwords
7/31
Vulnerabilities
Shoulder surfing (watching a user log on as they typetheir password).
Dictionary attacks (using L0phtCrack or Jack theRipper).
User may forget the password if it is too long andcomplicated.
7/31/2019 20419613 Graphical Passwords
8/31
Contd
Key logging software records all the keystrokesinput from the keyboard and stores it for thehacker to look through and find what could bea password.So the user need to ensure that computersystems are secure which is practicallyinfeasible for an untrained user.
7/31/2019 20419613 Graphical Passwords
9/31
An alternative: Graphical Passwords
Graphical passwords may be a solution to the textbased password vulnerabilities.
The idea of graphical passwords was pioneered by
Greg Blonder who also holds the US patent 5559961A graphical password is a secret that a human userinputs to a computer with the aid of the computersgraphical input (e.g., mouse, stylus, or touch screen)and output devices.
7/31/2019 20419613 Graphical Passwords
10/31
Contd
Psychological studies: Human can rememberpictures better than text
Here the user uses visual recollection in orderto gain authentication to a system
Therefore the human factor in securinginformation is limited
7/31/2019 20419613 Graphical Passwords
11/31
Four techniques used for GraphicalPasswords
Recognition Based Techniques
Recall Based TechniquesPass Faces
Pass Clicks
7/31/2019 20419613 Graphical Passwords
12/31
Recognition Based TechniquesA user is presented with a set of images and the user passes
the authentication by recognizing and identifying theimages he selected during the registration stage
7/31/2019 20419613 Graphical Passwords
13/31
Recognition Based Techniques
Dhamija and Perrig SchemePick several pictures out of many choices, identify them later
in authentication.
using Hash Visualization, which,iven a seed, automatically
enerate a set of pictures
7/31/2019 20419613 Graphical Passwords
14/31
Recognition Based Techniques
Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected byuser) among many other objects, user click inside the convex
hull bounded by pass-objects .Suggested using 1000 objects,
which makes the display
very crowed and the objectsAlmost indistinguishable.
7/31/2019 20419613 Graphical Passwords
15/31
Recall Based TechniquesA user is asked to reproduce something that he
created or selected earlier during the registration stage
7/31/2019 20419613 Graphical Passwords
16/31
Recall Based Techniques
Draw-A-Secret (DAS) Scheme : User draws a simple picture ona 2D grid, the coordinates of the grids occupied by the pictureare stored in the order of drawing
Redrawing has to touch the
same grids in the same
sequence in authentication
user studies showed the
drawing sequences is hard toremember
7/31/2019 20419613 Graphical Passwords
17/31
PASS FACES
7/31/2019 20419613 Graphical Passwords
18/31
PASS FACES
Passfaces (formerly known as Real UserCorporation) is an information securitytechnology company based in Annapolis,Maryland.Commercial application leverages the brainsinnate cognitive ability to recognize humanfaces.
7/31/2019 20419613 Graphical Passwords
19/31
PASS FACES
7/31/2019 20419613 Graphical Passwords
20/31
PASS FACES
Logon Process: Users are asked to pick their assigned Passfaces
from a 3 x 3 grids containing one Passface and 8
decoys. The faces appear in random positions within the
grid each time.
This process is repeated until each of the assignedPassfaces is identified.
7/31/2019 20419613 Graphical Passwords
21/31
PASS FACES
7/31/2019 20419613 Graphical Passwords
22/31
PASS CLICK
7/31/2019 20419613 Graphical Passwords
23/31
PASS CLICK
PassClick Scheme:User click on any place on an
image to create a password.
A tolerance around each chosenpixel is calculated. In order to be
authenticated, user must click
within the tolerances in correct
sequence.
7/31/2019 20419613 Graphical Passwords
24/31
PASS CLICK
7/31/2019 20419613 Graphical Passwords
25/31
PASS CLICK
In the above example, the PassClicks are the points that arecircled. The first was the light on the light post, then theheadlight on the streetcar, followed by the middle of the clocktower, the face of the street clock, and the P on the parking
sign.By looking at this picture, you can see that there are anextreme number of places you could set as PassClicks and stillremember where they are.
An individual could easily choose a face, something on theside of a building, or even the dashes on the street.
7/31/2019 20419613 Graphical Passwords
26/31
Advantages of Graphical Passwords
Human brains can process graphical imageseasily.
Examples include places we visited, faces of people and things we have seen.
Difficult to implement automated attacks(such as dictionary attacks) against graphicalpasswords.
7/31/2019 20419613 Graphical Passwords
27/31
Disadvantages
Shoulder surfing problem.
(watching a user log on as they type theirpassword).
More storage space required
Hard to implement when compared to textpasswords
7/31/2019 20419613 Graphical Passwords
28/31
Conclusion
Main argument for graphical passwords:people are better at memorizing graphical passwordsthan text-based passwords
It is more difficult to break graphicalpasswords using the traditional attackmethods such as : brute force search,
dictionary attack or spyware.Not yet widely used, current graphicalpassword techniques are still immature
7/31/2019 20419613 Graphical Passwords
29/31
References [01] Fabian Monrose and Michael Reiter Chapter 9 - Security and Usability [02] The Graphical Passwords Project Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic),
S.Man (SW Minn. State), S. Wiedenbeck (Drexel) [03] The Graphical Passwords Project
Funded by the NSF CyberTrust Project Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic),
S.Man (SW Minn. State), S. Wiedenbeck (Drexel) [04] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [05] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [06] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [07] Graphical Passwords Leonardo Sobrado and Jean-Camille Birget Department of Computer Science, Rutgers University [08] A Password Scheme Strongly Resistant to Spyware
7/31/2019 20419613 Graphical Passwords
30/31
7/31/2019 20419613 Graphical Passwords
31/31