PRESENTED BY:-

UMESH KUMAR

1120161

Outline

Introduction

Overview of the Authentication Methods

Techniques of GPA

◦ Recognition Based Techniques

◦ Recall Based Techniques

Discussion

◦ Security

◦ Usability

Conclusion

Introduction

Overview of authentication method

In this presentation what we have

A comprehensive study of the existing graphical password techniques

Discuss the strengths and limitations of each method

Point out future research directions

The two most commonly used techniques in picture password authentication

RECOGNITION BASED TECHNIQUES

A user is presented with a set of images and the user passes the authentication by recognizing and

identifying the images he selected during the registration stage

RECALL BASED TECHNIQUES

A user is asked to reproduce/recreate something that he created or selected earlier during

the registration stage

Recognition Based Techniques

Dhamija and Perrig Scheme

Pick several pictures out of many choices, identify them later

in authentication.

◦ using Hash Visualization, which,

given a seed, automatically

generate a set of pictures

◦ take longer to create graphical

passwords

password space: N!/K! (N-K)!

( N-total number of pictures; K-number of pictures selected as passwords)

Recognition Based Techniques

Triangle SchemeSystem display a number of pass-objects (pre-selected by

user) among many other objects, user click inside the convex hull bounded by pass-objects.

◦ authors suggest using 1000

objects, which makes the display

very crowed and the objects almost

indistinguishable.

password space: N!/K! (N-K)!( N-total number of picture objects; K-number of pre-registered objects)

Recognition Based Techniques

Pass face schemeIn this technique human

faces are used as password.

Recall Based Techniques Draw-A-Secret (DAS) SchemeUser draws a simple picture on a 2D grid, the

coordinates of the

grids occupied by the picture are stored in the order of drawing

redrawing has to touch the

same grids in the same

sequence in authentication

user studies showed the

drawing sequences is hard to

Remember

Recall Based Techniques “Pass Point/ Click Point ” SchemeUser click on any place on an image to create a password. A

tolerance

around each chosen pixel is calculated. In order to be authenticated,

user must click within the tolerances in correct sequence.

can be hard to remember the

sequences

Password Space: N^K

( N -the number of pixels or smallest

units of a picture, K - the number of

Point to be clicked on )

Click point’s as password

1st click 2nd click 3rd click 4th click 5th click …

Click point

Recall Based Techniques Other Schemes

Grid Selection Scheme Signature Scheme

Security Is a graphical password as secure as

text-based passwords?

◦ text-based passwords have a password space of94^N

(94 – number of printable characters, N- length of passwords).

Some graphical password techniques can compete: Draw-A-Secret

Scheme, Pass Point Scheme.

Text passwords are Vulnerable/prone to attacks like Dictionary attack, Brute force attack, spyware .

◦ Brute force search / Dictionary attacks

The attack programs need to automatically generate accurate mouse motion

to imitate human input, which is more difficult compared to text passwords.

◦ Guessing

◦ Social engineering

If the number of possible pictures is sufficiently large, the possible password space may exceed that of text-based schemes, thus offer better resistance to dictionary attacks.

can be used to:

◦ workstation

◦ web log-in application

◦ ATM machines

◦ mobile devices

◦ databases

Advantages of picture password authentication

Graphical password schemes provide a way of making more human-friendly passwords .

Here the security of the system is very high.

Here we use a series of selectable images on successive screen pages.

Dictionary attacks and brute force searches are infeasible.

Password registration and log-in process take too long.

Require much more storage space than textual/character passwords.

SHOULDER SURFING It means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.

Because of their graphic nature, nearly all graphical password schemes are quite vulnerable/unsafe to shoulder surfing.

Drawback's of picture password

SOLUTION TO SHOULDER

SURFING PROBLEM(1) TRIANGLE SCHEME

(2) MOVABLE FRAME SCHEME

Picture passwords are an alternative to textual alphanumeric password.

It satisfies both conflicting requirements i.e. it is easy to remember & it is

hard to guess.

By the solution of the shoulder surfing problem, it becomes more secure &

easier password scheme.

By implementing encryption algorithms and hash algorithms for storing and

retrieving pictures and points, one can achieve more security

Picture password is still immature, more research is required in this field.

CONCLUSION

BY :-UMESH KUMAR