A Graphical Password Authentication System
Presented by..
[Link] (08F01A0518)
Abstract Introduction Identification Passwords Passphrase Biometrics Graphical password Conclusion References
Graphical passwords provide a alternative view to traditional alphanumeric passwords.
In this extended abstract , propose a simple graphical password authentication system .It describes operation with some examples, and highlight important aspects of the system
Use textual passwords augmented by some graphical capabilities They are attractive since people usually remember pictures better than words Also, they should be more resistant to bruteforce attacks, since the search space is practically infinite.
�Possession (something I have) Key Passport Smart s Card
Knowledge (something I know) Password PIN
Biometrics (something I am) Face Fingerprint Iris
Passwords: method of choice for user authentication Usually it is 8-15 character or slightly more than that Ten years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
Its nothing but the enhance version of password. Usually it is a combination of words or simply collection of password in proper sequence is passphrase. Length of passphrase is about 30-50 character or more than that also 30-50 character is creates ambiguity to remember if there is no any proper sequence
Refer to a broad range of technologies Automate the identification or verification of an individual Based on human characteristics or body organs
Physiological: Face, fingerprint, iris Behavioral: Hand-written signature, voice
Characteristics Templates
011001010010101 011010100100110 001100010010010...
Used for any devices with graphical input display
Primarily for PDAs: Palm Pilot, HP iPAQ,
�Observation
Textual password input via keyboard
simplepas
12345679
Graphical password
�TEXT WITH GRAPHICAL ASSISTANCE
GRAPHICAL PASSWORD
TEXTUAL PASSWORD WITH GRAPHICAL ASSISTANCE
DRAW-A-SECRET SCHEME
�TEXT WITH GRAPHICAL ASSISTANCE
Example: password is tomato. Usual way of input:
Conventional
�With graphical assistance
�DRAW-A-SECRET (DAS) SCHEME
Password is picture drawn on a grid.
Users freed from having to remember alphanumeric string. What is good about picture-based password?
�SCREEN SHOTS:
�Encryption Tool for PDA
Use Triple-DES to encrypt/decrypt data stored on PDA
Sequence of coordinates of password P
Hashed using SHA-1
Key k Derived to make keys
Triple-DES
�Encryption Tool for PDA
Sequence of coordinates P Hashed using SHA-1 Key k Sequence of coordinates P Hashed using SHA-1 Key k
Ek(P)
restult=Dk(Ek(P))
Store Ek(P)
ressult = P ??
Process of setting password
Process of verifying password
17
�Size of Password space
Lmax
(Lmax,G) = P(L,G)
L=1
P : password Grid size GxG L : length of password Lmax : maximum length of password
P(L,G)
N: number of strokes = P(L-l,G)N(lG) l : length of stoke
l=L
l=1
N(l,G) = n(x,y,l,G) (x,y)[1..G]x[1..G] n : number of strokes of length l (x,y) : ending cell
�DRAW-A-SECRET (DAS) SCHEME
However, above table shows raw size of graphical password space surpasses that of textual passwords
�Graphical password scheme
To login, user is required to click within the circled red regions (chosen when created the password) in this picture. The choice for the four regions is arbitrary
In future systems other patterns may be used for recalling purpose like touch of smells, study shows that these patterns are very useful in recalling the associated objects like images or text.
The Design and Analysis of Graphical Passwords by
Ian Jermyn, Alain Mayer, Fabian Monrose, Michael [Link], Aviel [Link] Graphical passwords by Leonardo Sobrado, JeanCamille Birget, Department of Computer Science, Rutgers University Graphical Dictionaries and the Memorable Space of Graphical Passwords by Julie Thorpe, P.C. van Oorschot Human Memory and the Graphical Password by David Bensinger, Ph.D.