SURVEY ON DIFFERENT ENDORSEMENT TECHNIQUES

P.P WAKODIKAR, 2A.R BHAGAT PATIL, 3A.S. BHATTACHARYA

1,3

Department of Computer Science and Engineering, GHRIETW, 440016, Nagpur, MH, INDIA
2
Department of Computer Technology, YCCE, 441110, Nagpur, MH, INDIA

Abstract- User endorsement is one of the most important components in information security. Different types of validations
are used to prevent user account. But these authentication methods are not safe from a mugger. These endorsement
techniques suffer from various kinds of unwanted interruption such as words attacks, possible keys attack, human error
attacks, etc. This survey proves that word based attack is widely performed during authentication nowadays. Word based
interruption defined in two ways: operative case and down case. While down case word attacks are possible when the
adversary is able to hack or get the data through communication channel where as the operative case word attack is easy to
perform and there are no groovy solutions available. This survey deals with different endorsement technique which is used to
prevent user accounts in various ways.
Index Terms- Online Security, Dextral Based Attack, Pictorial Based Attack.

I.

INTRODUCTION:

Hidden Private Data

Dextral based

Pictorial based
1.1The dextral based technique consists of following
survey.
1.1.1
EKE- S.M Bellovin and M Merritt
discussed about the combination of public and secret
key to prevent password attacks in insecure network.
Found it to be more effective in preventing user for
selecting easily guessable passwords and various
online attacks.

Computer security depends on trustworthy user

authentication to an extent. To provide the same we
have two traditions, first- dextral based passwords, in
which user uses alphabets in upper or small case,
numeric values and special symbols.
The combination of all these values will create a
password more complex. But humans generally
create easy combinations to memorize passwords, but
it affects the security & hard combinations affect
relevance. Remembrance of the image is rather
smooth as compared to the dextral based password.
And to overcome the security & usability issues
instead of dextral based passwords, pictorial based
passwords are widely used. Image based passwords
comprise two actions Recognition and recall. In
recognition user have to select & click on the image,
whereas in recall, it has to identify the pre-selected
image. Various techniques are used for guaranteeing
endorsement such as Smart card, biometric system,
etc., but such system has various drawbacks i.e. value
or hardware requirement. Nevertheless, these
techniques are also challenged with encrypted
questions & users dislike these types of challenges
which offer unnecessary extra step in authentication.
These techniques are sensitive to different types of
attacks such as a dictionary based attack, brute force
attack, spyware attack, human error attacks, etc. So,
all these attacks will be reduced by selecting a strong
password. Strong password means having greater
courage.
II.

1.1.2
3P-EKE- Hen-Tyan Yeh, Hung- Min Sun
and Tzonelih Hwang discuss the way to generate a
session key for communication. This paper shows
two techniques, first one way authentication and
another with 3 party authentications, which generate a
secure session key for transformation of information.
1.1.3
Computational
challenge
systemComputational challenge protocol deals with online
dictionary attacks observed by Vipul Goyal, Virendra
Kumar, Mayank Singh, Ajith Abraham and Sugata
Sanyal. This protocol uses one way hash function as
the stepping stones and extract online dictionary
attacks by implementing an input-output scheme but
found out very time consuming technique.
1.1.4
RBGP- This paper talk about the issue
whether the RBGP is related to salvation or not.
Several surveys are done by Rosanne, Ron Poet
shows that there remains no effective way of counting
the level of surveillance of and discusses it with
threat model. This paper analyses different type of
attacks performance with this threat model.

OUTLINE BIOGRAPHY:

This review paper consists of following survey,

which divides the hidden private data into two parts
such as-

1.1.5
S3PAS scheme- One hybrid technique is
developed by Huanyu Zhao and Xiaolin Li . In this
system the dextral word is combined with graphics to
reduce text based, password deficiency. This

Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
80

Survey on Different Endorsement Techniques

technique is specially designed to mitigate shoulder

surfing attack, but this system is also suffering with
time constrain.

paper introduces new scheme, which is generally

used in small handsets where the password entry is
limited.

1.1.6
CCP- Chang Chang password secret
transformation rule deals with 3-party simple secret
transformation protocol, which is advanced version of
the 3PKEK protocol It deals with undetectable
attacks on password. Chang-Chang have proposed
novel 3- party key exchange protocol in which
parallel message transmission takes place to reduce
one message circuiting to prevent time and cost.

The main need for this handset is digital camcorder

which snatching the idol and set it as a password
instead of text based password. By such technique not
only custom is maintained, but also security
increases.
1.2.4
Passpoints- Paper basic concept isUsability issue directly affects the security issue. It
also discusses about previous technique which used
the biometric system or smartcards to prevent
account. But, due to various drawbacks, this system is
of no use. Author Susan Wiedenbeck Jim Waters,
Jean- Camillee Bringer Alex Brodskiy, Nasir Memon
also explain how to choose an image for his
password.

1.1.7
AKE Protocol- Author Yasunori Onda,
Seongtlan Shin, Kazukuni Kobara, Hideki Imai give
an introduction about the AKE protocol, which is
used to distinguish between dictionary attacks and
mistakenly typed error password. It uses MAC and
digital signature to distinguish dictionary from
another dirty deed.

1.2.5
Web based password- There are various
studies developed in password and password reuse
human tendency. In this Deine Florencio and Cormac
Herley find out details about countersign power, user
recorded each information about deduce like how
many numbers of invoice user has, number of
endeavours password per day, how often password
are shared. Generally, this paper works by human
doings of using a password.

1.1.8
PGRP- PGRP is very useful in password,
identifying charge. In this paper author Mansour
Alsaleh, Mohammad Mannan, P.C van Oorschot
deals with a restriction over number of trial and error
attempts to login certain account. It also shows that
how it is invulnerable to both dictionary and brute
force attack.
1.1.9
S3-PAS - Accomplished three level
evidences and key affiliation rule develop to give
bilateral evidence and key transformation which is
prevented against hidden word identifying attack.
Author R. Padmavathy [24] exchange view on three
types of defilement- Detectable, Undetectable and
Offline Attack

1.2.6
YAGP- D-A-S i.e Draw-A-Secrete is the
way, which is largely used in a pictorial scheme to
overcome the drawback of alphanumeric password. It
used the concept of DAS system and creates a new
technique YAGP.
Haichang Gao, Xuewu Guo, Xiaoping Chen, Liming
Wang, and Xiyang Liu shows that YAGP makes it
easy for the user and free with some restriction for
drawing. This paper also shows the usability
drawback of this system.

1.2 The pictorial based technique consists of

following survey.
1.2.1
Image CAPTCHA- The posture and
importance of the text based captcha were discussed
by Monica Chew and J.D Tygar, UC Berkely. The
observation of this paper is the way how image
captcha is used with their benefits and limitations.
This paper concentrates not only on the security
issues associated with captcha techniques, but also on
their usability.

1.2.7
User Friendly Password- Password which
is more user friendly as far as pictorial password is
concerned rather than text based key. In this paper
author Mohammed Misbahuddin, Dr P. Premchand,
Dr A. Govardhan talk about two types of password-Recognition based
-Recall based
This paper gives complete description about graphical
password and shows that this type of password is
more user friendly.

1.2.2
SSA- Author Kameswara Rao, Sushma
Yalamanchili bounces off survey on different textgraphical password technique. Author proposed two
techniques named as PPC and TPPC and compare it
with traditional text-based method and found it as
more restrictive to shoulder surfing, spyware, brute
force and random click attacks.

1.2.8
HOTSPOT problem- The iconic secret
execution as recognition based is facedown to hotspot
problem. To cut down the hotspot problem author
Kemal Bicakci, Nart Bedin Atalay, Mustafa Yuceel,
Hakan Gurbaslar, Burak Erdeniz develops two ways
called GPI and GPIS. This method is not only

1.2.3
A wase-E- Since passwords are very much
useful for user authentication, but remembering a
secret is also very important. But it affects the user
operability. And to maintain such operability this

Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
81

Survey on Different Endorsement Techniques

suitable for removing the password space problem,

but also prevents security and usability of the system.

1.2.15 Hybrid Graphical Password- hybrid

pictorial technique is a mixture of both recognition
based and recall based password. This type of
password proposed for palm talk device. Author
Wazir Zada Khan, Mohammad Y Aalsalem and Yang
Xiang vindicate discuss about the drawback of image
secret such as large interval or shoulder surfing
attack. To overcome from such limitation most
graphical secret craft recommend small mobile
devices (PDAs) as the ideal application environment.

1.2.9
Picture Attribute Selection- In this paper
the use of scene as a password is selected on the basis
of dimensions of the picture. These properties are
size, presentation and color and category of blueprint
which deals with the custom and security of the user.
This paper is based on lots of study made on these
attributes. The overall research shows the different
elicitation of icon according to their involvement,
which is very beneficial while picking images
according to their preferences.

1.2.16 Watermark technique- One argument with

graphical password is shoulder surfing populace. To
cutoff image gallery attack new innovation is used,
based on watermarking craft. Author Arash Habibi
Lashkari, Azizah Abdul Manaf also deals with
research on various executions, and descriptions
about six types of outbreaks.

1.2.10 RGGPW- Phen-Lan Lin, Li-Tung Weng,

and Po-Whei Huang first exhibit about various
bottom line of iconic password scheme since it uses
large capacity to store images. By using this
technique we can reduce storage volume and also it is
more secure as compared to the previous address. In
this craft the images are geometrically generated
hence there is no issue of remembering the password.

1.2.17 Click Draw Based- In this system author

Yuxin Meng alterkit proposed a new system called
CD-GPS which is combined version of previously
designed three techniques, hence it proved that it is
stronger and more user friendly password than any
other existing graphical techniques.

1.2.11 Finger Draw Password- doodle based,

password is generally developed for touch screen
constituents. This system also challenges with the
biometric system. But the biometric system has some
drawback which was removed by this system. Now-adays touch screen is extensively used. M. MartinezDiaz, C. Martin-Diaz, J. Galbally and J. Fierrez
confer about the performance of impression
detection. It elaborates inequality between doodle and
pseudo signature.

1.2.18 Create-A-Secret- Author Marc luard,

Yves Maetz And Davide Alessio introduces a very
interesting technique for memorizing pictorial
password. This new term is called as Gecu- it is the
picture which provides a surrogate choice for the
selected image. It defines new ways to increase the
remembering power of user by introducing practice
phase at the time of registration.

1.2.12 ColorLogin- After various studies this paper

confers new manner to reduce the shoulder surfing
attack on graphical password. With colorLogin
scheme, this reduces login time with user satisfaction
about remembering and preventing from different
kinds of attacks

1.2.19 SOGA- Discusses about the new guess

ability attack known as semantic ordered guessing
attack abbreviated as SOGA by author Rosanne and
Ron Poet. This paper compares two artistry of
acceptance based as faces and story. It bounces off
two techniques for justification first is a doodle and
recognition based system and calculates results based
on these experiments.

1.2.13 DWT- This assignment by Takao Miyachi,

Keita Takahashi, Madoka Hasegawa, Yuichi Tanaka,
Shigeo Kato exchange views about the encroachment
which will be generally performed on password, and
to tone down certain type of attack as shoulder
surfing populace address is used as iconic way . By
considering the logic of DWT the original images is
blended with another image and generate a fusion of
image which was given to the user to select his
hidden words. This paper also argues with the
popular result generated during the discussion.

1.2.20 Cude-Click Point- Cude click point is the

recall based technique developed by Sonia Chiasson,
P. C. Oorschot, Robert Biddle. In such systems, users
identify and target previously selected locations by
one click point as compared to passpoint technique.
The images act as mnemonic cues to aid recall and
prevent it from the different anti-social activity.
1.2.21 Edgepass- In this paper Housam Khalifa
Bashier, Lau Siong Hoe discusses about Edge Pass
technique. Human can identify an entity by their limb
this concept is used in EdgePass algorithm. This
technique finds out whether the rim is dark or light
and according to that, it will decide whether it is a
margin of the background of the image. It also
discusses about useful methods in corner detection
algorithm.

1.2.14 New DAS System- This paper works with

drawing password according to user convenience,
which was inspired by the DAS system. Author
Haichang Gao, Zhongjie Ren, Xiuling Chang, Xiyang
Liu, Uwe Aickelin explains about the different
features provide to draw a secret and prevent it from
well known shoulder surfing attack.

Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
82

Survey on Different Endorsement Techniques

Notes in Computer Science on pages 359 to 374, 2007.
http://dx.doi.org/10.1007/978-3-540-74835-9_24

CONCLUSION:
This paper makes two kinds of contribution. First
relate to security constraint and another is password
persistent. From the related survey, it comes to know
that there are various addresses available to make
user password more secure and memorable, but there
is no proper solution to mitigate different types of
attacks over passwords. Since to make password
stronger and harder to guess pictorial password is the
best solution which makes user convenient to select
password of user own choice.

[12] Mohammed Misbahuddin, Dr P. Premchand, Dr A.

Govardhan A User Friendly Password authenticated Key
Agreement for Web based service, International
Conference on Innovations in Information Technology,
(ICIIT) IEEE 2008. http://dx.doi.org/ 10.1109/innovations
.2008.4781766
[13] Muhammad Daniel Hafiz B. Abdullah1, Abdul Hanan
B.Abdullah2, Norafida Ithnin3, Hazinah Kutty Mammi4,
Graphical Password: Users Affinity of Choice An
Analysis of Picture Attributes Selection, International
Symposium on Information Technology (ITSIT) Vol 3
IEEE 2008. http://dx.doi.org/10.1109/itsim.2008.4632021
[14] Phen-Lan Lin, Li-Tung Weng, Po-Whei Huang, Graphical
Passwords Using Images with Random Tracks of Geometric
Shapes Congress on Image and Signal Processing (CISP)
2008. http://dx.doi.org/10.1109/cisp.2008.603

REFERENCES:
[1]

[2]

[3]

[4]

[5]

[6]

Steven M. Bellovin, Michael Merritt Encrypted

Key
Exchange: Password Based Protocol Secure Against
Dictionary Attacks, Symposium on research in security and
privacy
(RISP),
IEEE
1992.
http://dx.doi.org/
10.1109/risp.1992.213269

[15] Haichang Gao, Xuewu Guo, Xiaoping Chen, Liming Wang,

and Xiyang Liu, YAGP: Yet Another Graphical Password
Strategy Annual Computer Security Applications
Conference
(ACSAC)IEEE
2008.
http://dx.doi.org/10.1109/acsac.2008.19

Tetsuji TAKADA and Hideki KOIKE A wase-E: Image

Based Authentication for Mobile Phones Using users
Favourite Images Lecture notes in Computer Science on
pages 347 to 351, 2003. http://dx.doi.org/10.1007/978-3540-45233-1_26

[16] Kemal Bicakci, Nart Bedin Atalay, Mustafa Yuceel, Hakan

Gurbaslar, Burak Erdeniz, Towards Usable Solutions to
Graphical Password Hotspot Problem 33rd Annual
International Computer Software and Applications
Conference (ICSAC) IEEE 2009. http://dx.doi.org
/10.1109/compsac.2009.153

Monica Chew and J.D Tygar, UC Berkely, Image

Recognition CAPTCHA, 7th international Information
Security Conference, Springer 2004. http://dx.doi.org/
10.1007/978-3-540-30144-8_23

[17] Padmavathi,R Improved Analysis on Chang and Chang

Password Key Exchange Protocol , Advances in
Computing,Control and Telicommunication Technology
(AICCTT) 2009. http://dx.doi.org/10.1109/act.2009.197

Hen-Tyan Yeh, Bing-Chang Chen, and Tzonelih Hwang

Secure Key Agreement Protocols For Three Party Against
Guessing Attacks, Journal of System and Software (JSS)
2005. http://dx.doi.org/10.1016/j.jss.2003.11.017

[18] Haichang Gao, Xiyang Liu, Ruyi Dai, Sidong Wang, and
Xiuling Chang, Analysis and Evaluation of the ColorLogin
Graphical Password Scheme, 5th International Conference
on Image and Graphics (ICIG) 2009. http://dx.doi.org
/10.1109/icig.2009.62

Susan Wiedenbeck Jim Waters, Jean- Camillee Bringer

Alex Brodskiy, Nasir Memon Authentication using
Graphical Password Effect of Tolerance and Image Choice,
Symposium on Usable Privacy and Security, 2005.
http://dx.doi.org/10.1145/1073001.1073002

[19] Haichang Gao, Zhongjie Ren, Xiuling Chang, Xiyang Liu,

Uwe Aickelin, A New Graphical Password Scheme
Resistant to Shoulder-Surfing,International Conference on
Cyberworlds (ICC) 2010. http://dx.doi.org/ 10.1109/
cw.2010.34

Vipul Goyal, Virendra Kumar, Mayank Singh, Ajith

Abraham and Sugata Sanyal, Comp Chall Addressing
Password Guessing Attacks, International Conference on
Information Technology Coding and Computing, (ITCC)
2005. http://dx.doi.org/ 10.1109/itcc.2005.107

[7]

P.C. van Oorschot and S. Stubblebine, On Countering

Online Dictionary Attacks with Login Histories and
Humans-in-the- Loop, Trans. Information and System
Security, vol. 9, no. 3, ACM 2006. http://dx.doi.org/
10.1007/978-3-540-27809-2_5

[8]

Deine Florencio and Cormac Herley, A Large Scale Study

Of Web Password Habits, Proceedings of the 16th
international conference on the World Wide Web(WWW)
ACM 2007. http://dx.doi.org/10.1145/1242572.1242661

[9]

Rosanne, Ron Poet, Towards a Metric for RecognitionBased Graphical Password Security, 5th International
Conference on Network and System Security (ICNSS)
IEEE 2007. http://dx.doi.org/10.1109/icnss.2011.6060007

[20] Yasunori Onda, Seongtlan Shin, Kazukuni Kobara, Hideki

Imai, How to distinguish On-line Dictionary attacks and
Password Mis-typing in Two-Factor Authentication,
International Symposium on Information Theory and Its
Applications (ISITA )IEEE 2010. http:// dx.doi.org/10.1109
/iisita.2010.5649727
[21] M. Martinez-Diaz, C. Martin-Diaz, J. Galbally and J.
Fierrez, A Comparative Evaluation of Finger-Drawn
Graphical Password Verification Methods, 12th
International Conference on Frontiers in Handwriting
Recognition (ICFHR) 2010. http://dx.doi.org/ 10.1109/icfhr
.2010.65
[22] akao Miyachi, Keita Takahashi, Madoka Hasegawa, Yuichi
Tanaka, Shigeo Kato, a study on memorability and
shoulder-surfing robustness of graphical password using
dwt-based image blending 28th Picture Coding Symposium
(PCS)2010. http://dx.doi.org/10.1109 /pcs.2010.5702441

[10] Huanyu Zhao and Xiaolin Li, S3PAS:A Scalable ShoulderSurfing

Resistant
Textual-Graphical
Password
Authentication Scheme, 21st International Conference on
Advanced Information Networking and Applications
Workshops (AINAW) IEEE 2007. http://dx.doi.org/
10.1109/ainaw.2007.317

[23] Liming Wang, Xiuling Chang, Zhongjie Ren, Haichang

Gao, Xiyang Liu, Uwe Aickelin, Against Spyware Using
CAPTCHA in Graphical Password Scheme, 24th
international conference on advance information networking
and application (AINA) IEEE 2010 http://dx.doi.org/
10.1109/aina.2010.46

[11] Sonia Chiasson, P. C. Oorschot, Robert Biddle, Graphical

Password Authentication Using Cude Click Point Lecture

Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
83

Survey on Different Endorsement Techniques

[24] R. Padmavathy, A Password Attack On s-3PAKE,
International Journal of Security and its Application, (IJSA)
Vol. 5 No. 4 2011. http://dx.doi.org/10.11591 /ijins.v1i1.385

[29] Kameswara Rao, Sushma Yalamanchili , Novel ShoulderSurng Resistant Authentication Schemes using TextGraphical Passwords, International Journal of Information
& Network Security (IJINS)
Vol.1, No.3,
2012
http://dx.doi.org/10.11591/ijins.v1i3.529

[25] Wazir Zada Khan, Mohammad Y Aalsalem and Yang

Xiang, Quratulain Arshad A Hybrid Graphical Password
Based System 11th International Conference, ICA 300
2011 http://dx.doi.org/10.1007/978-3-642-24669-2_15

[30] Mansour Alsaleh, Mohammad Mannan, P.C van Oorschot

member, IEEE Revisiting Defences against Large Scale
Online Password Guessing Attacks, transaction on
Dependable and secure computing (TDSC) Vol.9, No. 1,
IEEE 2012. http://dx.doi.org/10.1109 /tdsc.2011.24

[26] Arash Habibi Lashkari, Azizah Abdul Manaf, A Secure

Recognition Based Graphical Password by Watermarking,
11th International Conference on Computer and Information
Technology (ICCIT) IEEE 2011. http://dx.doi.org/
10.1109/cit.2011.29

[31] Yuxin Meng, Designing Click-Draw Based Graphical

Password Scheme for Better Authentication, 7th
International Conference on Networking, Architecture, and
Storage
(ICNAS)
IEEE
2012
http://dx.doi.org/
10.1109/nas.2012.9

[27] Marc luard, Yves Maetz And Davide Alessio, Technicolor,

Action-Based Graphical Password: Click-a-Secret,
International Conference on Consumer Electronics (ICCE)
IEEE 2011. http://dx.doi.org/10.1109/ icce.2011.5722575

[32] Housam Khalifa Bashier, Lau Siong Hoe, Pang Ying Han,
Graphical Password: Pass-Images Edge Detection 9th
International Colloquium on Signal Processing and its
Applications, (CSPA) 2013. http://dx.doi.org/10.1109
/cspa.2013 .6530025.

[28] Rosanne and Ron Poet, Measuring the Revised

Guessability of Graphical Passwords, 5th International
Conference on Network and System Security (ICNSS),
IEEE 2011. http://dx.doi.org/10.1109/icnss.2011.6060031

Proceedings of 4th SARC International Conference, 30th March-2014, Nagpur, India, ISBN: 978-93-82702-70-2
84