graphical password authentication


Published on

Published in: Technology
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

graphical password authentication

  1. 1. <ul><li>Presented by: </li></ul><ul><li>M.Bhargavi </li></ul><ul><li>08Q61A0558 </li></ul>
  2. 2. <ul><li>Introduction </li></ul><ul><li>Overview of the Authentication Methods </li></ul><ul><li>The survey </li></ul><ul><ul><li>Recognition Based Techniques </li></ul></ul><ul><ul><li>Recall Based Techniques </li></ul></ul><ul><li>Discusssion </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Usability </li></ul></ul><ul><li>Conclusion </li></ul>
  3. 3. <ul><li>How about text-based passwords ? </li></ul><ul><ul><li>Difficulty of remembering passwords </li></ul></ul><ul><ul><ul><li>easy to remember -> easy to guess </li></ul></ul></ul><ul><ul><ul><li>hard to guess -> hard to remember </li></ul></ul></ul><ul><ul><li>Users tend to write passwords down or use the same passwords for different accounts </li></ul></ul><ul><li>An alternative: Graphical Passwords </li></ul><ul><ul><li>Psychological studies: Human can remember pictures better than text </li></ul></ul>
  4. 4. <ul><li>If the number of possible pictures is sufficiently large, the possible password space may exceed that of text-based schemes, thus offer better resistance to dictionary attacks . </li></ul><ul><li>can be used to: </li></ul><ul><ul><li>workstation </li></ul></ul><ul><ul><li>web log-in application </li></ul></ul><ul><ul><li>ATM machines </li></ul></ul><ul><ul><li>mobile devices </li></ul></ul>
  5. 5. <ul><li>Conduct a comprehensive survey of the existing graphical password techniques </li></ul><ul><li>Discuss the strengths and limitations of each method </li></ul><ul><li>Point out future research directions </li></ul>
  6. 6. <ul><li>Token based authentication </li></ul><ul><ul><li>key cards, band cards, smart card, … </li></ul></ul><ul><li>Biometric based authentication </li></ul><ul><ul><li>Fingerprints, iris scan, facial recognition, … </li></ul></ul><ul><li>Knowledge based authentication </li></ul><ul><ul><li>text-based passwords, picture-based passwords, … </li></ul></ul><ul><ul><li>most widely used authentication techeniques </li></ul></ul>
  7. 7. <ul><li>Recognition Based Techniques </li></ul><ul><ul><li>a user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage </li></ul></ul><ul><li>Recall Based Techniques </li></ul><ul><ul><li>A user is asked to reproduce something that he created or selected earlier during the registration stage </li></ul></ul>
  8. 8. <ul><li>Dhamija and Perrig Scheme </li></ul><ul><ul><li>Pick several pictures out of many choices, identify them later </li></ul></ul><ul><ul><li>in authentication. </li></ul></ul><ul><ul><li>using Hash Visualization, which, </li></ul></ul><ul><ul><li>given a seed, automatically </li></ul></ul><ul><ul><li>generate a set of pictures </li></ul></ul><ul><ul><li>take longer to create graphical </li></ul></ul><ul><ul><li>passwords </li></ul></ul><ul><ul><li>password space: N!/K! (N-K)! </li></ul></ul><ul><ul><li>( N-total number of pictures; K-number of pictures selected as passwords) </li></ul></ul>
  9. 9. <ul><li>Sobrado and Birget Scheme </li></ul><ul><li>System display a number of pass-objects (pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects. </li></ul><ul><ul><li>authors suggeated using 1000 </li></ul></ul><ul><ul><li>objects, which makes the display </li></ul></ul><ul><ul><li>very crowed and the objects almost </li></ul></ul><ul><ul><li>indistinguishable. </li></ul></ul><ul><ul><li>password space: N!/K! (N-K)! </li></ul></ul><ul><ul><li>( N-total number of picture objects; K-number of pre-registered objects) </li></ul></ul>
  10. 10. <ul><li>Other Schemes </li></ul><ul><ul><li>Using human faces as password </li></ul></ul><ul><ul><li>Select a sequence of images as password </li></ul></ul>
  11. 11. <ul><li>Draw-A-Secret (DAS) Scheme </li></ul><ul><li>User draws a simple picture on a 2D grid, the coordinates of the </li></ul><ul><li>grids occupied by the picture are stored in the order of drawing </li></ul><ul><li>redrawing has to touch the </li></ul><ul><li>same grids in the same </li></ul><ul><li>sequence in authentication </li></ul><ul><li>user studies showed the </li></ul><ul><li>drawing sequences is hard to </li></ul><ul><li>Remember </li></ul>
  12. 12. <ul><li>“ PassPoint” Scheme </li></ul><ul><li>User click on any place on an image to create a password. A tolerance </li></ul><ul><li>around each chosen pixel is calculated. In order to be authenticated, </li></ul><ul><li>user must click within the tolerances in correct sequence. </li></ul><ul><li>can be hard to remember the </li></ul><ul><li>sequences </li></ul><ul><li>Password Space: N^K </li></ul><ul><li>( N -the number of pixels or smallest </li></ul><ul><li>units of a picture, K - the number of </li></ul><ul><li>Point to be clicked on ) </li></ul>
  13. 13. <ul><li>Other Schemes </li></ul>Grid Selection Scheme Signature Scheme
  14. 14. Using distorted images to prevent revealing of passwords Using images with random tracks of geometric graphical shapes
  15. 15. <ul><li>Is a graphical password as secure as text-based passwords? </li></ul><ul><ul><li>text-based passwords have a password space of 94^N </li></ul></ul><ul><ul><li>(94 – number of printable characters, N- length of passwords). </li></ul></ul><ul><ul><li>Some graphical password techniques can compete: Draw-A-Secret Scheme, </li></ul></ul><ul><ul><li>PassPoint Scheme. </li></ul></ul><ul><ul><li>Brute force search / Dictionary attacks </li></ul></ul><ul><ul><li>The attack programs need to automatically generate accurate mouse motion </li></ul></ul><ul><ul><li>to imitate human input, which is more difficult compared to text passwords. </li></ul></ul><ul><ul><li>Guessing </li></ul></ul><ul><ul><li>Social engineering </li></ul></ul><ul><ul><li>… </li></ul></ul>
  16. 16. <ul><li>Pictures are easier to remember than text strings </li></ul><ul><li>Password registration and log-in process take too long </li></ul><ul><li>Require much more storage space than text based passwords </li></ul>
  17. 17. <ul><li>main argument for graphical passwords: </li></ul><ul><li>people are better at memorizing graphical passwords than text-based passwords </li></ul><ul><li>It is more difficult to break graphical passwords using the traditional attack methods such as:burte force search, dictionary attack or spyware. </li></ul><ul><li>Not yet widely used, current graphical password techniques are still immature </li></ul>