GRAPHICAL PASSWORD

AUTHENTICATION PRESENTED BY

SUDEEP KUMAR PATRA

REGD NO-0901223488

Under the guidance ofMrs. Chinmayee Behera

CONTENTS

1. WHAT IS PASSWORD?2. OVERVIEW OF AUTHENTICATION METHOD.3. WHAT IS GRAPHICAL PASSWORD?4. THE SURVEY.5. COMPARISION BETWEEN ALPHA-NUMERIC & GRAPHICAL

PASSWORDS. 6. A SIMPLE GRAPHICAL PASSWORD SCHEME.7. GRAPHICAL PASSWORD-WHAT A CONCEPT.8. ADVANTAGES OF GRAPHICAL PASSWORDS.9. DRAWBACKS.10. CONCLUSION

PASSWORDS

The most commonly used form of user authentication. The weakest links of computer security systems. Two conflicting requirements of alphanumeric

passwords (1) Easy to remember and (2) Hard to guess. Many people tend to ignore the second requirement which

lead to weak passwords. Many solutions have been proposed. Graphical password is one of the solutions.

OVERVIEW OF THE AUTHENTICATION METHOD

Token based authentication– key cards, band cards, smart card, …

Biometric based authentication– Fingerprints, iris scan, facial recognition, …

Knowledge based authentication– text-based passwords, picture-based passwords– most widely used authentication techniques

GRAPHICAL PASSWORDS

A GRAPHICAL PASSWORD is an authentication system that works by having the user select from

images, in a specific order, presented in a graphical user interface (GUI). For this reason, the graphical-password approach is sometimes called graphical user authentication (GUA).

It can be used in:– web log-in application– ATM machines– mobile devices

The survey : Two categories

Recognition Based Techniques– a user is presented with a set of images and the user passes the

authentication by recognizing and identifying the images he selected during the registration stage

Recall Based Techniques– A user is asked to reproduce something that he created or

selected earlier during the registration stage

Recognition Based Techniques

Sobrado and Birget Scheme System display a number of pass-objects (pre-

selected by user) among many other objects, user click inside the convex hull bounded by pass-objects.

– authors suggested using 1000 objects, which makes the display very crowed and the objects almost indistinguishable.

password space: N!/K! (N-K)!

( N-total number of picture objects

K-number of pre-registered objects)

Recall Based Techniques

“PassPoint” Scheme User click on any place on an image to

create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.

Password Space: N^K

( N -the number of pixels or smallest

units of a picture, K - the number of

Point to be clicked on )

COMPARISION BETWEEN ALPHA-NUMERIC & GRAPHICAL PASSWORDS:

Commonly used guidelines for alpha-numeric passwords are: The password should be at least 8 characters long. The password should not be easy to relate to the user (e.g., last name,

birth date). Ideally, the user should combine upper and lower case letters and

digits.

Graphical passwords The password consists of some actions that the user performs on an

image. Such passwords are easier to remember & hard to guess.

Graphical Passwords - What A Concept!

Here you pick several icons to represent the password.

Then when you want to authenticate it, a screen is drawn as a challenge to which you must respond.

The screen has numerous icons, at some of which are your private password icons.

You must locate your icons visually on the screen and click on the screen to the password.

A SIMPLE GRAPHICAL PASSWORD SCHEME

The user chose these regions when he or she created the password. The choice for the four regions is arbitrary, but the user will pick places that he or she finds easy to remember. The user can introduce his/her own pictures for creating graphical passwords. Also, for stronger security, more than four click points could be chosen.

ADVATAGES OF GRAPHICAL PASSWORDS

Graphical password schemes provide a way of making more human-friendly passwords .

Here the security of the system is very high.

Here we use a series of selectable images on successive screen pages.

Dictionary attacks are infeasible.

DRAWBACKS

Password registration and log-in process take too long. Require much more storage space than text based passwords. Shoulder Surfing

It means watching over people's shoulders as they process information. Examples include observing the keyboard as a person types his or her password, enters a PIN number, or views personal information.

Because of their graphic nature, nearly all graphical password

schemes are quite vulnerable to shoulder surfing.

SOLUTION TO SHOULDER SURFING PROBLEM

(1) TRIANGLE SCHEME

(2) MOVABLE FRAME SCHEME

CONCLUSION

Graphical passwords are an alternative to textual alphanumeric password.

It satisfies both conflicting requirements i.e. it is easy to remember & it is hard to guess.

By the solution of the shoulder surfing problem, it becomes more secure & easier password scheme.

By implementing other special geometric configurations like triangle & movable frame, one can achieve more security.