The Design and Analysis of Graphical Passwords
description
Transcript of The Design and Analysis of Graphical Passwords
![Page 1: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/1.jpg)
1
The Design and Analysis of Graphical Passwords
Presenter : Ta Duy Vuong
Ian Jermyn
New York University
Alain Mayer, Fabian Monrose, Michael
K.Reiter
Bell Labs, Lucent Technologies
Aviel D.Rubin
AT&T Labs-Research
![Page 2: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/2.jpg)
2
OUTLINE
1. Introduction2. Textual Passwords with Graphical
Assistance3. Purely Graphical Passwords4. Other graphical password scheme5. Summary6. References
![Page 3: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/3.jpg)
3
1.INTRODUCTION
• Passwords: method of choice for user authentication.
• In practice, passwords are susceptible to attacks.
• Exploit features of graphical input displays to achieve better security.
![Page 4: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/4.jpg)
4
1.INTRODUCTION
•Used for any devices with graphical input display
•Primarily for PDAs: Palm Pilot, HP iPAQ,…
![Page 5: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/5.jpg)
5
1.INTRODUCTION
• Observation: temporal order & position
• Textual password input via keyboard:
• Graphical password
simplepass
123456789
![Page 6: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/6.jpg)
6
2.TEXT WITH GRAPHICAL ASSISTANCE
GRAPHICAL PASSWORD
TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE
DRAW-A-SECRET SCHEME
![Page 7: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/7.jpg)
7
2.TEXT WITH GRAPHICAL ASSISTANCE
• Use textual passwords augmented by some graphical capabilities.
• Aim: to decouple temporal order & position of input.
![Page 8: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/8.jpg)
8
2.TEXT WITH GRAPHICAL ASSISTANCE
• Example: password is “tomato”.• Usual way of input:
Conventional
![Page 9: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/9.jpg)
9
2.TEXT WITH GRAPHICAL ASSISTANCE
With graphical assistance
![Page 10: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/10.jpg)
10
2.TEXT WITH GRAPHICAL ASSISTANCE
• Formally:
•k : number of characters in password •A : set of allowed characters•m : number of positions (m>=k)
• Textual : f = {1,…,k} A• Graphical : f’ = {1,…,k} A x
{1,…,m}
![Page 11: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/11.jpg)
11
2.TEXT WITH GRAPHICAL ASSISTANCE
• One k-character conventional password yields:
m!/(m-k)! graphical passwords
Ex: Password is “ILoveNus”• k=8 (characters)• Choose m=10 (positions)
approximately 1.8 x 106 graphical passwords
![Page 12: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/12.jpg)
12
3.DRAW-A-SECRET (DAS) SCHEME
GRAPHICAL PASSWORD
TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE
DRAW-A-SECRET SCHEME
![Page 13: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/13.jpg)
13
3.DRAW-A-SECRET (DAS) SCHEME
3.1 Introduction• Password is picture drawn on a grid.
• Users freed from having to remember alphanumeric string.
• What is good about picture-based password?
![Page 14: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/14.jpg)
14
3.DRAW-A-SECRET (DAS) SCHEME
3.2 Password input
(5,5) is pen-up indicator
(2,2) (3,2) (3,3) (2,3) (2,2) (2,1) (5,5)
![Page 15: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/15.jpg)
15
3.DRAW-A-SECRET (DAS) SCHEME
3.3 Encryption Tool for PDA
Process of making keys for Triple-DES
Key k
Triple-DES
Sequence of coordinates of password P
Hashed using SHA-1
Derived to make keys
•Use Triple-DES to encrypt/decrypt data stored on PDA
![Page 16: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/16.jpg)
16
3.DRAW-A-SECRET (DAS) SCHEME
3.3 Encryption Tool for PDA
ressult = P ??
Key k’
restult=Dk’(Ek(P))
Sequence of coordinates P’
Hashed using SHA-1
Process of verifying password
Store Ek(P)
Key k
Ek(P)
Sequence of coordinates P
Hashed using SHA-1
Process of setting password
![Page 17: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/17.jpg)
17
3.DRAW-A-SECRET (DAS) SCHEME
3.4 Security of the DAS Scheme
• Textual passwords are susceptible to attacks because:– Users do not choose passwords uniformly.– Attackers have significant knowledge
about the• distribution of user passwords (users often
choose passwords based their own name…)• information about gross properties (words in
English dictionary are likely to be chosen)
![Page 18: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/18.jpg)
18
3.DRAW-A-SECRET (DAS) SCHEME
3.4 Security of the DAS Scheme
• Knowledge about the distribution of user password is essential to adversary.
• DAS scheme gives no clues about user choice of passwords.
• Harder to collect data on PDAs than networked computers.
![Page 19: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/19.jpg)
19
3.DRAW-A-SECRET (DAS) SCHEME
3.4 Security of the DAS Scheme• Size of Password space:
Lmax P : password∏(Lmax,G) = ∑ P(L,G) Grid size GxG
L=1 L : length of passwordLmax : maximum length of
password
l=L N: number of strokesP(L,G) = ∑ P(L-l,G)N(lG) l : length of stoke
l=1
N(l,G) = ∑ n(x,y,l,G) n : number of strokes of length l (x,y)∈[1..G]x[1..G] (x,y) : ending cell
![Page 20: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/20.jpg)
20
3.DRAW-A-SECRET (DAS) SCHEME
3.4 Security of the DAS Scheme
• New password scheme cannot be proven better than old scheme because of human factor !
• However, above table shows raw size of graphical password space surpasses that of textual passwords.
![Page 21: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/21.jpg)
21
4. Another graphical password scheme
•To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary
•Known since the mid 1990s, starting with G.Blonder in his paper “Graphical Passwords”
![Page 22: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/22.jpg)
22
5. SUMMARY
• Textual passwords with graphical assistance: conventional passwords equipped with graphical capabilities.
• Improvements over textual passwords:– Decouple positions of input from
temporal order– Larger password space
![Page 23: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/23.jpg)
23
5. SUMMARY
• Draw-A-Secret (DAS) Scheme:– Pictures are easier to remember– Attackers have no knowledge of the
distribution of passwords– Larger password space– Decouple position of inputs from
temporal order
![Page 24: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/24.jpg)
24
6. REFERENCES
• “The Design and Analysis of Graphical Passwords” by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K.Reiter, Aviel D.Rubin
• “Graphical passwords” by Leonardo Sobrado, Jean-Camille Birget, Department of Computer Science, Rutgers University
• “Graphical Dictionaries and the Memorable Space of Graphical Passwords” by Julie Thorpe, P.C. van Oorschot
• “Human Memory and the Graphical Password” by David Bensinger, Ph.D.
• “Passwords: the weakest link?” CNET News.com
![Page 25: The Design and Analysis of Graphical Passwords](https://reader035.fdocuments.in/reader035/viewer/2022062221/56812eab550346895d944d0f/html5/thumbnails/25.jpg)
25
THANK YOU .