graphical password authentication system
DESCRIPTION
New ieee seminar topic for VTU !TRANSCRIPT
![Page 1: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/1.jpg)
A Graphical Password Authentication System
Presented by:Nishan H Kumar4ES09CS025
Guided by:Ms. Divya Shettigar
![Page 2: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/2.jpg)
Outline
• Introduction• Overview of the Authentication Methods• Graphical Password Scheme: Two Categories– Recognition Based Techniques– Recall Based Techniques
• Working• Proposed System• Conclusion• References
![Page 3: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/3.jpg)
Introduction• How about text-based passwords ?– Difficulty of remembering passwords
• easy to remember -> easy to guess• hard to guess -> hard to remember
– Users tend to write passwords down or use the same passwords for different accounts
• An alternative: Graphical Passwords– Psychological studies: Human can remember pictures
better than text
![Page 4: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/4.jpg)
Overview of the Authentication Methods
• Token based authentication– key cards, bank cards, smart card, …
• Biometric based authentication– Fingerprints, iris scan, facial recognition, …
• Knowledge based authentication– text-based passwords, picture-based passwords, …– most widely used authentication techniques.
![Page 5: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/5.jpg)
Graphical Password Scheme
• Using Pictures as Passwords.• Easy to remember, as humans remember pictures better
than words.• Resistant to brute force attack because the search space
is practically infinite.• Graphical Passwords are classified into two main
categories:- Recognition based techniques.
- Recall based techniques.
![Page 6: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/6.jpg)
Graphical Password: Two categories
![Page 7: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/7.jpg)
Graphical Password: Two categories
• Recognition Based Techniques– A user is presented with a set of images and the user
passes the authentication by recognizing and identifying the images he selected during the registration stage
• Recall Based Techniques– A user is asked to reproduce something that he
created or selected earlier during the registration stage
![Page 8: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/8.jpg)
Recognition Based Techniques
• Dhamija and Perrig SchemePick several pictures out of many choices, identify them later in authentication.
– Using Hash Visualization, which, given a seed, automatically generate a set of pictures– Take longer to create graphicalpasswords
Password Space: N!/K! (N-K)!( N-total number of pictures; K-number of pictures selected as passwords)
![Page 9: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/9.jpg)
Recognition Based Techniques
• Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the convex hull bounded by pass-objects.
– Sobrado and Birget suggested using 1000 objects, which makes the display very crowed and the objects almost indistinguishable.
Password Space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)
![Page 10: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/10.jpg)
Recognition Based Techniques
• Other Schemes
Using human faces as password
Select a sequence of images as password
![Page 11: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/11.jpg)
Recall Based Techniques• Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing.
• Redrawing has to touch thesame grids in the same sequence in authentication.
• User studies showed the drawing sequences is hard to Remember.
![Page 12: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/12.jpg)
Recall Based Techniques• “PassPoint” SchemeUser click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order tobe authenticated, user must click within the tolerances incorrect sequence.
• It can be hard to remember the sequences
Password Space: N^K( N -the number of pixels or smallest units of a picture, K - the number ofPoint to be clicked on )
![Page 13: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/13.jpg)
Recall Based Techniques
• Other Schemes
Signature Scheme
![Page 14: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/14.jpg)
Working of Graphical Password Authentication Systems
• Registration Phase
• Verification Phase
![Page 15: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/15.jpg)
NEW USER REGISTER
DATABASE
New user registration process.
Enter the username in the username field.
Click on NEW USER REGISTER button
Verifies the username and store into the database
//EXAMPLE:
User Registration Process
![Page 16: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/16.jpg)
How to Select pictures?
There are two ways for selecting an picture for password authentication.
Creating Picture Password
![Page 17: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/17.jpg)
Pictures are selected by the user from the hard disk or any other image supported devices..
PICTURE
User Defined Pictures
![Page 18: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/18.jpg)
Pictures are selected by the user from the database of the password system.
PICTURE
DATABASE
System Defined Pictures
![Page 19: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/19.jpg)
DATABASE
USER DEFINED PICTURE
SYSTEM DEFINED PICTURE
OR
THE PICTURE SELECTED FROM ONE
OF THE SYSTEM
Picture + Gridlines
![Page 20: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/20.jpg)
User click on the point
MESSAGE BOX:
DO YOU WISH TO CONTINUE WITH THIS POINT
YESYES NONO
DATABASE
Point and the image will be stored into database.Now the user can select another image and followsthe same steps above.
Select another point
User with username
![Page 21: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/21.jpg)
DATABASE
User enters the username
Verifies the usernameUsername verification
Checks the usernamein the database
Correct username
Incorrect username
Reenter the username
If username not matched
Generates an message“ username doesn't match ““Please Reenter the username”
![Page 22: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/22.jpg)
Proposed System by Ahmad Almulhem
An example of creating a graphicalpassword using the proposed system
![Page 23: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/23.jpg)
Proposed System by Ahmad Almulhem
Login Screen
![Page 24: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/24.jpg)
Implementation of Proposed System
• The proposed system was implemented using Visual Basic.net 2005 (VB.net). The implementation has three main classes:
• LoginInfo: Contains username, graphical password,and related methods.
• GraphicalPassword: Contains graphical password information and related methods.
• SelReg: Contains fields about selected regions (POIs).
![Page 25: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/25.jpg)
Advantages of Graphical Password Authentication System
•Graphical password schemes provide a way of making more human-friendly passwords .
•Here the security of the system is very high.
• It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.
•Dictionary attacks are infeasible.
![Page 26: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/26.jpg)
Drawbacks of Graphical Password Authentication System
• Password registration and log-in process take too long.
• Require much more storage space than text based passwords.
• Shoulder Surfing: It means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.
![Page 27: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/27.jpg)
Solution to Shoulder Surfing Problem
• Triangle Scheme
(For clarity, this collection contains only a little over 100 objects. Typical screens can fit over 1000.)
![Page 28: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/28.jpg)
Solution to Shoulder Surfing Problem
• Movable Frame Scheme
![Page 29: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/29.jpg)
Conclusion• Main argument for graphical passwords:
People are better at memorizing graphical passwords than text-based passwords.
• It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.
• It is more difficult to break graphical passwords using the traditional attack methods such as burte force method, dictionary attack or spyware.
• Not yet widely used, current graphical password techniques are still immature.
![Page 30: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/30.jpg)
References
[1] A graphical password authentication system, Ahmad Almulhem Computer Engineering DepartmentKing Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia.“www. ieeexplore.ieee.org”
[2] Graphical Passwords: A Survey by Xiaoyuan Suo, Ying Zhu, G. Scott. Owen Department of Computer Science Georgia State University.
[3] L. Sobrado and J.-C. Birget, "Graphical passwords,"The Rutgers Scholar, An Electronic Bulletin forUndergraduate Research, vol. 4, 2002.
[4] Ian Jermyn Aviel D. Rubin “The Design and Analysis of Graphical Passwords”.
![Page 31: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/31.jpg)
ThankThank youyou
![Page 32: Graphical Password Authentication System](https://reader035.vdocument.in/reader035/viewer/2022081717/546036feaf79593c758b523f/html5/thumbnails/32.jpg)
QueriesQueries??