SlideShare a Scribd company logo

MGPS: A Hybrid Text-Based Graphical Password System

Download as PPTX, PDF
P
Prajwal Kondawar

This document presents a Mutating Graphical Password System (MGPS) that combines traditional text-based passwords with graphical passwords. MGPS aims to provide the easy recall of graphical passwords while improving resistance to shoulder surfing attacks compared to previous graphical password systems. It works by mapping text passwords to graphical patterns on a grid, and generates a hash of the pattern sequence for authentication. The document outlines previous work, how MGPS works for registration and login, its security advantages over text and graphical passwords, and ideas for future enhancements.

1 of 15
Presented By : Nishit Jain Arifullah Khan Prajwal Kondawar Nitin Walke Guided By : Chaitali Chandankhede
OUTLINE • Idea in a Nutshell • Previous Work • Our Solution • Working • Why Better ? • Future Enhancements • Conclusion 2/1
IDEA IN A NUTSHELL  What is MGPS ?  Mutating Graphical Password System  Pattern-Based  Pattern to text mapping 3/15
 Text-Based Password  Advantages :  Well-Known  High Resistance To Shoulder Surfing  Limitations :  Password Complexity  Recall Failure PREVIOUS WORK 4/15
PREVIOUS WORK  Graphical Password  Click-Based Password  Draw-A-Secret  Composite-Scene-Authentication  Image Based Authentication 5/15
PREVIOUS WORK  Graphical Password  Advantages :  Easy Recall  Ease Of Use  Limitations :  Very Poor Resistance To Shoulder Surfing 6/15
OUR SOLUTION MGPS TEXT-BASED GRAPHICAL • Resistance To Shoulder Surfing • Easy Recall • Ease Of Use Hybrid System Of Traditional Text-Based And Modern Graphical Password Techniques 7/15
WORKING REGISTRATION FLOWCHART START Display 8*8 Grid Enter Password Length >=5? Generate Hash Sequence Of The Entered Password Update Database END Length Too Short Yes No 8/15
Entered Password Is : a1 a2 a3 a4 a5 a6 a7 a8 b1 b2 b3 b4 b5 b6 b7 b8 c1 c2 c3 c4 c5 c6 c7 c8 d1 d2 d3 d4 d5 d6 d7 d8 e1 e2 e3 e4 e5 e6 e7 e8 f1 f2 f3 f4 f5 f6 f7 f8 g1 g2 g3 g4 g5 g6 g7 g8 h1 h2 h3 h4 h5 h6 h7 h8 b2 b2-> f2-> f6 f2 f6 WORKING REGISTRATION PHASE Hash Value : A7FD9EBC210F Hashing Internal Representation : (b2f2f6) Hash Value is stored in the file as the user’s password 9/15
WORKING LOGIN FLOWCHART START Generate New Randomized Grid Enter Next Vertex Of The Password Last Vertex Entered? Determine Vertex Position ON Grid Retrieve Hash Sequence Of The Original Password Hash Sequence Matched? Successful Login END No No Yes Yes Construct Final Hash Sequence Of The Password 10/15
WORKING LOGIN PHASE USERNAME : PASSWORD : MIT W8 Q4R3 W8 R3 Q4 • The password “W8R3Q4” is internally recognized as the sequence “b2f2f6”. • The Hash Value of this sequence is matched against the file. • If the match is found, corresponding user is successfully logged into the system. 11/15
WHY BETTER ? Sr. No. Types Of Attacks Vulnerability Text-Based Passwords Previous GPS MGPS 1. Brute-force High Moderate Low 2. Dictionary High NA NA 3. Shoulder Surfing Moderate High Very Low 4. Guessing High Moderate Low 5. Key Logging Very High Negligible Negligible 6. Rainbow Tables Moderate Moderate Comparatively Low 12/15
FUTURE ENHANCEMENTS • Implementation on Network Client-Server Architecture • Devising methods to improve the memorability for complex passwords • Optimization for low memory hand-held devices 13/15
CONCLUSION • Our system is very much resistant to various attacks which are possible on the current password systems. • Combination of graphical pattern and textual input makes the system unique in its own way. 14/15
15/15

Recommended

Wordlist Generation and Wifi Cracking
Wordlist Generation and Wifi CrackingWordlist Generation and Wifi Cracking
Wordlist Generation and Wifi CrackingShakar Bhattarai
 
Zing Me Real Time Web Chat Architect
Zing Me Real Time Web Chat ArchitectZing Me Real Time Web Chat Architect
Zing Me Real Time Web Chat ArchitectChau Thanh
 
Graphical password
Graphical passwordGraphical password
Graphical passwordsowji888
 
Graphical password ppt
Graphical password pptGraphical password ppt
Graphical password pptMumbai University
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemAkshay Surve
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authenticationshalini singh
 
Stored procedures with cursor
Stored procedures with cursorStored procedures with cursor
Stored procedures with cursorbaabtra.com - No. 1 supplier of quality freshers
 
SAP hands on lab_en
SAP hands on lab_enSAP hands on lab_en
SAP hands on lab_enPositive Hack Days
 

Recommended

Wordlist Generation and Wifi Cracking
Wordlist Generation and Wifi CrackingWordlist Generation and Wifi Cracking
Wordlist Generation and Wifi CrackingShakar Bhattarai
 
Zing Me Real Time Web Chat Architect
Zing Me Real Time Web Chat ArchitectZing Me Real Time Web Chat Architect
Zing Me Real Time Web Chat ArchitectChau Thanh
 
Graphical password
Graphical passwordGraphical password
Graphical passwordsowji888
 
Graphical password ppt
Graphical password pptGraphical password ppt
Graphical password pptMumbai University
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemAkshay Surve
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authenticationshalini singh
 
Stored procedures with cursor
Stored procedures with cursorStored procedures with cursor
Stored procedures with cursorbaabtra.com - No. 1 supplier of quality freshers
 
SAP hands on lab_en
SAP hands on lab_enSAP hands on lab_en
SAP hands on lab_enPositive Hack Days
 
Headless approach for offloading heavy tasks in Magento
Headless approach for offloading heavy tasks in MagentoHeadless approach for offloading heavy tasks in Magento
Headless approach for offloading heavy tasks in MagentoSander Mangel
 
Preparing for SRE Interviews
Preparing for SRE InterviewsPreparing for SRE Interviews
Preparing for SRE InterviewsShivam Mitra
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
MySQL HA Presentation
MySQL HA PresentationMySQL HA Presentation
MySQL HA Presentationpapablues
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016Derek Downey
 
Zabbix 3.0 and beyond - FISL 2015
Zabbix 3.0 and beyond - FISL 2015Zabbix 3.0 and beyond - FISL 2015
Zabbix 3.0 and beyond - FISL 2015Zabbix
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancementLuigi Perrone
 
Memcache Integration with Innodb
Memcache Integration with InnodbMemcache Integration with Innodb
Memcache Integration with InnodbMindfire Solutions
 
Don't you (forget about me) - PHP Meetup Lisboa 2023
Don't you (forget about me) - PHP Meetup Lisboa 2023Don't you (forget about me) - PHP Meetup Lisboa 2023
Don't you (forget about me) - PHP Meetup Lisboa 2023Bernd Alter
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefNathen Harvey
 
MySQL Replication — Advanced Features / Петр Зайцев (Percona)
MySQL Replication — Advanced Features / Петр Зайцев (Percona)MySQL Replication — Advanced Features / Петр Зайцев (Percona)
MySQL Replication — Advanced Features / Петр Зайцев (Percona)Ontico
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedCysinfo Cyber Security Community
 
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...confluent
 
Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Garth Gilmour
 
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...Severalnines
 
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Jaime Crespo
 
Joomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingShyam Sunder Verma
 
MongoDB: How We Did It – Reanimating Identity at AOL
MongoDB: How We Did It – Reanimating Identity at AOLMongoDB: How We Did It – Reanimating Identity at AOL
MongoDB: How We Did It – Reanimating Identity at AOLMongoDB
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authenticationijtsrd
 

More Related Content

Similar to MGPS: A Hybrid Text-Based Graphical Password System

Headless approach for offloading heavy tasks in Magento
Headless approach for offloading heavy tasks in MagentoHeadless approach for offloading heavy tasks in Magento
Headless approach for offloading heavy tasks in MagentoSander Mangel
 
Preparing for SRE Interviews
Preparing for SRE InterviewsPreparing for SRE Interviews
Preparing for SRE InterviewsShivam Mitra
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
MySQL HA Presentation
MySQL HA PresentationMySQL HA Presentation
MySQL HA Presentationpapablues
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016Derek Downey
 
Zabbix 3.0 and beyond - FISL 2015
Zabbix 3.0 and beyond - FISL 2015Zabbix 3.0 and beyond - FISL 2015
Zabbix 3.0 and beyond - FISL 2015Zabbix
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancementLuigi Perrone
 
Memcache Integration with Innodb
Memcache Integration with InnodbMemcache Integration with Innodb
Memcache Integration with InnodbMindfire Solutions
 
Don't you (forget about me) - PHP Meetup Lisboa 2023
Don't you (forget about me) - PHP Meetup Lisboa 2023Don't you (forget about me) - PHP Meetup Lisboa 2023
Don't you (forget about me) - PHP Meetup Lisboa 2023Bernd Alter
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefNathen Harvey
 
MySQL Replication — Advanced Features / Петр Зайцев (Percona)
MySQL Replication — Advanced Features / Петр Зайцев (Percona)MySQL Replication — Advanced Features / Петр Зайцев (Percona)
MySQL Replication — Advanced Features / Петр Зайцев (Percona)Ontico
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedCysinfo Cyber Security Community
 
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...confluent
 
Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Garth Gilmour
 
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...Severalnines
 
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Jaime Crespo
 
Joomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingShyam Sunder Verma
 
MongoDB: How We Did It – Reanimating Identity at AOL
MongoDB: How We Did It – Reanimating Identity at AOLMongoDB: How We Did It – Reanimating Identity at AOL
MongoDB: How We Did It – Reanimating Identity at AOLMongoDB
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authenticationijtsrd
 

Similar to MGPS: A Hybrid Text-Based Graphical Password System (20)

Headless approach for offloading heavy tasks in Magento
Headless approach for offloading heavy tasks in MagentoHeadless approach for offloading heavy tasks in Magento
Headless approach for offloading heavy tasks in Magento
 
Preparing for SRE Interviews
Preparing for SRE InterviewsPreparing for SRE Interviews
Preparing for SRE Interviews
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
MySQL HA Presentation
MySQL HA PresentationMySQL HA Presentation
MySQL HA Presentation
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016
 
Zabbix 3.0 and beyond - FISL 2015
Zabbix 3.0 and beyond - FISL 2015Zabbix 3.0 and beyond - FISL 2015
Zabbix 3.0 and beyond - FISL 2015
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancement
 
Memcache Integration with Innodb
Memcache Integration with InnodbMemcache Integration with Innodb
Memcache Integration with Innodb
 
Don't you (forget about me) - PHP Meetup Lisboa 2023
Don't you (forget about me) - PHP Meetup Lisboa 2023Don't you (forget about me) - PHP Meetup Lisboa 2023
Don't you (forget about me) - PHP Meetup Lisboa 2023
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
MySQL Replication — Advanced Features / Петр Зайцев (Percona)
MySQL Replication — Advanced Features / Петр Зайцев (Percona)MySQL Replication — Advanced Features / Петр Зайцев (Percona)
MySQL Replication — Advanced Features / Петр Зайцев (Percona)
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
 
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
 
Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?
 
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
Webinar slides: How to deploy and manage HAProxy, MaxScale or ProxySQL with C...
 
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
 
Joomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation TestingJoomla Code Quality Control and Automation Testing
Joomla Code Quality Control and Automation Testing
 
MongoDB: How We Did It – Reanimating Identity at AOL
MongoDB: How We Did It – Reanimating Identity at AOLMongoDB: How We Did It – Reanimating Identity at AOL
MongoDB: How We Did It – Reanimating Identity at AOL
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
 

MGPS: A Hybrid Text-Based Graphical Password System

  • 1. Presented By : Nishit Jain Arifullah Khan Prajwal Kondawar Nitin Walke Guided By : Chaitali Chandankhede
  • 2. OUTLINE • Idea in a Nutshell • Previous Work • Our Solution • Working • Why Better ? • Future Enhancements • Conclusion 2/1
  • 3. IDEA IN A NUTSHELL  What is MGPS ?  Mutating Graphical Password System  Pattern-Based  Pattern to text mapping 3/15
  • 4.  Text-Based Password  Advantages :  Well-Known  High Resistance To Shoulder Surfing  Limitations :  Password Complexity  Recall Failure PREVIOUS WORK 4/15
  • 5. PREVIOUS WORK  Graphical Password  Click-Based Password  Draw-A-Secret  Composite-Scene-Authentication  Image Based Authentication 5/15
  • 6. PREVIOUS WORK  Graphical Password  Advantages :  Easy Recall  Ease Of Use  Limitations :  Very Poor Resistance To Shoulder Surfing 6/15
  • 7. OUR SOLUTION MGPS TEXT-BASED GRAPHICAL • Resistance To Shoulder Surfing • Easy Recall • Ease Of Use Hybrid System Of Traditional Text-Based And Modern Graphical Password Techniques 7/15
  • 8. WORKING REGISTRATION FLOWCHART START Display 8*8 Grid Enter Password Length >=5? Generate Hash Sequence Of The Entered Password Update Database END Length Too Short Yes No 8/15
  • 9. Entered Password Is : a1 a2 a3 a4 a5 a6 a7 a8 b1 b2 b3 b4 b5 b6 b7 b8 c1 c2 c3 c4 c5 c6 c7 c8 d1 d2 d3 d4 d5 d6 d7 d8 e1 e2 e3 e4 e5 e6 e7 e8 f1 f2 f3 f4 f5 f6 f7 f8 g1 g2 g3 g4 g5 g6 g7 g8 h1 h2 h3 h4 h5 h6 h7 h8 b2 b2-> f2-> f6 f2 f6 WORKING REGISTRATION PHASE Hash Value : A7FD9EBC210F Hashing Internal Representation : (b2f2f6) Hash Value is stored in the file as the user’s password 9/15
  • 10. WORKING LOGIN FLOWCHART START Generate New Randomized Grid Enter Next Vertex Of The Password Last Vertex Entered? Determine Vertex Position ON Grid Retrieve Hash Sequence Of The Original Password Hash Sequence Matched? Successful Login END No No Yes Yes Construct Final Hash Sequence Of The Password 10/15
  • 11. WORKING LOGIN PHASE USERNAME : PASSWORD : MIT W8 Q4R3 W8 R3 Q4 • The password “W8R3Q4” is internally recognized as the sequence “b2f2f6”. • The Hash Value of this sequence is matched against the file. • If the match is found, corresponding user is successfully logged into the system. 11/15
  • 12. WHY BETTER ? Sr. No. Types Of Attacks Vulnerability Text-Based Passwords Previous GPS MGPS 1. Brute-force High Moderate Low 2. Dictionary High NA NA 3. Shoulder Surfing Moderate High Very Low 4. Guessing High Moderate Low 5. Key Logging Very High Negligible Negligible 6. Rainbow Tables Moderate Moderate Comparatively Low 12/15
  • 13. FUTURE ENHANCEMENTS • Implementation on Network Client-Server Architecture • Devising methods to improve the memorability for complex passwords • Optimization for low memory hand-held devices 13/15
  • 14. CONCLUSION • Our system is very much resistant to various attacks which are possible on the current password systems. • Combination of graphical pattern and textual input makes the system unique in its own way. 14/15
  • 15. 15/15