The document proposes two new authentication schemes for PDAs that use session passwords. Session passwords are one-time passwords generated for each login. The first scheme generates passwords based on pairs of letters from a secret text password and their intersections on a grid. The second scheme has users rate colors during registration, and session passwords are generated by the intersections of those colors on a color grid and number grid displayed during login. Both schemes aim to be resistant to dictionary attacks, brute force attacks, and shoulder surfing by changing the grids each time. The techniques were proposed to provide authentication for PDAs but require further testing for usability and effectiveness.
Authentication Schemes for Session Passwords using Color and ImagesIJNSA Journal
Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
An Ancient Indian Board Game as a Tool for AuthenticationIJNSA Journal
User authentication is the first phase of information security. Users should remember their passwords and recall them for authentication. Text based passwords is the traditional method for authentication. Short and simple passwords are memorable and usable but not secure. Random and lengthy passwords are secure but not memorable and usable. Graphical password schemes are introduced as alternatives to text based schemes. Few grid based authentication techniques are also proposed. The purpose of this paper is to introduce a tool to enhance the memorability and security of passwords which also provides usability. The most popular ancient Indian board game “Snakes and Ladders” is used as a tool for authentication.
Color Based Authentication Scheme for Publically Disclosable EntitiesIJERA Editor
Traditional password authentication system are not strong enough to cope up with the current age of cyber-crime. It’s high time that new password authentication schemes are explored and studied. This paper aims to provide an authentication system based on color recognition which would provide a way to encrypt both the username and password. The Color based authentication system would provide an efficient way to encrypt account details for sensitive applications like defense and banking.
Graphical Password Authentication using image Segmentation for Web Based Appl...ijtsrd
One of the most important topics in information security today is user authentication. User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumeric passwords are the most common type of user authentication. They are versatile and easy to implement and use. However, it can either be long and secure or short and hard to remember. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, graphical passwords have been designed to try to make password more memorable and easier for people to use, and it is less vulnerable to brute force attacks than a text based password. The aim of the system is to implement a strong security. The proposed system segments the image like a grid, which has a maximum four fragments. Then, each segment of the image is dragged in a particular sequence onto an empty grid of size 6x6 and placed on a particular segment of the empty grid, to form the user' password. When the user logs into the system, the user needs to drag each segment of the image onto the same empty grid of size 6x6 in the correct sequence and position of the segments that user had specified during registration. Maw Maw Naing | Ohnmar Win ""Graphical Password Authentication using image Segmentation for Web Based Applications"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd25184.pdf
Paper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/25184/graphical-password-authentication-using-image-segmentation-for-web-based-applications/maw-maw-naing
USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDSIJNSA Journal
Information security is necessary for any organization. Intrusion prevention is the basic level of security which requires user authentication. User can be authenticated to a machine by passwords. Traditional textual passwords are vulnerable to many attacks. Graphical passwords are introduced as alternatives to textual passwords to overcome these problems. This paper introduces native language passwords for authentication. Native language character set consists of characters with single or multiple strokes. User can select one (or more) character(s) for his password. The shape and strokes of the characters are used for authentication.
Authentication Schemes for Session Passwords using Color and ImagesIJNSA Journal
Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
An Ancient Indian Board Game as a Tool for AuthenticationIJNSA Journal
User authentication is the first phase of information security. Users should remember their passwords and recall them for authentication. Text based passwords is the traditional method for authentication. Short and simple passwords are memorable and usable but not secure. Random and lengthy passwords are secure but not memorable and usable. Graphical password schemes are introduced as alternatives to text based schemes. Few grid based authentication techniques are also proposed. The purpose of this paper is to introduce a tool to enhance the memorability and security of passwords which also provides usability. The most popular ancient Indian board game “Snakes and Ladders” is used as a tool for authentication.
Color Based Authentication Scheme for Publically Disclosable EntitiesIJERA Editor
Traditional password authentication system are not strong enough to cope up with the current age of cyber-crime. It’s high time that new password authentication schemes are explored and studied. This paper aims to provide an authentication system based on color recognition which would provide a way to encrypt both the username and password. The Color based authentication system would provide an efficient way to encrypt account details for sensitive applications like defense and banking.
Graphical Password Authentication using image Segmentation for Web Based Appl...ijtsrd
One of the most important topics in information security today is user authentication. User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumeric passwords are the most common type of user authentication. They are versatile and easy to implement and use. However, it can either be long and secure or short and hard to remember. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, graphical passwords have been designed to try to make password more memorable and easier for people to use, and it is less vulnerable to brute force attacks than a text based password. The aim of the system is to implement a strong security. The proposed system segments the image like a grid, which has a maximum four fragments. Then, each segment of the image is dragged in a particular sequence onto an empty grid of size 6x6 and placed on a particular segment of the empty grid, to form the user' password. When the user logs into the system, the user needs to drag each segment of the image onto the same empty grid of size 6x6 in the correct sequence and position of the segments that user had specified during registration. Maw Maw Naing | Ohnmar Win ""Graphical Password Authentication using image Segmentation for Web Based Applications"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd25184.pdf
Paper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/25184/graphical-password-authentication-using-image-segmentation-for-web-based-applications/maw-maw-naing
USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDSIJNSA Journal
Information security is necessary for any organization. Intrusion prevention is the basic level of security which requires user authentication. User can be authenticated to a machine by passwords. Traditional textual passwords are vulnerable to many attacks. Graphical passwords are introduced as alternatives to textual passwords to overcome these problems. This paper introduces native language passwords for authentication. Native language character set consists of characters with single or multiple strokes. User can select one (or more) character(s) for his password. The shape and strokes of the characters are used for authentication.
An Improving Method of Grid Graphical Password Authentication SystemIJERA Editor
Security in the computer is largely supported by passwords for authentication process. Alphanumeric passwords still remain as the most common Authentication method. This conventional authentication method has been shown to be susceptible security threats such as phishing attack, brute force attack, dictionary attack, spyware attack etc. To overcome the vulnerabilities of traditional methods, a numerous graphical password authentication systems have been designed. These graphical passwords are usually seen as complex and time consuming. Furthermore, the existing graphical passwords are susceptible to spyware and shoulder surfing attacks. In this system we propose this 2 step random colored grid graphical password scheme to abolish the above mentioned well known security threats. Considering the drawbacks of the existing graphical password systems, we have proposed a robust graphical password scheme, which is highly adaptable for traditional desktop systems, smart phones and other web applications
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Password prevents unauthorized access to the data and also provides high security and confidentiality. Due to
various drawbacks in text based passwords, graphical password authentication was developed as an alternative.
Graphical passwords also provide more security when compared to text based. In graphical password authentication,
users click on images to set their passwords. Images are generally easier to be remembered than text. In graphical
password authentication users can set images as their password. Caesar Cipher Technique is an encryption
technique used for secure transmission of textual data. In this paper, this technique is applied for graphical
password in order to provide enhanced security to the user.
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEMNexgen Technology
TO GET THIS PROJECT COMPLETE SOURCE ON SUPPORT WITH EXECUTION PLEASE CALL BELOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM,WWW.FINALYEAR-IEEEPROJECTS.COM, EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
a study on various techniques on graphical password authentication.
A key area in security research is authentication. Access to system is mostly based on the use of alpha numeric passwords. User felt difficult in remembering the password as that is long and randomly selected and how many passwords will user remember?, it made a complex procedure.
It presents comparison between Persuasive Cued Click Point Graphical Password scheme and Improved Persuasive Cued Click Points. One such category is click-based graphical passwords where a password is composed of a series of clicks on one or more pixel-based images .To log in, user re-select their click-points in the correct order. Click-points that fall within some acceptable tolerance of the original points should be accepted by the system since it is unrealistic to expect users to accurately target individual pixels.
Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc. Mostly textual passwords follow an encryption algorithm as mentioned aboveBiometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning). Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc. Years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
An Improving Method of Grid Graphical Password Authentication SystemIJERA Editor
Security in the computer is largely supported by passwords for authentication process. Alphanumeric passwords still remain as the most common Authentication method. This conventional authentication method has been shown to be susceptible security threats such as phishing attack, brute force attack, dictionary attack, spyware attack etc. To overcome the vulnerabilities of traditional methods, a numerous graphical password authentication systems have been designed. These graphical passwords are usually seen as complex and time consuming. Furthermore, the existing graphical passwords are susceptible to spyware and shoulder surfing attacks. In this system we propose this 2 step random colored grid graphical password scheme to abolish the above mentioned well known security threats. Considering the drawbacks of the existing graphical password systems, we have proposed a robust graphical password scheme, which is highly adaptable for traditional desktop systems, smart phones and other web applications
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Password prevents unauthorized access to the data and also provides high security and confidentiality. Due to
various drawbacks in text based passwords, graphical password authentication was developed as an alternative.
Graphical passwords also provide more security when compared to text based. In graphical password authentication,
users click on images to set their passwords. Images are generally easier to be remembered than text. In graphical
password authentication users can set images as their password. Caesar Cipher Technique is an encryption
technique used for secure transmission of textual data. In this paper, this technique is applied for graphical
password in order to provide enhanced security to the user.
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEMNexgen Technology
TO GET THIS PROJECT COMPLETE SOURCE ON SUPPORT WITH EXECUTION PLEASE CALL BELOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM,WWW.FINALYEAR-IEEEPROJECTS.COM, EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
a study on various techniques on graphical password authentication.
A key area in security research is authentication. Access to system is mostly based on the use of alpha numeric passwords. User felt difficult in remembering the password as that is long and randomly selected and how many passwords will user remember?, it made a complex procedure.
It presents comparison between Persuasive Cued Click Point Graphical Password scheme and Improved Persuasive Cued Click Points. One such category is click-based graphical passwords where a password is composed of a series of clicks on one or more pixel-based images .To log in, user re-select their click-points in the correct order. Click-points that fall within some acceptable tolerance of the original points should be accepted by the system since it is unrealistic to expect users to accurately target individual pixels.
Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc. Mostly textual passwords follow an encryption algorithm as mentioned aboveBiometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning). Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc. Years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Authentication Scheme for Session Password using matrix Colour and Text IOSR Journals
The most common method used for authentication is Textual passwords. But textual passwords are
in risk to eves dropping, dictionary attacks, social engineering and shoulder surfing. Graphical passwords are
introduced as alternative techniques to textual passwords. Most of the graphical schemes are helpless to
shoulder surfing. To address this problem, text can be combined with images or colors to generate session
passwords for authentication. Session passwords can be used only once and every time a new password is
generated. In this paper, two techniques are proposed to generate session passwords using text and colors
which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.
TEXTUAL passwords have been the most widely used authentication method for decades. Comprised of number sand upper- and lower-case letters, textual passwords are considered strong enough to resist against brute force
attacks. However, a strong textual password is hard to memorize and recollect .Therefore, users tend to choose passwords that are either short or from the dictionary, rather than random alphanumeric strings.
Various graphical password authentication schemes
were developed to address the problems and weaknesses associated with textual passwords. Based on some studies such as those in , humans have a better ability to memorize images with long-term memory(LTM) than verbal representations. Image-based passwords were proved to be easier to recollect in several user studies As a result, users can set up a complex authentication password and are capable of recollecting it after a long time even if the memory is not activated periodically.
The human actions such as choosing bad passwords for
new accounts and inputting passwords in an insecure way for later logins are regarded as the weakest link in the authentication chain [16]. Therefore, an authentication scheme should be designed to overcome these vulnerabilities.
In this paper, we present a secure graphical authentication system named Pass Matrix that protects users from becoming victims of shoulder surfing attacks when inputting passwords in public through the usage of one-time login indicators. A login indicator is randomly generated for each pass-image and will be useless after the session terminates. The login indicator provides better security against shoulder surfing attacks, since users use a dynamic pointer to point out the position of their passwords rather than clicking on
the password object directly.
A Well Known Tool Based Graphical Authentication Technique cscpconf
Authentication is the first step of information security. Authentication schemes require users to
memorize the passwords and recall them during log-in time. Traditional text-based
authentication schemes have memorability problems for secure passwords. Graphical password
schemes are introduced as alternatives to text based schemes. Many techniques have been
designed using single image or multiple images. Few grid based authentication techniques are
proposed. This paper introduces a new authentication technique based on a well known tool.
The most popular game especially in rural areas, “Snakes and Ladders” is used as a tool in
authentication technique. The usage of this tool increases the memorability and usability of
passwords.
A Well Known Tool Based Graphical Authentication Technique cscpconf
Authentication is the first step of information security. Authentication schemes require users to
memorize the passwords and recall them during log-in time. Traditional text-based
authentication schemes have memorability problems for secure passwords. Graphical password
schemes are introduced as alternatives to text based schemes. Many techniques have been
designed using single image or multiple images. Few grid based authentication techniques are
proposed. This paper introduces a new authentication technique based on a well known tool.
The most popular game especially in rural areas, “Snakes and Ladders” is used as a tool in
authentication technique. The usage of this tool increases the memorability and usability of
passwords.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Abstract - A password is a sequence of characters used to determine whether the user is authenticated or not. Nowadays most of the password is text-based. Since text based password is hard to remember people try to use simple memorable password such as pet names, phone number, etc. which are easy to break by intruders. The main idea behind the paper is to replace the text-based passwords by image based password and encrypt using RSA algorithm. Our experimental result shows that image passwords are easy to remember, better than the text.
Abstract - A password is a sequence of characters used to determine whether the user is authenticated or not. Nowadays most of the password is text-based. Since text based password is hard to remember people try to use simple memorable password such as pet names, phone number, etc. which are easy to break by intruders. The main idea behind the paper is to replace the text-based passwords by image based password and encrypt using RSA algorithm. Our experimental result shows that image passwords are easy to remember, better than the text.
— A CAPTCHA means "Completely Automated
Public Turing test to tell Computers and Humans Apart". It is a
type of challenge-response test used in computing to determine
whether or not the user is human. CaRP is both a Captcha and a
graphical password scheme. CaRP addresses a number of
security problems altogether, such as online guessing attacks,
relay attacks, and, if combined with dual-view technologies,
shoulder-surfing attacks. Particularly, a CaRP password can be
found only probabilistically by automatic online guessing attacks,
even if the password is in the search set. CaRP also offers an
approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, which
often leads to weak password choices. Thus, a variant to the
login/password scheme, using graphical scheme was introduced.
But it also suffered due to shoulder-surfing and screen dump
attacks. Thus it introduces a framework to proposed (IPAS)
Implicit Password Authentication System, which is protected to
the common attacks suffered by other authentication schemes.
Folder Security Using Graphical Password Authentication Schemepaperpublications3
Abstract: Now a day most of the user are facing problem for providing the security to the folder, so that it will not be accesses by the unauthorized user. Taking in action all these problems I have designed a model which will provide a best security to your folders using graphical password authentication model. Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called Pass Points, and evaluated it with human users. Beginning around 1999, a multitude of graphical based password scheme which have been proposed as alternative to text based password scheme, motivated by the promise of improved password memorability and thus usability. This paper presents a detailed evaluation of the Pass Points and pattern matching password scheme which provides high level of security and provides security to your folder.
Many security primitives are supported hard
mathematical problems. Passwords remain the foremost
widely used authentication method despite their well-known
security weaknesses. CAPTCHA authentication is clearly a
practical problem.
Passblot: A Highly Scalable Graphical One Time Password SystemIJNSA Journal
User authentication is necessary to secure the data and process on Internet and in digital devices. Static text based authentication are most widely employed authentication systems for being inexpensive and highly scalable. But they are prone to various types of active and passive attacks. The constant need of extending them to increase security is making them less usable. One promising alternative is Graphical
authentication systems, which if implemented properly are more secure but have their own drawbacks. In this paper, we discuss in detail the extension of our previous work Passblot [18], a unique graphical authentication system. It generates pseudo random one time passwords using a set of inkblots, unique to
each user. Properties of one time passwords ensure the resistance towards various common attacks and the uniqueness of human perception makes it usable. We demonstrate how our system effectively mitigates various attacks and analyse the results from various experiments conducted.
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONcscpconf
Phishing, a serious security threat to Internet users is an e-mail fraud in which the perpetrator
sends out an email which looks like legitimate, in an order to gather personal and financial
information of the receiver. It is important to prevent such phishing attacks. One of the ways to
prevent the password theft is to avoid using passwords and to authenticate a user without a text
password. In this paper, we are proposing an authentication service that is image based and
which eliminates the need for text passwords. Using the instant messaging service available in
internet, user will obtain the One Time Password (OTP) after image authentication. This OTP
then can be used by user to access their personal accounts. The image based authentication
method relies on the user’s ability to recognize pre-chosen categories from a grid of pictures.
This paper integrates Image based authentication and HMAC based one time password to
achieve high level of security in authenticating the user over the internet. These algorithms are
very economical to implement provided they are time synchronized with the user.
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
Jc2516111615
1. K.Nivetha, M. Muthumeena, R. Srinivasan / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1611-1615
Authentication Mechanisim For Session Passwords By Imposing
Color With Text
K.Nivetha1, M. Muthumeena2, R. Srinivasan3
1,2
PG Scholar, Dept of CSE, Vel Tech DR.RR & DR.SR Technical University, Avadi, Chennai-62.
3
Assistant Professor, Dept of CSE, Vel Tech DR.RR & DR.SR Technical University, Avadi, Chennai-62.
ABSTRACT
The most common method used for (PDs) are being used by the people to store their
authentication is Textual passwords. But textual personal and confidential information like
passwords are in risk to eves dropping, passwords and PIN numbers. Authentication
dictionary attacks, social engineering and should be provided for the usage of these devices.
shoulder surfing. Graphical passwords are In this paper, two new authentication schemes are
introduced as alternative techniques to textual proposed for PDAs. These schemes authenticate
passwords. Most of the graphical schemes are the user by session passwords. Session passwords
helpless to shoulder surfing. To address this are passwords that are used only once. Once the
problem, text can be combined with images or session is terminated, the session password is no
colors to generate session passwords for longer useful. For every login process, users input
authentication. Session passwords can be used different passwords. The session passwords
only once and every time a new password is provide better security against dictionary and brute
generated. In this paper, two techniques are force attacks as password changes for every
proposed to generate session passwords using session. The proposed authentication schemes use
text and colors which are resistant to shoulder text and colors for generating session passwords.
surfing. These methods are suitable for Personal
Digital Assistants. 2. RELATED WORKS
Dhamija and Perrig proposed a graphical
Key words: Authentication, session passwords, authentication scheme based on the Hash
shoulders surfing, Eves dropping. Visualization technique. In this system, the user
selects a certain number of images from a set of
1. INTRODUCTION random pictures during registration. Later, during
The most common method used for login the user has to identify the pre selected
authentication is textual password. The images for authentication from a set of images as
vulnerabilities of this method like eves dropping, shown in figure 1. Also, the process of selecting a
dictionary attack, social engineering and shoulder set of pictures from the picture database can be
surfing are well known. Arbitrary and lengthy tedious and time consuming for the user.
passwords can make the system secure. But the Akula and Devisetty’s algorithm is similar to the
main problem is the difficulty of remembering technique proposed by Dhamija and Perrig. The
those passwords. Studies have shown that users difference is that by using hash function SHA-1,
tend to pick short passwords or passwords that are which produces a 20 byte output, the authentication
easy to remember. Unfortunately, these passwords is secure and require less memory. The authors
can be easily guessed or broken. The alternative suggested a possible future improvement by
techniques are graphical passwords and biometrics. providing persistent storage and this could be
But these two techniques have their own deployed on the Internet, cell phones and PDA's.
disadvantages. Biometrics, such as finger prints,
iris scan or facial recognition have been introduced
but not yet widely adopted. The major drawback
of this approach is that such systems can be
expensive and the identification process can be
slow. There are many graphical password schemes
that are proposed in the last decade. But most of
them suffer from shoulder surfing which is
becoming quite a big problem. There are graphical
passwords schemes that have been proposed which
are resistant to shoulder-surfing but they have their
own drawbacks like usability issues or taking more
time for user to login. Personal Digital Assistants
1611 | P a g e
2. K.Nivetha, M. Muthumeena, R. Srinivasan / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1611-1615
Figure 1.Random images used by Dhamija and
Perrig.
“Pass face” is a technique developed by Real User that people can recall human faces easier than other
Corporation the user will be asked to choose four pictures.
images of human faces from a face database as
their future password. In the authentication stage,
the user sees a grid of nine faces, consisting of one
face previously chosen by the user and eight decoy
faces (Figure 2). The user recognizes and clicks
anywhere on the known face. This procedure is
repeated for several rounds. The user is
authenticated if he/she correctly identifies the four
faces. The technique is based on the assumption Figure 2. An example of Pass faces.
Davis, et al. Studied the graphical passwords their unique password (figure 4). A user is asked to
created using the Pass face technique and found draw a simple picture on a 2D grid. The
obvious patterns among these passwords. For coordinates of the grids occupied by the picture are
example, most users tend to choose faces of people stored in the order of the drawing. During
from the same race. This makes the Pass face authentication, the user is asked to re-draw the
password somewhat predictable. This problem may picture. If the drawing touches the same grids in
be alleviated by arbitrarily assigning faces to users, the same sequence, then the user is authenticated.
but doing so would make it hard for people to This authentication scheme is vulnerable to
remember the password. shoulder surfing.
Jermyn, et al. proposed a technique, called “Draw -
a - secret (DAS)”, which allows the user to draw
Figure 4. (DAS) technique proposed by Jermyn.
3. NEWEST METHODS FOR
To overcome shoulder-surfing challenge, AUTHENTICATION
many methods have been proposed. One of such Authentication technique consists of 3
technique is designed by Man, et al[10].In this phases: registration phase, login phase and
system, the user selects many portraits as the pass verification phase. During registration, user enters
objects. Each pass object is allotted an inimitable his password in first method or rates the colors in
code. During the verification process, the user has the second method. During login phase, the user
to input those unique codes of the pass objects in has to enter the password based on the interface
the login interfaces presented by the System. displayed on the screen. The system verifies the
Though the scheme resists the hidden camera, the password entered by comparing with content of the
user has to memorize all pass object codes. In this password generated during registration.
way, many other graphical authentication schemes
and their drawbacks are presented in a latest survey 3.1. PAIR-BASED AUTHENTICATION
paper METHOD
1612 | P a g e
3. K.Nivetha, M. Muthumeena, R. Srinivasan / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1611-1615
During registration user submits his password. login phase, when the user enters his username an
Minimum length of the password is 8 and it can be interface consisting of a grid is displayed. The grid
called as secret pass. The secret pass should contain is of size 6 x 6 and it consists of alphabets and
even number of characters. Session passwords are numbers. These are randomly placed on the grid
generated based on this secret pass. During the and the interface changes every time.
Figure 5: Login interface.
Figure 5 shows the login interface. User has to pairs. The session password consists of alphabets
enter the password depending upon the secret pass. and digits.
User has to consider his secret pass in terms of
Figure: 6 Intersection letter for the pair AN
The first letter in the pair is used to select 3.2 HYBRID TEXTUAL AUTHENTICATION
the row and the second letter is used to select the SCHEME
column. The intersection letter is part of the session During registration, user should rate colors
password. This is repeated for all pairs of secret as shown in figure 7. The User should choose the
pass. Figure 6 shows that L is the intersection colors from 1 to 8 and they can remember it as
symbol for the pair “AN”. The password entered by “RLYOBGIP”. Same rating can be given to
the user is verified by the server to authenticate the different colors. During the login phase, when the
user. If the password is correct, the user is allowed user enters his username an interface is displayed
to enter in to the system. The grid size can be based on the colors selected by the user. The login
increased to include special characters in the interface consists of grid of size 8×8. This grid
password. contains digits 1-8 placed randomly in grid cells.
The interface also contains strips of colors as
shown in figure 18. The color grid consists of 4
pairs of colors. Each pair of color represents the
row and the column of the grid.
1613 | P a g e
4. K.Nivetha, M. Muthumeena, R. Srinivasan / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1611-1615
Figure 7: Choosing the colors by the user
Figure 10: Login interface
Figure 8 shows the login interface having DICTIONARY ATTACK
the color grid and number grid of 8 x 8 having These are attacks directed towards textual
numbers 1 to 8 randomly placed in the grid. passwords. Here in this attack, hacker uses the set
Depending on the ratings given to colors, we get of dictionary words and authenticate by trying one
the session password. As discussed above, the first word after one. The Dictionary attacks fails
color of every pair in color grid represents row and towards our authentication systems because session
second represents column of the number grid. The passwords are used for every login.
number in the intersection of the row and column Shoulder Surfing These techniques are
of the grid is part of the session password. Consider Shoulder Surfing Resistant. In Pair based scheme,
the figure 9 ratings and figure 10 login interfaces resistance is provided by the fact that secret pass
for demonstration. The first pair has red and yellow created during registration phase remains.
colors. The red color rating is 1 and yellow color
rating is 3. So the first letter of session password is 5. CONCLUSION
1st row and 3rd column intersecting element i.e. 3. In this paper, two authentication
The same method is followed for other pairs of techniques based on text and colors are proposed
colors. For figure 8 the password is “3573”. Instead for PDAs. These techniques generate session
of digits, alphabets can be used. For every login, passwords and are resistant to dictionary attack,
both the number grid and the color grid get brute force attack and shoulder-surfing. Both the
randomizes so the session password changes for techniques use grid for session passwords
every session. generation. Pair based technique requires no special
type of registration; during login time based on the
4. ANALYSIS FOR SECURITY grid displayed a session password is generated. For
As the interface changes every time, the hybrid textual scheme, ratings should be given to
session password changes. This technique is colors, based on these ratings and the grid
resistant to shoulder surfing. Due to dynamic displayed during login, session passwords are
passwords, dictionary attack is not applicable. generated. However these schemes are completely
Hidden camera attacks are not applicable to PDAs new to the users and the proposed authentication
because it is difficult to capture the interface in the techniques should be verified extensively for
PDAs. usability and effectiveness.
1614 | P a g e
5. K.Nivetha, M. Muthumeena, R. Srinivasan / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1611-1615
REFERENCES [14] S. Man, D. Hong, and M. Mathews, "A
[1] R. Dhamija and A. Perrig. “Déjà Vu: A shoulder surfing resistant graphical
User Study Using Images for password scheme," in Proceedings of
Authentication”. In 9th USENIX Security International conference on security and
Symposium, 2000. management. Las Vegas, NV, 2003.
[2] Real User Corporation: Passfaces. [15] X. Suo, Y. Zhu and G. Owen, “Graphical
www.passfaces.com Passwords: A Survey”. In Proc.
[3] Jermyn, I., Mayer A., Monrose, F., Reiter, ACSAC'05.
M., and Rubin, “The design and analysis [16] Z. Zheng, X. Liu, L. Yin, Z. Liu “A
of graphical passwords” in Proceedings of Hybrid password authentication scheme
USENIX Security Symposium, August based on shape and text” Journal of
1999. Computers, vol.5, no.5 May 2010.
[4] A. F. Syukri, E. Okamoto, and M. [17] M. Sreelatha, M. Shashi , M. Anirudh
Mambo, "A User Identification System ,MD Sultan Ahamer 1, Network Security
Using Signature Written with Mouse," in & Its Applications Vol.3, No.3, May
Third Australasian Conference on 2011.
Information Security and Privacy
(ACISP): Springer- Verlag Lecture Notes
in Computer Science (1438), 1998, pp.
403-441.
[5] G. E. Blonder, "Graphical passwords," in
Lucent Technologies, Inc., Murray Hill,
NJ, U. S. Patent, Ed. United States, 1996.
[6] Passlogix, site http://www.passlogix.com.
[7] Haichang Gao, Zhongjie Ren, Xiuling
Chang, Xiyang Liu Uwe Aickelin, “A
New Graphical Password Scheme
Resistant to Shoulder-Surfing
[8] S. Wiedenbeck, J. Waters, J.C. Birget, A.
Brodskiy, N. Memon, “Design and
longitudinal evaluation of a graphical
password system”. International J. of
Human-Computer Studies 63 (2005) 102-
127.
[9] W. Jansen, "Authenticating Mobile
Device User through Image Selection," in
Data Security, 2004.
[10] W. Jansen, "Authenticating Users on
Handheld Devices “in Proceedings of
Canadian Information Technology
Security Symposium, 2003.
[11] D. Weinshall and S. Kirkpatrick,
"Passwords You’ll Never Forget, but
Can’t Recall," in Proceedings of
Conference on Human Factors in
Computing Systems (CHI). Vienna,
Austria: ACM, 2004, pp. 1399-1402.
[12] J. Goldberg, J. Hagman, V. Sazawal,
"Doodling Our Way to Better
Authentication", CHI '02 extended
abstracts on Human Factors in Computer
Systems, 2002.
[13] H. Zhao and X. Li, "S3PAS: A Scalable
Shoulder-Surfing Resistant Textual-
Graphical Password Authentication
Scheme," in 21st International Conference
on Advanced Information Networking and
Applications Workshops (AINAW 07),
vol. 2. Canada, 2007, pp. 467-472.
1615 | P a g e