Graphical Password Authentication

JAYASHREE MOHAPATRA Reg. NO. - 126102009 MCA 4th Semester

Introduction
Password is a secret word or string of characters that is used for user authentication to prove ones identity and gain access to resources. Difficulty of remembering text based passwords.
easy to remember easy to guess. hard to guess hard to remember.

According to human psychological studies it has been revealed that human brain recognizes and remembers the images more easily and for longer period than the strings of numbers and letter. Graphical password as an alternative to text based password.

Objective:
Conduct a comprehensive survey of the existing graphical password techniques. Security analysis of the concerned technique. Application of Graphical password. Discuss the strengths and limitations of the concerned method. Point out to future scopes.

Authentication
It is basically a process of confirmation of an individuals identity.

Types:
Token Based. Numeric password, pin no., smart card, band cards etc. Bio-metric Based. Finger print, facial & voice recognition, dynamic signature verification, iris & retinal scan. Knowledge Based. Recognition based system, Recall based system, Cued recall based system. o Recognition based systems i.e. texts and picture based passwords are most widely used authentication techniques.

Graphical Password
A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI). For this reason, the graphical-password approach is sometimes called graphical user authentication (GUA).

An example of a graphical password uses an image on the screen and lets the user choose a few click points; these click points are the "password", and the user has to click closely to these points again in order to log in.

Recall Based Techniques

Draw-A-Secret (DAS) Scheme
o User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing o Redrawing has to touch the same grids in the same sequence in authentication. o User studies showed the drawing sequences is hard to remember.

 Signature scheme
o Here authentication is conducted by having the user drawing their signature using a mouse.

 Pass Point Scheme

o User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in the correct sequence.

Other Schemes

B-DAS Scheme

Grid Selection Scheme

Recognition Based Techniques

Dhamija and Perrig Scheme
o Pick several pictures out of many choices, identify them laterin authentication. o using Hash Visualization, which, given a seed, automatically generate a set of pictures take longer to create graphical passwords.

o password space: N!/K! (N-K)! ( N-total number of pictures; K-number of pictures selected as passwords)

Select a sequence of images as password

Sobrado and Birget Scheme

o System display a number of pass-objects

(pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects.

Pass Face Scheme

o In this technique human faces are used as password.

Security:
Some graphical password techniques are very resistive towards phishing attacks like DAS scheme. Brute force search / Dictionary attacks:
The attacking programs need to automatically generate accurate mouse motion to imitate human input, which is more difficult compared to text passwords.

The graphical password is very much resistance to

Guessing Social engineering. Spy-ware attack.

APPLICATION:
Workstation. Web Log-in Application. ATM Machines. Mobile Devices. Logging Into Accounts. Retrieving Emails. Online Banking. Social Networking. Websites. Databases.

Hard-disk locking Folder locking

Advantages
Graphical password schemes provide a way of making more human friendly passwords while increasing the level of security.

Here the security of the system is very high.

Dictionary attacks and brute force search are infeasible.

With confident image shield, one can create one time authentication code for each transaction or online session.

Drawbacks
In the Grid based methods It is really hard to remember the exact coordinates of the grid.

Require much more storage space than text based passwords.

DAS scheme has some limitations like it is vulnerable to shoulder surfing attack if a user accesses the system in public environments . Password registration and log-in process take too long.

CONCLUSION
People are better at memorizing graphical passwords than text-based passwords. It is more difficult to break graphical passwords using the traditional attack methods such as brute force search, dictionary attack or spyware. Not yet widely used, current graphical password techniques are still immature enough for efficient implementation and hence require more research in this field.

SCOPE
Development of some graphical password schemes that are resistant to shoulder surfing. Development of A password scheme strongly resistant to spyware. Implementation of more user friendly Grid Based Authentication Technique.

Thank You !!!