a secure recognition based on graphical password presented by dhanshri agashe guided by: prof. s....

A SECURE RECOGNITION BASED ON GRAPHICAL PASSWORD

PRESENTED BY

Dhanshri Agashe

Guided By: Prof. S. Jain

CONTENTS

1. INTRODUCTION2. MOTIVATION3. LITERATURE SURVEY4. METHODOLOGY5. ISSUES6. ADVANTAGES OF GRAPHICAL PASSWORDS.7. APPLICATIONS8. CONCLUSION9. FUTURE SCOPE10. REFERENCES

INTRODUCTION

Graphical user authentication(GUA) system requires a user to select a memorable image.

Digital watermarking is the process of embedding information into a digital signal.

The purpose of digital watermarking is to provide copyright protection.

By using Cued click points users click on one point per image for a sequence of images.

Performance was very good in terms of speed, accuracy, and number of errors.

INTRODUCTION

Users preferred CCP to saying that selecting and remembering only one point per image was easier.

Seeing each image triggered their memory of where the corresponding point was located.

Cued click points provides greater security as the number of images increases the workload for attackers.

What ?

The term watermark is derived from the German term “Wessmark”

The basic idea of watermark is to embed some information in digital

images so that it can not be miss used or owned by others.

Watermarked imageImage without watermark

Watermark

FINAL REGISTRATION

PROCESS

MOTIVATION

There is a good security when using the text-based strong password schemes but often memorizing the password.

An alternative solution to the text-based authentication which is the GUA or simply Graphical Password .

However, one big issue that is plaguing GUA is shoulder surfing attack that can capture the users mouse clicks and image gallery.

Sr. No.

Paper Name Author Year Conclusion

1 Graphical User Authentication

A.H. Lashkari IEEE 2011

Resistance to common attacks of graphical password algorithms.

2 Persuasive cued click points

Stobert. E IEEE 2012

Influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.

LITERATURE SURVEY

LITERATURE SURVEY

If attacker want to attack to the image gallery as we hide the

copyright protection information in all images of the system.

In proposed algorithm all images has copyright information and

is difficult to change the image of gallery.

Focus on attacks of graphical password algorithms and evaluate

recognition based algorithms.

METHODOLOGY

PROPOSED GRAPHICAL PASSWORD ALGORITHM

A denotes the user A ID denotes the user identity of user A S denotes the server side operation C denotes the Client side operation UAI denotes User added some image for his/her password UI denotes the image(s) that user added to the system Ini denotes the image number of user’s password DI denotes set of the decoy images

continue

RCS denotes the random character set generated for each image in login page

DQ() denotes the data query from database DW()denotes the write the data pack in the database IMX()denotes matrix of images || denotes the concatenation process WCP() denotes the Copyright Protection technique of

Watermarking CWCP() denotes the checking process for copy right protection of

watermarking

continue

The workflow of registration phase is as below:

Step1. C: (A, ID) S [User A sends his ID to the server for login page]

Step2. S: DQ (ID)[in the server side the user’s information will find from data

base]

Step3. S: IMX (DI, INi) C [Server generate a from the decoy images and user’s

password images and sent to the client side]

Step4. C: CWCP (IMX (Di,INi)) [the algorithm check the copyright protection

in them image matrix]

continue

Step5: C: INi [user selects his/her password images by

write the related characters and algorithm fin the related

ID regarding to the users entered characters as INi]

Step6. C: ID || INi [in the client side the ID of user and selected images

INi will concatenate and make the data pack]

Step7. C: ID|| INi S [Client send the generated data pack to the server]

Step8. S: Success/Reject C[check the data pack and if the pack is

true reply successfully to the client side and If data pack is not

true then reject the user in login phase.

Graphical Password-what a concept!

Here you pick several icons to represent the password.

Then when you want to authenticate it, a screen is drawn as a challenge to which you must respond.

The screen has numerous icons, at some of which are your private password icons.

You must locate your icons visually on the screen and click on the screen to the password.

The survey : Two categories

Recognition Based Techniques– a user is presented with a set of images and the user passes the

authentication by recognizing and identifying the images he selected during the registration stage.

Recall Based Techniques– A user is asked to reproduce something that he created or

selected earlier during the registration stage.

Phases of Algorithm

Login phase Registration phase

Click point’s as passwordClick point’s as password

1st click 2nd click 3rd click 4th click 5th click …

Click point

DATABASE

Database contains saved pictures and points.

Correct username

First picture stored in database during registration

Correct click pointGives the next image

Verification of click point

System gives 3 chances to The user for incorrect password

If the user exists 3 chances then the password system displays another picture which will be unrelated to the picture selected by the user during password creation

Last picture

COMPARISION BETWEEN ALPHA-NUMERIC & GRAPHICAL PASSWORDS:

Commonly used guidelines for alpha-numeric passwords are: The password should be at least 8 characters long. The password should not be easy to relate to the user (e.g., last

name, birth date). Ideally, the user should combine upper and lower case letters and

digits and special characters.

Graphical passwords The password consists of some actions that the user performs on an

image. Such passwords are easier to remember & hard to guess.

APPLICATION OF THE PICTURE APPLICATION OF THE PICTURE PASSWORD SYSTEMPASSWORD SYSTEM

SYSTEM LOG IN AND LOG OUT PROCESSSYSTEM LOG IN AND LOG OUT PROCESS

FOLDER LOCKINGFOLDER LOCKING

WEB LOG-IN APLLICATIONWEB LOG-IN APLLICATION

ADVATAGES OF GRAPHICAL PASSWORDS

Graphical password schemes provide a way of making more human-friendly passwords .

Here the security of the system is very high.

Here we use a series of selectable images on successive screen pages.

Dictionary attacks are infeasible.

SOLUTION TO SHOULDER SURFING PROBLEM

(1) TRIANGLE SCHEME

FUTURE SCOPE

Shoulder surfing means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.

Because of their graphic nature, nearly all graphical password

schemes are quite vulnerable to shoulder surfing. It can be overwhelming by triangle scheme in further approach

CONCLUSION

More difficult to break the graphical passwords from traditional attack methods:

Brute Force Search

Dictionary Attack

Or Spyware

By implementing other special geometric configurations like triangle & movable frame ,one can achieve more security especially shoulder surfing and physical attacks.

REFERENCES

A.H. Lashkari, F.T., Graphical User Authentication (GUA).

2010: Lambert Academic Publisher.

Komanduri, S. and D.R. Hutchings, Order and Entropy in

Picture Passwords, in Canadian Information Processing

Society. 2008.

Hu , W., X. Wu, and G. Wei, The Security Analysis of

Graphical Passwords, in International Conference on

Communications and Intelligence Information Security. 2010.

ANY QURIES?