A Graphical Password Authentication System
Guided by:
Presented by:
Ms. Divya Shettigar
Nishan H Kumar 4ES09CS025
�Outline
Introduction Overview of the Authentication Methods Graphical Password Scheme: Two Categories
Recognition Based Techniques Recall Based Techniques
Working Proposed System Conclusion References
�Introduction
How about text-based passwords ? Difficulty of remembering passwords
easy to remember -> easy to guess hard to guess -> hard to remember
Users tend to write passwords down or use the same passwords for different accounts An alternative: Graphical Passwords Psychological studies: Human can remember pictures better than text
�Overview of the Authentication Methods
Token based authentication
key cards, bank cards, smart card,
Biometric based authentication
Fingerprints, iris scan, facial recognition,
Knowledge based authentication
text-based passwords, picture-based passwords, most widely used authentication techniques.
�Graphical Password Scheme
Using Pictures as Passwords. Easy to remember, as humans remember pictures better than words. Resistant to brute force attack because the search space is practically infinite. Graphical Passwords are classified into two main categories: - Recognition based techniques. - Recall based techniques.
�Graphical Password: Two categories
�Graphical Password: Two categories
Recognition Based Techniques
A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage
Recall Based Techniques
A user is asked to reproduce something that he created or selected earlier during the registration stage
�Recognition Based Techniques
Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later in authentication.
Using Hash Visualization, which, given a seed, automatically generate a set of pictures Take longer to create graphical passwords
Password Space: N!/K! (N-K)!
( N-total number of pictures; K-number of pictures selected as passwords)
�Recognition Based Techniques
Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects.
Sobrado and Birget suggested using 1000 objects, which makes the display very crowed and the objects almost indistinguishable.
Password Space: N!/K! (N-K)!
( N-total number of picture objects; K-number of pre-registered objects)
�Recognition Based Techniques
Other Schemes
Using human faces as password
Select a sequence of images as password
�Recall Based Techniques
Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing.
Redrawing has to touch the same grids in the same sequence in authentication. User studies showed the drawing sequences is hard to Remember.
�Recall Based Techniques
PassPoint Scheme
User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.
It can be hard to remember the sequences
Password Space: N^K ( N -the number of pixels or smallest units of a picture, K - the number of Point to be clicked on )
�Recall Based Techniques
Other Schemes
Signature Scheme
�Working of Graphical Password Authentication Systems
Registration Phase
Verification Phase
�User Registration Process
//EXAMPLE:
Enter the username in the username field.
USERNAME
N i s h a n
Click on NEW USER REGISTER button
NEW USER REGISTER
New user registration process. Verifies the username and store into the database
DATAB ASE
�Creating Picture Password
How to Select pictures?
There are two ways for selecting an picture for password authentication.
�User Defined Pictures
Pictures are selected by the user from the hard disk or any other image supported devices.
PICTURE
�System Defined Pictures
Pictures are selected by the user from the database of the password system.
PICTURE
DATABASE
�THE PICTURE SELECTED FROM ONE OF THE SYSTEM
USER DEFINED PICTURE
OR
DATABASE
Picture + Gridlines
SYSTEM DEFINED PICTURE
�MESSAGE BOX: DO YOU WISH TO CONTINUE WITH THIS POINT
YES
NO
Select another point User click on the point
DATABASE
Point and the image will be stored into database. Now the user can select another image and follows the same steps above. User with username
�Username U S E R N A M E verification
Reenter the username
Verifies the username
Checks the username in the database Incorrect username
User enters the username
If username not matched
DATAB ASE
Generates an message username doesn't match Please Reenter the username
Correct username
�Proposed System by Ahmad Almulhem
An example of creating a graphical password using the proposed system
�Proposed System by Ahmad Almulhem
Login Screen
�Implementation of Proposed System
The proposed system was implemented using Visual Basic.net 2005 (VB.net). The implementation has three main classes: LoginInfo: Contains username, graphical password,and related methods. GraphicalPassword: Contains graphical password information and related methods. SelReg: Contains fields about selected regions (POIs).
�Advantages of Graphical Password Authentication System
Graphical password schemes provide a way of making more human-friendly passwords . Here the security of the system is very high. It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.
Dictionary attacks are infeasible.
�Drawbacks of Graphical Password Authentication System
Password registration and log-in process take too long. Require much more storage space than text based passwords. Shoulder Surfing: It means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.
�Solution to Shoulder Surfing Problem
Triangle Scheme
(For clarity, this collection contains only a little over 100 objects. Typical screens can fit over 1000.)
�Solution to Shoulder Surfing Problem
Movable Frame Scheme
�Conclusion
Main argument for graphical passwords:
People are better at memorizing graphical passwords than textbased passwords.
It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess. It is more difficult to break graphical passwords using the traditional attack methods such as burte force method, dictionary attack or spyware. Not yet widely used, current graphical password techniques are still immature.
�References
[1] A graphical password authentication system, Ahmad Almulhem Computer Engineering DepartmentKing Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia. www. ieeexplore.ieee.org [2] Graphical Passwords: A Survey by Xiaoyuan Suo, Ying Zhu, G. Scott. Owen Department of Computer Science Georgia State University. [3] L. Sobrado and J.-C. Birget, "Graphical passwords,"The Rutgers Scholar, An Electronic Bulletin forUndergraduate Research, vol. 4, 2002. [4] Ian Jermyn Aviel D. Rubin The Design and Analysis of Graphical Passwords.
�Thank you
�Queries?
