10-04-2017, 08:36 PM
Abstract
user authentication is an important topic in information security. Graphical authentication has been proposed as a possible alternative solution to text-based authentication.Humans can remember images better than text and hence graphical user authentication is advantageous. Drawbacks of normal password appear like stolen
the password, forgetting the password, and weak password.Graphical passwords have two different aspects which are usability and security but none of them have both these qualities together.The graphical passwords must be
a) Password should be easy to remember.
b) Password should be secured.
an image would appear on the screen and the user if clicks on the correct regions were clicked in, the user would be authenticated.
GRAPHICAL PASSWORDS METHODS
The Picture superiority effect is the basis for these techniques.These can be categorized into three:
1)Recognition-Based Technique
users will choose pictures, icons or
symbols from a collection of images
2) Pure Recall-Based Technique
Here, users need to reproduce their passwords without being given any reminder, hints or gesture.
3)Cued Recall-Based Technique
a framework of reminder, hints and gesture that help the users to reproduce their passwords or help users to make a reproduction.
RECOGNITION-BASED ALGORITHMS
eight recognitionbased algorithms are described:
Passface Scheme
the users select whether their Passface consist of male or female picture. Then they choose four faces from the database as their future password.For authentication, user must correctly identify their four Passfaces twice in a row with no prompting, entering an
enrolment password.
D j vu Scheme
This scheme is implemented by letting users to select specific number of pictures among large images portfolio. For preventing description attack, pictures are created according to random art.
Triangle Scheme
Here, the system randomly put a set of N objects which could be a hundred or
a thousand on the screen. In addition, there is a subset of K
objects previously chosen and memorized by the user. In
other words, these K objects are the user passwords.
Movable Frame Scheme
In this method the user must locate three out of K objects which
these three are user passwords.
Picture Password Scheme
during enrollment, a user selects a theme identifying the thumbnail photos to be applied and then registers a sequence of thumbnail images that are used as a future password. These are mainly used in PDA's.
Story Scheme[u]
the users have to select their passwords from the mixed pictures of nine categories in order to make a story easily to remember.Categories maybe animals, cars,
women, food, children, men, objects, nature and sport.
[u]Jetafida Scheme
during registration, the user will select three pictures as a password and then sort
them according to the way he wanted to see them in login phase.
COMMON ATTACKS IN GRAPHICAL PASSWORD SCHEMES
1)Password Brute Forcing Attack
the attacker tries every possible value for a password until they get the real one.
2)Dictionary Based Password Attack
an attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account.
3)Guessing Attack
As many users try to select their passwords based on
their personal information which can be easily guessed by attackers.
4)Spyware Attack
Spyware is a type of malware which installed on
computers with the aim of collecting sensitive information of
users, using a key logger or key listener
5)Shoulder Surfing Attack
using direct observation techniques, such as looking over someone's shoulder, to get
information.
6)Social Engineering Attack
an attacker uses human interaction
to obtain or compromise information about an organization
or computer systems, so he claimed to be one of employee in
order to gain identity.
Full seminar report download:
[attachment=909]