A Graphical Password Authentication System

Guided by:

Presented by:

Ms. Divya Shettigar

Nishan H Kumar 4ES09CS025

Outline
Introduction Overview of the Authentication Methods Graphical Password Scheme: Two Categories
Recognition Based Techniques Recall Based Techniques

Working Proposed System Conclusion References

Introduction
How about text-based passwords ? Difficulty of remembering passwords
easy to remember -> easy to guess hard to guess -> hard to remember

Users tend to write passwords down or use the same passwords for different accounts An alternative: Graphical Passwords Psychological studies: Human can remember pictures better than text

Overview of the Authentication Methods

Token based authentication
key cards, bank cards, smart card,

Biometric based authentication

Fingerprints, iris scan, facial recognition,

Knowledge based authentication

text-based passwords, picture-based passwords, most widely used authentication techniques.

Graphical Password Scheme

Using Pictures as Passwords. Easy to remember, as humans remember pictures better than words. Resistant to brute force attack because the search space is practically infinite. Graphical Passwords are classified into two main categories: - Recognition based techniques. - Recall based techniques.

Graphical Password: Two categories

Graphical Password: Two categories

Recognition Based Techniques
A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage

Recall Based Techniques

A user is asked to reproduce something that he created or selected earlier during the registration stage

Recognition Based Techniques

Dhamija and Perrig Scheme
Pick several pictures out of many choices, identify them later in authentication.
Using Hash Visualization, which, given a seed, automatically generate a set of pictures Take longer to create graphical passwords
Password Space: N!/K! (N-K)!
( N-total number of pictures; K-number of pictures selected as passwords)

Recognition Based Techniques

Sobrado and Birget Scheme
System display a number of pass-objects (pre-selected by user) among many other objects, user click inside the convex hull bounded by pass-objects.
Sobrado and Birget suggested using 1000 objects, which makes the display very crowed and the objects almost indistinguishable.
Password Space: N!/K! (N-K)!
( N-total number of picture objects; K-number of pre-registered objects)

Recognition Based Techniques

Other Schemes

Using human faces as password

Select a sequence of images as password

Recall Based Techniques

Draw-A-Secret (DAS) Scheme
User draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing.
Redrawing has to touch the same grids in the same sequence in authentication. User studies showed the drawing sequences is hard to Remember.

Recall Based Techniques

PassPoint Scheme
User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.
It can be hard to remember the sequences

Password Space: N^K ( N -the number of pixels or smallest units of a picture, K - the number of Point to be clicked on )

Recall Based Techniques

Other Schemes

Signature Scheme

Working of Graphical Password Authentication Systems

Registration Phase

Verification Phase

User Registration Process

//EXAMPLE:

Enter the username in the username field.

USERNAME

N i s h a n

Click on NEW USER REGISTER button

NEW USER REGISTER

New user registration process. Verifies the username and store into the database

DATAB ASE

Creating Picture Password

How to Select pictures?
There are two ways for selecting an picture for password authentication.

User Defined Pictures

Pictures are selected by the user from the hard disk or any other image supported devices.

PICTURE

System Defined Pictures

Pictures are selected by the user from the database of the password system.

PICTURE

DATABASE

THE PICTURE SELECTED FROM ONE OF THE SYSTEM

USER DEFINED PICTURE

OR
DATABASE

Picture + Gridlines

SYSTEM DEFINED PICTURE

MESSAGE BOX: DO YOU WISH TO CONTINUE WITH THIS POINT

YES

NO

Select another point User click on the point

DATABASE

Point and the image will be stored into database. Now the user can select another image and follows the same steps above. User with username

Username U S E R N A M E verification
Reenter the username

Verifies the username

Checks the username in the database Incorrect username

User enters the username

If username not matched

DATAB ASE

Generates an message username doesn't match Please Reenter the username

Correct username

Proposed System by Ahmad Almulhem

An example of creating a graphical password using the proposed system

Proposed System by Ahmad Almulhem

Login Screen

Implementation of Proposed System

The proposed system was implemented using Visual Basic.net 2005 (VB.net). The implementation has three main classes: LoginInfo: Contains username, graphical password,and related methods. GraphicalPassword: Contains graphical password information and related methods. SelReg: Contains fields about selected regions (POIs).

Advantages of Graphical Password Authentication System

Graphical password schemes provide a way of making more human-friendly passwords . Here the security of the system is very high. It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.

Dictionary attacks are infeasible.

Drawbacks of Graphical Password Authentication System

Password registration and log-in process take too long. Require much more storage space than text based passwords. Shoulder Surfing: It means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.

Solution to Shoulder Surfing Problem

Triangle Scheme

(For clarity, this collection contains only a little over 100 objects. Typical screens can fit over 1000.)

Solution to Shoulder Surfing Problem

Movable Frame Scheme

Conclusion
Main argument for graphical passwords:
People are better at memorizing graphical passwords than textbased passwords.

It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess. It is more difficult to break graphical passwords using the traditional attack methods such as burte force method, dictionary attack or spyware. Not yet widely used, current graphical password techniques are still immature.

References
[1] A graphical password authentication system, Ahmad Almulhem Computer Engineering DepartmentKing Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia. www. ieeexplore.ieee.org [2] Graphical Passwords: A Survey by Xiaoyuan Suo, Ying Zhu, G. Scott. Owen Department of Computer Science Georgia State University. [3] L. Sobrado and J.-C. Birget, "Graphical passwords,"The Rutgers Scholar, An Electronic Bulletin forUndergraduate Research, vol. 4, 2002. [4] Ian Jermyn Aviel D. Rubin The Design and Analysis of Graphical Passwords.

Thank you

Queries?