Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2

80

SURVEY ON DIFFERENT ENDORSEMENT TECHNIQUES

1P.P WAKODIKAR, 2A.R

BHAGAT PATIL, 3A.S. BHATTACHARYA

1,3Department

of Computer Science and Engineering, GHRIETW, 440016, Nagpur, MH, INDIA

2Department of Computer Technology, YCCE, 441110, Nagpur, MH, INDIA
Abstract- User endorsement is one of the most important components in information security. Different types of
validations
are used to prevent user account. But these authentication methods are not safe from a mugger. These endorsement
techniques suffer from various kinds of unwanted interruption such as words attacks, possible keys attack, human error
attacks, etc. This survey proves that word based attack is widely performed during authentication nowadays. Word
based
interruption defined in two ways: operative case and down case. While down case word attacks are possible when the
adversary is able to hack or get the data through communication channel where as the operative case word attack is
easy to
perform and there are no groovy solutions available. This survey deals with different endorsement technique which is
used to
prevent user accounts in various ways.
Index Terms- Online Security, Dextral Based Attack, Pictorial Based Attack.

I. INTRODUCTION:
Computer security depends on trustworthy user
authentication to an extent. To provide the same we
have two traditions, first- dextral based passwords, in
which user uses alphabets in upper or small case,
numeric values and special symbols.
The combination of all these values will create a
password more complex. But humans generally
create easy combinations to memorize passwords, but
it affects the security & hard combinations affect
relevance. Remembrance of the image is rather
smooth as compared to the dextral based password.
And to overcome the security & usability issues
instead of dextral based passwords, pictorial based
passwords are widely used. Image based passwords
comprise two actions Recognition and recall. In
recognition user have to select & click on the image,
whereas in recall, it has to identify the pre-selected
image. Various techniques are used for guaranteeing
endorsement such as Smart card, biometric system,
etc., but such system has various drawbacks i.e. value
or hardware requirement. Nevertheless, these
techniques are also challenged with encrypted
questions & users dislike these types of challenges
which offer unnecessary extra step in authentication.
These techniques are sensitive to different types of
attacks such as a dictionary based attack, brute force
attack, spyware attack, human error attacks, etc. So,
all these attacks will be reduced by selecting a strong
password. Strong password means having greater
courage.
II. OUTLINE BIOGRAPHY:
This review paper consists of following survey,
which divides the hidden private data into two parts
such asHidden Private Data
Dextral based
Pictorial based

1.1The dextral based technique consists of following

survey.
1.1.1 EKE- S.M Bellovin and M Merritt
discussed about the combination of public and secret
key to prevent password attacks in insecure network.
Found it to be more effective in preventing user for
selecting easily guessable passwords and various
online attacks.
1.1.2 3P-EKE- Hen-Tyan Yeh, Hung- Min Sun
and Tzonelih Hwang discuss the way to generate a
session key for communication. This paper shows
two techniques, first one way authentication and
another with 3 party authentications, which generate a
secure session key for transformation of information.
1.1.3 Computational challenge systemComputational challenge protocol deals with online
dictionary attacks observed by Vipul Goyal, Virendra
Kumar, Mayank Singh, Ajith Abraham and Sugata
Sanyal. This protocol uses one way hash function as
the stepping stones and extract online dictionary
attacks by implementing an input-output scheme but
found out very time consuming technique.
1.1.4 RBGP- This paper talk about the issue
whether the RBGP is related to salvation or not.
Several surveys are done by Rosanne, Ron Poet
shows that there remains no effective way of counting
the level of surveillance of and discusses it with
threat model. This paper analyses different type of
attacks performance with this threat model.
1.1.5 S3PAS scheme- One hybrid technique is
developed by Huanyu Zhao and Xiaolin Li . In this
system the dextral word is combined with graphics to
reduce text based, password deficiency. This
Survey on Different Endorsement Techniques
Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
81

technique is specially designed to mitigate shoulder

surfing attack, but this system is also suffering with
time constrain.
1.1.6 CCP- Chang Chang password secret
transformation rule deals with 3-party simple secret
transformation protocol, which is advanced version of
the 3PKEK protocol It deals with undetectable
attacks on password. Chang-Chang have proposed
novel 3- party key exchange protocol in which
parallel message transmission takes place to reduce
one message circuiting to prevent time and cost.
1.1.7 AKE Protocol- Author Yasunori Onda,
Seongtlan Shin, Kazukuni Kobara, Hideki Imai give
an introduction about the AKE protocol, which is
used to distinguish between dictionary attacks and
mistakenly typed error password. It uses MAC and
digital signature to distinguish dictionary from
another dirty deed.
1.1.8 PGRP- PGRP is very useful in password,
identifying charge. In this paper author Mansour

Alsaleh, Mohammad Mannan, P.C van Oorschot

deals with a restriction over number of trial and error
attempts to login certain account. It also shows that
how it is invulnerable to both dictionary and brute
force attack.
1.1.9 S3-PAS - Accomplished three level
evidences and key affiliation rule develop to give
bilateral evidence and key transformation which is
prevented against hidden word identifying attack.
Author R. Padmavathy [24] exchange view on three
types of defilement- Detectable, Undetectable and
Offline Attack
1.2 The pictorial based technique consists of
following survey.
1.2.1 Image CAPTCHA- The posture and
importance of the text based captcha were discussed
by Monica Chew and J.D Tygar, UC Berkely. The
observation of this paper is the way how image
captcha is used with their benefits and limitations.
This paper concentrates not only on the security
issues associated with captcha techniques, but also on
their usability.
1.2.2 SSA- Author Kameswara Rao, Sushma
Yalamanchili bounces off survey on different textgraphical
password technique. Author proposed two
techniques named as PPC and TPPC and compare it
with traditional text-based method and found it as
more restrictive to shoulder surfing, spyware, brute
force and random click attacks.
1.2.3 A wase-E- Since passwords are very much
useful for user authentication, but remembering a
secret is also very important. But it affects the user
operability. And to maintain such operability this
paper introduces new scheme, which is generally
used in small handsets where the password entry is
limited.
The main need for this handset is digital camcorder
which snatching the idol and set it as a password
instead of text based password. By such technique not
only custom is maintained, but also security
increases.
1.2.4 Passpoints- Paper basic concept isUsability issue directly affects the security issue. It
also discusses about previous technique which used
the biometric system or smartcards to prevent
account. But, due to various drawbacks, this system is
of no use. Author Susan Wiedenbeck Jim Waters,
Jean- Camillee Bringer Alex Brodskiy, Nasir Memon
also explain how to choose an image for his
password.
1.2.5 Web based password- There are various
studies developed in password and password reuse
human tendency. In this Deine Florencio and Cormac
Herley find out details about countersign power, user
recorded each information about deduce like how
many numbers of invoice user has, number of

endeavours password per day, how often password

are shared. Generally, this paper works by human
doings of using a password.
1.2.6 YAGP- D-A-S i.e Draw-A-Secrete is the
way, which is largely used in a pictorial scheme to
overcome the drawback of alphanumeric password. It
used the concept of DAS system and creates a new
technique YAGP.
Haichang Gao, Xuewu Guo, Xiaoping Chen, Liming
Wang, and Xiyang Liu shows that YAGP makes it
easy for the user and free with some restriction for
drawing. This paper also shows the usability
drawback of this system.
1.2.7 User Friendly Password- Password which
is more user friendly as far as pictorial password is
concerned rather than text based key. In this paper
author Mohammed Misbahuddin, Dr P. Premchand,
Dr A. Govardhan talk about two types of password-Recognition based
-Recall based
This paper gives complete description about graphical
password and shows that this type of password is
more user friendly.
1.2.8 HOTSPOT problem- The iconic secret
execution as recognition based is facedown to hotspot
problem. To cut down the hotspot problem author
Kemal Bicakci, Nart Bedin Atalay, Mustafa Yuceel,
Hakan Gurbaslar, Burak Erdeniz develops two ways
called GPI and GPIS. This method is not only
Survey on Different Endorsement Techniques
Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
82

suitable for removing the password space problem,

but also prevents security and usability of the system.
1.2.9 Picture Attribute Selection- In this paper
the use of scene as a password is selected on the basis
of dimensions of the picture. These properties are
size, presentation and color and category of blueprint
which deals with the custom and security of the user.
This paper is based on lots of study made on these
attributes. The overall research shows the different
elicitation of icon according to their involvement,
which is very beneficial while picking images
according to their preferences.
1.2.10 RGGPW- Phen-Lan Lin, Li-Tung Weng,
and Po-Whei Huang first exhibit about various
bottom line of iconic password scheme since it uses
large capacity to store images. By using this
technique we can reduce storage volume and also it is
more secure as compared to the previous address. In
this craft the images are geometrically generated
hence there is no issue of remembering the password.
1.2.11 Finger Draw Password- doodle based,
password is generally developed for touch screen
constituents. This system also challenges with the
biometric system. But the biometric system has some

drawback which was removed by this system. Now-adays

touch screen is extensively used. M. MartinezDiaz, C. Martin-Diaz, J. Galbally and J. Fierrez
confer about the performance of impression
detection. It elaborates inequality between doodle and
pseudo signature.
1.2.12 ColorLogin- After various studies this paper
confers new manner to reduce the shoulder surfing
attack on graphical password. With colorLogin
scheme, this reduces login time with user satisfaction
about remembering and preventing from different
kinds of attacks
1.2.13 DWT- This assignment by Takao Miyachi,
Keita Takahashi, Madoka Hasegawa, Yuichi Tanaka,
Shigeo Kato exchange views about the encroachment
which will be generally performed on password, and
to tone down certain type of attack as shoulder
surfing populace address is used as iconic way . By
considering the logic of DWT the original images is
blended with another image and generate a fusion of
image which was given to the user to select his
hidden words. This paper also argues with the
popular result generated during the discussion.
1.2.14 New DAS System- This paper works with
drawing password according to user convenience,
which was inspired by the DAS system. Author
Haichang Gao, Zhongjie Ren, Xiuling Chang, Xiyang
Liu, Uwe Aickelin explains about the different
features provide to draw a secret and prevent it from
well known shoulder surfing attack.
1.2.15 Hybrid Graphical Password- hybrid
pictorial technique is a mixture of both recognition
based and recall based password. This type of
password proposed for palm talk device. Author
Wazir Zada Khan, Mohammad Y Aalsalem and Yang
Xiang vindicate discuss about the drawback of image
secret such as large interval or shoulder surfing
attack. To overcome from such limitation most
graphical secret craft recommend small mobile
devices (PDAs) as the ideal application environment.
1.2.16 Watermark technique- One argument with
graphical password is shoulder surfing populace. To
cutoff image gallery attack new innovation is used,
based on watermarking craft. Author Arash Habibi
Lashkari, Azizah Abdul Manaf also deals with
research on various executions, and descriptions
about six types of outbreaks.
1.2.17 Click Draw Based- In this system author
Yuxin Meng alterkit proposed a new system called
CD-GPS which is combined version of previously
designed three techniques, hence it proved that it is
stronger and more user friendly password than any
other existing graphical techniques.
1.2.18 Create-A-Secret- Author Marc luard,
Yves Maetz And Davide Alessio introduces a very
interesting technique for memorizing pictorial

password. This new term is called as Gecu- it is the

picture which provides a surrogate choice for the
selected image. It defines new ways to increase the
remembering power of user by introducing practice
phase at the time of registration.
1.2.19 SOGA- Discusses about the new guess
ability attack known as semantic ordered guessing
attack abbreviated as SOGA by author Rosanne and
Ron Poet. This paper compares two artistry of
acceptance based as faces and story. It bounces off
two techniques for justification first is a doodle and
recognition based system and calculates results based
on these experiments.
1.2.20 Cude-Click Point- Cude click point is the
recall based technique developed by Sonia Chiasson,
P. C. Oorschot, Robert Biddle. In such systems, users
identify and target previously selected locations by
one click point as compared to passpoint technique.
The images act as mnemonic cues to aid recall and
prevent it from the different anti-social activity.
1.2.21 Edgepass- In this paper Housam Khalifa
Bashier, Lau Siong Hoe discusses about Edge Pass
technique. Human can identify an entity by their limb
this concept is used in EdgePass algorithm. This
technique finds out whether the rim is dark or light
and according to that, it will decide whether it is a
margin of the background of the image. It also
discusses about useful methods in corner detection
algorithm.
Survey on Different Endorsement Techniques
Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
83

CONCLUSION:
This paper makes two kinds of contribution. First
relate to security constraint and another is password
persistent. From the related survey, it comes to know
that there are various addresses available to make
user password more secure and memorable, but there
is no proper solution to mitigate different types of
attacks over passwords. Since to make password
stronger and harder to guess pictorial password is the
best solution which makes user convenient to select
password of user own choice.
REFERENCES:
[1] Steven M. Bellovin, Michael Merritt Encrypted Key
Exchange: Password Based Protocol Secure Against
Dictionary Attacks, Symposium on research in security and
privacy (RISP), IEEE 1992. http://dx.doi.org/
10.1109/risp.1992.213269
[2] Tetsuji TAKADA and Hideki KOIKE A wase-E: Image
Based Authentication for Mobile Phones Using users
Favourite Images Lecture notes in Computer Science on
pages 347 to 351, 2003. http://dx.doi.org/10.1007/978-3540-45233-1_26
[3] Monica Chew and J.D Tygar, UC Berkely, Image
Recognition CAPTCHA, 7th international Information
Security Conference, Springer 2004. http://dx.doi.org/
10.1007/978-3-540-30144-8_23
[4] Hen-Tyan Yeh, Bing-Chang Chen, and Tzonelih Hwang
Secure Key Agreement Protocols For Three Party Against

Guessing Attacks, Journal of System and Software (JSS)

2005. http://dx.doi.org/10.1016/j.jss.2003.11.017
[5] Susan Wiedenbeck Jim Waters, Jean- Camillee Bringer
Alex Brodskiy, Nasir Memon Authentication using
Graphical Password Effect of Tolerance and Image Choice,
Symposium on Usable Privacy and Security, 2005.
http://dx.doi.org/10.1145/1073001.1073002
[6] Vipul Goyal, Virendra Kumar, Mayank Singh, Ajith
Abraham and Sugata Sanyal, Comp Chall Addressing
Password Guessing Attacks, International Conference on
Information Technology Coding and Computing, (ITCC)
2005. http://dx.doi.org/ 10.1109/itcc.2005.107
[7] P.C. van Oorschot and S. Stubblebine, On Countering
Online Dictionary Attacks with Login Histories and
Humans-in-the- Loop, Trans. Information and System
Security, vol. 9, no. 3, ACM 2006. http://dx.doi.org/
10.1007/978-3-540-27809-2_5
[8] Deine Florencio and Cormac Herley, A Large Scale Study
Of Web Password Habits, Proceedings of the 16th
international conference on the World Wide Web(WWW)
ACM 2007. http://dx.doi.org/10.1145/1242572.1242661
[9] Rosanne, Ron Poet, Towards a Metric for RecognitionBased Graphical Password Security, 5th International
Conference on Network and System Security (ICNSS)
IEEE 2007. http://dx.doi.org/10.1109/icnss.2011.6060007
[10] Huanyu Zhao and Xiaolin Li, S3PAS:A Scalable ShoulderSurfing Resistant Textual-Graphical Password
Authentication Scheme, 21st International Conference on
Advanced Information Networking and Applications
Workshops (AINAW) IEEE 2007. http://dx.doi.org/
10.1109/ainaw.2007.317
[11] Sonia Chiasson, P. C. Oorschot, Robert Biddle, Graphical
Password Authentication Using Cude Click Point Lecture
Notes in Computer Science on pages 359 to 374, 2007.
http://dx.doi.org/10.1007/978-3-540-74835-9_24
[12] Mohammed Misbahuddin, Dr P. Premchand, Dr A.
Govardhan A User Friendly Password authenticated Key
Agreement for Web based service, International
Conference on Innovations in Information Technology,
(ICIIT) IEEE 2008. http://dx.doi.org/ 10.1109/innovations
.2008.4781766
[13] Muhammad Daniel Hafiz B. Abdullah1, Abdul Hanan
B.Abdullah2, Norafida Ithnin3, Hazinah Kutty Mammi4,
Graphical Password: Users Affinity of Choice An
Analysis of Picture Attributes Selection, International
Symposium on Information Technology (ITSIT) Vol 3
IEEE 2008. http://dx.doi.org/10.1109/itsim.2008.4632021
[14] Phen-Lan Lin, Li-Tung Weng, Po-Whei Huang, Graphical
Passwords Using Images with Random Tracks of Geometric
Shapes Congress on Image and Signal Processing (CISP)
2008. http://dx.doi.org/10.1109/cisp.2008.603
[15] Haichang Gao, Xuewu Guo, Xiaoping Chen, Liming Wang,
and Xiyang Liu, YAGP: Yet Another Graphical Password
Strategy Annual Computer Security Applications
Conference (ACSAC)IEEE 2008.
http://dx.doi.org/10.1109/acsac.2008.19
[16] Kemal Bicakci, Nart Bedin Atalay, Mustafa Yuceel, Hakan
Gurbaslar, Burak Erdeniz, Towards Usable Solutions to
Graphical Password Hotspot Problem 33rd Annual
International Computer Software and Applications
Conference (ICSAC) IEEE 2009. http://dx.doi.org
/10.1109/compsac.2009.153
[17] Padmavathi,R Improved Analysis on Chang and Chang
Password Key Exchange Protocol , Advances in
Computing,Control and Telicommunication Technology
(AICCTT) 2009. http://dx.doi.org/10.1109/act.2009.197
[18] Haichang Gao, Xiyang Liu, Ruyi Dai, Sidong Wang, and
Xiuling Chang, Analysis and Evaluation of the ColorLogin
Graphical Password Scheme, 5th International Conference
on Image and Graphics (ICIG) 2009. http://dx.doi.org

/10.1109/icig.2009.62
[19] Haichang Gao, Zhongjie Ren, Xiuling Chang, Xiyang Liu,
Uwe Aickelin, A New Graphical Password Scheme
Resistant to Shoulder-Surfing,International Conference on
Cyberworlds (ICC) 2010. http://dx.doi.org/ 10.1109/
cw.2010.34
[20] Yasunori Onda, Seongtlan Shin, Kazukuni Kobara, Hideki
Imai, How to distinguish On-line Dictionary attacks and
Password Mis-typing in Two-Factor Authentication,
International Symposium on Information Theory and Its
Applications (ISITA )IEEE 2010. http:// dx.doi.org/10.1109
/iisita.2010.5649727
[21] M. Martinez-Diaz, C. Martin-Diaz, J. Galbally and J.
Fierrez, A Comparative Evaluation of Finger-Drawn
Graphical Password Verification Methods, 12th
International Conference on Frontiers in Handwriting
Recognition (ICFHR) 2010. http://dx.doi.org/ 10.1109/icfhr
.2010.65
[22] akao Miyachi, Keita Takahashi, Madoka Hasegawa, Yuichi
Tanaka, Shigeo Kato, a study on memorability and
shoulder-surfing robustness of graphical password using
dwt-based image blending 28th Picture Coding Symposium
(PCS)2010. http://dx.doi.org/10.1109 /pcs.2010.5702441
[23] Liming Wang, Xiuling Chang, Zhongjie Ren, Haichang
Gao, Xiyang Liu, Uwe Aickelin, Against Spyware Using
CAPTCHA in Graphical Password Scheme, 24th
international conference on advance information networking
and application (AINA) IEEE 2010 http://dx.doi.org/
10.1109/aina.2010.46
Survey on Different Endorsement Techniques
Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
84
[24] R. Padmavathy, A Password Attack On s-3PAKE,
International Journal of Security and its Application, (IJSA)
Vol. 5 No. 4 2011. http://dx.doi.org/10.11591 /ijins.v1i1.385
[25] Wazir Zada Khan, Mohammad Y Aalsalem and Yang
Xiang, Quratulain Arshad A Hybrid Graphical Password
Based System 11th International Conference, ICA 300
2011 http://dx.doi.org/10.1007/978-3-642-24669-2_15
[26] Arash Habibi Lashkari, Azizah Abdul Manaf, A Secure
Recognition Based Graphical Password by Watermarking,
11th International Conference on Computer and Information
Technology (ICCIT) IEEE 2011. http://dx.doi.org/
10.1109/cit.2011.29
[27] Marc luard, Yves Maetz And Davide Alessio, Technicolor,
Action-Based Graphical Password: Click-a-Secret,
International Conference on Consumer Electronics (ICCE)
IEEE 2011. http://dx.doi.org/10.1109/ icce.2011.5722575
[28] Rosanne and Ron Poet, Measuring the Revised
Guessability of Graphical Passwords, 5th International
Conference on Network and System Security (ICNSS),
IEEE 2011. http://dx.doi.org/10.1109/icnss.2011.6060031
[29] Kameswara Rao, Sushma Yalamanchili , Novel ShoulderSurfing Resistant Authentication Schemes using TextGraphical Passwords, International Journal of Information
& Network Security (IJINS) Vol.1, No.3, 2012
http://dx.doi.org/10.11591/ijins.v1i3.529
[30] Mansour Alsaleh, Mohammad Mannan, P.C van Oorschot
member, IEEE Revisiting Defences against Large Scale
Online Password Guessing Attacks, transaction on
Dependable and secure computing (TDSC) Vol.9, No. 1,
IEEE 2012. http://dx.doi.org/10.1109 /tdsc.2011.24
[31] Yuxin Meng, Designing Click-Draw Based Graphical
Password Scheme for Better Authentication, 7th
International Conference on Networking, Architecture, and
Storage (ICNAS) IEEE 2012 http://dx.doi.org/
10.1109/nas.2012.9
[32] Housam Khalifa Bashier, Lau Siong Hoe, Pang Ying Han,
Graphical Password: Pass-Images Edge Detection 9th
International Colloquium on Signal Processing and its

Applications, (CSPA) 2013. http://dx.doi.org/10.1109

/cspa.2013 .6530025.