A Graphical PIN Authentication Mechanism for Smart Cards and Low-Cost Devices
|
|
- Dorothy Hollie Bell
- 5 years ago
- Views:
Transcription
1 A Graphical PIN Authentication Mechanism for Smart Cards and Low-Cost Devices Luigi Catuogno Dipartimento di Informatica ed Applicazioni Università di Salerno - ITALY [luicat@dia.unisa.it] Clemente Galdi Dipartimento di Scienze Fisiche Università di Napoli Federico II - ITALY [galdi@na.infn.it] Abstract Passwords and PINs are still the most deployed authentication mechanisms and their protection is a classical branch of research in computer security. Several password schemes, as well as more sophisticated tokens, algorithms, and protocols, have been proposed during the last years. Some proposals require dedicated devices, such as biometric sensors, whereas, other of them have high computational requirements. Graphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, like old fashioned ATM terminals, smart cards and many low-price cellular phones. In this paper we present an graphical mechanism that handles authentication by means of a numerical PIN, that users have to type on the basis of a secret sequence of objects and a graphical challenge. The proposed scheme can be instantiatiated in a way to require low computation capabilities, making it also suitable for small devices with limited resources. We prove that our scheme is effective against shoulder surfing attacks. Introduction Passwords and PINs are still the most deployed authentication mechanism, although they suffer of relevant and well known weakness [1]. The protection of passwords is a classical branch of research in computer security. Several important improvements to the old-fashioned alphanumeric passwords, according to the context of different applications, have been proposed in the last years. Indeed, literature on authentication and passwords is huge, here we just cite Kerberos [13] and S/Key [6]. Two important aspects in dealing with passwords are the following: 1. Passwords should be easy enough to be remembered but strong enough in order to avoid guessing attacks; 2. The authentication mechanism should be resilient against classical threats, like shoulder surfing attacks, i.e., the capability of recording the interaction of the user and the terminal; moreover, it should be light enough to be used also on small computers. This work was partially supported by the European Union under IST FET Integrated Project AEOLUS (IST ).
2 Consider for example the following scenario. For accessing an ATM services, a user needs a magnetic strip card. In order to be authenticated, the user pushes her card (that carries only her identification data) in the ATM reader and types her four digit PIN; afterwards, the ATM sends the user s credentials to the remote authentication server through a PSTN network. This approach is really weak. Magnetic strip cards can be easily cloned and, PIN numbers can be collected in many ways. For example, an adversary could have placed a hidden micro-camera pointing to the ATM panel somewhere in the neighborhood. A recent tampering technique is accomplished by means of a skimmer, i.e., a reader equipped with an EPROM memory that is glued upon the ATM reader, so that strips of passing cards can be dumped to the EPROM. A forged spotlight is also placed upon the keyboard in order to record the insertion of the PIN. The skimmer allows adversaries to collect a finite number of user sessions obtaining all information needed to clone user cards. Such information, coupled with the images taken by the camera, allow the attacker to correctly authenticate to the ATM. Such attack is known in literature as shoulder surfing attack. Graphical passwords [2, 10, 3, 7, 8, 12, 16, 9, 11, 15] are a promising authentication mechanism that faces many drawbacks of old-style password/pin based scheme. The basic idea is to ask the user to click on some predefined parts of an image displayed on the screen by the system, according to a certain sequence. Such a method has been improved during the last years, in order to obtain schemes offering enhanced security and usability. Despite its importance, few attention has been devoted to graphical password schemes resilient to shoulder surfing attacks. In particular [11] first addressed this problem under restricted conditions. Subsequently, in [15] presented a graphical password scheme that was claimed to be secure against shoulder surfing attacks. However, this scheme has been proved not to be secure in [5]. For a wider overview about research on graphical passwords, we suggest the reader to take a look at the survey by Suo et al. [14] and visit the web site of the Graphical Passwords Project [4] at Rutgers. The majority of proposed schemes require costly hardware (e.g., medium or high resolution displays and graphic adapters, touch screen, data storage, high computational resources etc.). This makes some of the proposed schemes not suitable to be implemented on low cost equipments (e.g., current ATM terminals that are still the overwhelming majority). In this paper we propose a graphical PIN scheme based on the challenge-response paradigm that can be instantiatiated in a way to require low computation capabilities, making it also suitable for small devices with limited resources. The design of the scheme follows three important guidelines: The scheme should be independent from the specific set of objects that are used for the graphical challenge. In particular, our scheme can be deployed also on terminals that are equipped with small sized or cheap displays like the ones of the cellular phones, or through the classical 10 inch CRT monitor (both color or monochrome) that still equips thousands of ATM terminals. Moreover, user responses should be composed as well by any sophisticated pointing device as by simple keypad. The generation of challenges and the verification of user s responses should be affordable also by computer with limited computational resources (e.g. as in the smart card scenario described above).
3 The user is simply required to recognize the position of some objects on the screen. She is not required to compute any function. We present a strategy that can withstand shoulder surfing attacks. This strategy is independent from the specific set of objects that are used to construct the challange. 1 Our Proposal In this paper we assume that the terminal used by the user cannot be tampered. In other words, an adversary is allowed to record the challanges displayed by the terminal and the activity of the user but she is not allowed to alter in any way thebehaviour of the parties. The protocols described in this paper belong to the family of challenge and response authentication schemes, where the system issues a random challenge to the user, who is required to compute a response, according to the challenge and to a secret shared between the user and the system. More precisely, a challenge consists of a picture depicting a random arrangement of some objects (e.g. colored geometrical shapes) into a matrix. The challenge is displayed on the screen. We denote by O the set of all distinct objects and by q its cardinality. A challenge is represented as a sequence α = (o 1,...,o α ), where o i is an object drawn from O. During her authentication session, the user is required to type as PIN the position of a sequence of secret objects in the challenge matrix. It is clear that the PIN typed by the user changes in each session as the challenge changes, since it is simply the proof that the user knows the secret sequence of objects and so, she can correctly reply to the current challenge. To be more precise the secret is a sequence of m questions, called queries. Each query is a question of the following type: On which row of the screen do you see the object o?. Since questions are chosen independently, the set of possible queries has size O m. Upon reception of a challenge, the user is required to compute a response, according to the secret queries shared with the system. A response is a vector β = (β 1,...,β m ), where each β i is a number drawn from a set A = {0,1,... a 1}, representing the answer to the i-th query, according to the challenge. A Session Transcript is a pair τ = (α,β), where α is a challenge and β is the user response to α. We stress that the set of objects used to construct the challanges has an impact on the usability of the scheme. For example, it is easier to remember a sequence of pictures like home, dog, cat than a sequence of geometrical shapes, like blue traingle, green circle, yellow square. On the other hand, complex objects cannot be displayed/managed on lowcost devices. Our scheme is independent from the specific set of objects. This makes it is suitable for deployment both on complex and simple devices. 1.1 Different authentication strategies. Give the above authentication scheme, we have analized three different authentication strategies. In the first strategy, the user is required to correctly answer all the questions in her secret. A second strategy is to allow the user to correctly answer only to a subset of her secret questions. We have considered the case in which the user correctly answers at least k out of m questions of her choice while she is allowed to give random answers to the remaining queries. the last strategy we have analyzed consists in requiring the user to correctly answering exactly k out of n queries while giving wrong answers to the remaining ones.
4 Notice that the last two strategies differ in the sense that wrong answers do give information about the user secret in contrast to random answers that do not give any information on the user secret. For the above strategies we have evaluated the probability with which an adversary can extract the user secret as a function of the number of recorded sessions. Notice that the goal of the adversary may not be the secret extraction but, more simply, a one-time authentication. We notice that, typically, in the scenario we consider the adversary cannot use a brute force attack since, for example, the strip card would be disabled after three unsuccessfull authentications. For this reason the adversary should recover either the whole secret or almost the whole secret, before trying the authentication. 2 Experimental Evaluation In this section we give an experimental evaluation of the performances of the strategies presented above. For each strategy we report the number of session trascripts that the adversary needs to intercept for extracting the user secret with probability either.95 or.99. In order to present concrete examples, we will fix the number of objects to be either 36 or 80. The value 36 has been chosen so that all the object can be displayed on a low resolution display, e.g., the ATM case. The value 80 could be used in case the device used for displaying the objects is a more advanced one. Furthermore, we fix the number m of queries the user should answer to 15. This choice is due to the fact that (a) It should not be hard for a human to remember 15 objects and (b) The probability of a blind attack is negligible. Table 1 summarizes the performance of the first strategy in which the user correctly answers to all the questions in her secret. In particular, we report the number of sessions the adversary needs in order to compute successfully the user s secret either with probability 0.95 or with probability Always Correct p = 0.95 p = 0.99 q=36, a= q=36, a=6 6 7 q=80, a= q=80, a=8 5 6 Table 1: Number of sessions needed to extract the user secret with probability at least p in case m = 15 query case. As for the second strategy, the results in reported in Table 2 are referred to the single query case. This means that the adversary needs to collect at least x correct answers from the user. If we extend to the multiple query case, we need to consider that in each session, the user answers correctly only to a fraction of the queries. The value of the fraction of correct anwers depends, for some technicalities, on the size of the answer set A. As for the multiple query case, Table 3 reports the expected number of sessions that the adversary needs to collect in order to extract the user s secret. The last column indicates the probability with which the user correctly answers a query. The multiple query case is strictly related to the Group Coupon Collector s Problem. Since we are not aware of any result on such problem,
5 we have obtained these results by simulation. Correct & Random p = 0.95 p = 0.99 q=36 a= q=36 a=6 4 5 q=80 a= q=80 a=8 4 5 Table 2: Number of correct sessions needed to extract the user secret with probability at least p in the single query case. Correct & Random p = 0.95 p = 0.99 c q=36, a= /2 q=36, a= q=80, a= /2 q=80, a= Table 3: Number of sessions needed to extract the user secret with probability at least p in case m = 15 query case. As for the last strategy, let c be the number of questions the user correctly answer in each authentication. Table 4 reports the number of sessions an adversary needs to collect in order to extract the user secret with probability at least 0.95 or Correct & Wrong p = 0.95 p = 0.99 c q=36, a= m/2 q=36, a= m/4 q=36, a= m/2 q=36, a= m/4 q=80, a= m/2 q=80, a= m/4 q=80, a= m/2 q=80, a= m/4 Table 4: Number of sessions needed to extract the user secret with probability at least p in case m = 15 query case. 3 Conclusion In this paper we have presented a simple graphical PIN authentication mechanism that is resilient against shoulder surfing. Our scheme is independent on the spcific set of objects used to construct the challanges. Depending on the specific strategy, the adversary may fail in impersonating the user even if she manages to obtain as much as 36 transcripts. The scheme may be implemented on low cost devices and does not require any special training
6 for the users. The user only needs to remember a small sequence of objects. Finally the authentication requires a single round of interaction between the user and the terminal. We have also discussed a prototype implementation. The analysis of the scheme considers the probability of extracting the user s secret instead of the one of successful one-time authentication. Since the number of attempts the adversary can try before the user is disabled is limited to three, we believe that the number of sessions needed by the adversary in the latter case does not differ significantly from the one needed for the former goal. References [1] Ross J. Anderson. Why cryptosystems fail. Commun. ACM, 37(11):32 40, [2] G. E. Blonder. Graphical passwords. Lucent Technologies Inc, Murray Hill, NJ (US), US Patent no , [3] R. Dhamija and A. Perring. dèjá vu: A user study using images for authentication. In IX USENIX UNIX Security Symposium, Denver, Colorado(USA), August, [4] J. C. Birget et al. Graphical password project. birget/grpssw, [5] Philippe Golle and David Wagner. Cryptanalysis of a cognitive authentication scheme (short paper). In 2007 IEEE Symposium on Security and Privacy, to appear. [6] Neil M. Haller. The S/KEY one-time password system. In Proceedings of the Symposium on Network and Distributed System Security, pages , [7] W. Jensen, S. Gavrila, V. Korolev, R. Ayers, and R. Swanstrom. picture password: a visual login technique for mobile devices. In National Institute of Standards and Technologies Interagency Report, volume NISTIR 7030, [8] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. the design and analysis of graphical passwords. In Proceedings of the 8th USENIX security Symposium, Washington D.C. (US), august [9] Shushuang Man, Dawei Hong, and Manton M. Matthews. A shoulder-surfing resistant graphical password scheme - wiw. In Proceedings of the International Conference on Security and Management, SAM 03, June 23-26, 2003, Las Vegas, Nevada(US), volume 1, pages , June [10] A. Perrig and D. Song. hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 Internationa Workshop on Cryptographic Techniques and E-Commerce, [11] Volker Roth, Kai Richter, and Rene Freidinger. A pin-entry method resilient against shoulder surfing. In CCS 04: Proceedings of the 11th ACM conference on Computer and communications security, pages , New York, NY, USA, ACM Press. [12] L. Sobrado and J. C. Birget. graphical password. The Rutgers Scholar, an electronic Bulletin for undergraduate research, 4, 2002.
7 [13] Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. In USENIX Winter, pages , [14] Xiaoyuan Suo, Ying Zhu, and G. Scott Owen. graphical passwords: a survey. In Proceedings of 21st Annual Computer Security Application Conference (ACSAC 2005) december 5-9, Tucson AZ (US), pages , december [15] Daphna Weinshall. Cognitive authentication schemes safe against spyware (short paper). In IEEE Symposium on Security and Privacy, pages IEEE Computer Society, [16] S. Wiedenbeck, J. Waters, L. Sobrado, and J. C. Birget. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proceedings of Advanced Visual Interfaces AVI 2006, Venice ITALY, may
A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost Devices
A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost Devices Luigi Catuogno 1 and Clemente Galdi 2 1 Dipartimento di Informatica ed Applicazioni, Università di Salerno
More informationGraphical Password Authentication: Methods and Schemes
Graphical Password Authentication: Methods and Schemes Geeta M. Rane, Student (BE) of Computer Science and Engineering, Shri Sant Gadge Baba College of Engineering & Technology, Bhusawal, North Maharashtra
More informationUsable Privacy and Security, Fall 2011 Nov. 10, 2011
Usable Privacy and Security, Fall 2011 Nov. 10, 2011 YoungSeok Yoon (youngseok@cs.cmu.edu) Institute for Software Research School of Computer Science Carnegie Mellon University picture/photo based vs.
More informationAuthentication schemes for session password using color and special characters
Authentication schemes for session password using color and special characters Rohit Jagtap1, a, Vaibhav Ahirrao2,b Vinayak Kadam3,c Nilesh Aher4 1.Department of Computer Engineering, 2 Department of Computer
More information3LAS (Three Level Authentication Scheme)
3LAS (Three Level Authentication Scheme) Kunal Mulwani 1, Saurabh Naik 2, Navinkumar Gurnani 3, Dr. Nupur Giri 4, Prof. Sharmila Sengupta 5 1, 2,3,4,5 Vivekanand Education Society's Institute of Technology,
More informationGraphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2
Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2 1 Research Scholar: Dept of Computer Science S.P.M.V.V, Tirupati, Andhra Pradesh, India mail2maruthi03@gmail.com
More informationA Multi-Grid Graphical Password Scheme
A Multi-Grid Graphical Password Scheme Konstantinos CHALKIAS, Anastasios ALEXIADIS, George STEPHANIDES Dept. of Applied Informatics, Macedonia University, 156 Egnatia str., 540 06 Thessaloniki, Greece
More informationA PIN Entry Scheme Resistant to Recording-based Shoulder-Surfing
2009 Third International Conference on Emerging Security Information, Systems and Technologies A PIN Entry Scheme Resistant to Recording-based Shoulder-Surfing Peipei Shi, Bo Zhu, and Amr Youssef Concordia
More informationA Hybrid Password Authentication Scheme Based on Shape and Text
JOURNAL OF COMPUTERS, VOL. 5, NO. 5, MAY 2010 765 A Hybrid Password Authentication Scheme Based on Shape and Text Ziran Zheng School of Management & Economics Shandong Normal University, Jinan, China Email:
More informationGraphical User Authentication Using Random Codes
Graphical User Authentication Using Random Codes Mr.D.S.Gawande 1, Manisha P. Thote 2, Madhavi M. Jangam 3, Payal P. Khonde 4, Payal R. Katre 5, Rohini V. Tiwade 6 1Assistant Professor, Computer Science
More informationNETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION
NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION P.Kiruthika R.Tamilarasi Department of Computer Applications, Dr.Mahalingam College Of Engineering and Technology,
More informationA STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES
, pp.-04-08. Available online at http://www.bioinfo.in/contents.php?id=219 A STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES ASHWINI FULKAR*, SUCHITA SAWLA, ZUBIN KHAN
More informationImage Password Based Authentication in an Android System
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 5.258 IJCSMC,
More informationRecall Based Authentication System- An Overview
Recall Based Authentication System- An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2 1 Research Scholar: Dept of Computer Science S.P.M.V.V, Tirupati, Andhra Pradesh, India 2 Professor: Dept of Computer
More informationAn Ancient Indian Board Game as a Tool for Authentication
An Ancient Indian Board Game as a Tool for Authentication Sreelatha Malempati 1 and Shashi Mogalla 2 1 Department of Computer Science and Engineering RVR & JC College of Engineering, Guntur, A.P. e-mail:
More informationDivide and Conquer Approach for Solving Security and Usability Conflict in User Authentication
Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication Shah Zaman Nizamani Waqas Ali Sahito Shafique Awan Department of IT Department of IT Department of Computer
More informationUSER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDS
USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDS Sreelatha Malempati Dept. of Computer Science & Engineering R.V.R. & J.C. College of Engineering Chowdavaram, Guntur, A.P lathamoturi@rediffmail.com
More informationSHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD
SHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD Bagade Om, Sonawane Anuja, Patil Akash, Patil Yogita, Maurya Jagruti Department of Computer Engineering Shram sadhana trust s college of engineering
More informationTowards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique
Second Asia International Conference on Modelling & Simulation Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique Muhammad Daniel Hafiz
More informationA Smart Card Based Authentication Protocol for Strong Passwords
A Smart Card Based Authentication Protocol for Strong Passwords Chin-Chen Chang 1,2 and Hao-Chuan Tsai 2 1 Department of Computer Science and Information Engineering, Feng Chia University, Taichung, Taiwan,
More informationAn image edge based approach for image password encryption
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:5733 5745 Published online 16 January 2017 in Wiley Online Library (wileyonlinelibrary.com)..1732 RESEARCH ARTICLE An image edge based
More informationUser Authentication Protocol
opass: A User Authentication Protocol Sao Vikram B., Gore Vishwanath P., Sankhe Bhakti A., Rananaware Rahul C., ABSTRACT Password security is significant for user authentication on small networking system
More informationInnovative Graphical Passwords using Sequencing and Shuffling Together
Innovative Graphical Passwords using Sequencing and Shuffling Together Rashmi Wable 1, Dr.Suhas Raut 2 N.K. Orchid College of Engineering and Technology, Solapur ABSTRACT Graphical authentication technology
More informationSimple Text Based Colour Shuffling Graphical Password Scheme
Simple Text Based Colour Shuffling Graphical Password Scheme Nikita Parab 1, Ketan Gawde 2, Anshumaan Nalluri 3 1,2,3 Information Technology Dept., Universal College Of Engineering Vasai India, Abstract
More informationSecuring Web Accounts Using Graphical Password Authentication through MD5 Algorithm
Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm Siddheshwar A. Suratkar Rahul A. Udgirkar Pratik D. Kale Amit A. Shelke Mohsin H. Shaikh Prof. D. C. Dhanwani Prof. CSE,
More informationPixel Value Graphical Password Scheme-Graphical Password Scheme Literature Review
Australian Journal of Basic and Applied Sciences, 7(4): 688-695, 2013 ISSN 1991-8178 Pixel Value Graphical Password Scheme-Graphical Password Scheme Literature Review Mohd Afizi Bin Mohd Shukran, Mohd
More informationGraphical Password to Increase the Capacity of Alphanumeric Password
Graphical Password to Increase the Capacity of Alphanumeric Password Gaddam Ramu Computer Science & Engineering. S.R.Engineering College, Warangal, Telangana, India. Goje Roopa(Asst.Prof) Computer Science
More informationA Text based Authentication Scheme for Improving Security of Textual Passwords
A Text based Authentication Scheme for Improving Security of Textual Passwords Shah Zaman Nizamani Department of Information Technology Quaid-e-Awam University of Engineering, Science & Technology, Pakistan
More informationA GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,
More informationSHOULDER SURFING RESISTANT GRAPHICAL PASSWORD
SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD Kruthi K 1, Kumuda B G 2, Nandhini N V 3, Mrs. R.Anitha 4 (Associate Professor) 1, 2, 3, 4 Department of Computer Science and Engineering, The National Institute
More informationDEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS Chippy.T chippyrevathy@gmail.com Dhanalakshmi Srinivasan Engineering College R.Nagendran nanonagendran@gmail.com
More informationDEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS
DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS Abdul Rasheed. Sk 1 Asst. Professor Narasaraopeta Engineering College, Narasaraopet. rasheed4321@gmail.com
More informationShoulder-Surfing Safe Login in a Partially Observable Attacker Model
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model Toni Perković 1, Mario Čagalj 1 and Nitesh Saxena 2 1 FESB, University of Split 2 Polytechnic Institute of New York University Abstract.
More informationDefenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 4, April 2013,
More informationThematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices
Int'l Conf. Security and Management SAM'17 273 Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices Joshua Sherfield 1, Cheryl V. Hinds 2 1 Lawrence
More informationGraphical Password or Graphical User Authentication as Effective Password Provider
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 9 September 2013 Page No. 2765-2769 Graphical Password or Graphical User Authentication as Effective
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationChoCD: Usable and Secure Graphical Password Authentication Scheme
Indian Journal of Science and Technology, Vol 10(4), DOI: 10.17485/ijst/2017/v10i4/110885, January 2017 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 ChoCD: Usable and Secure Graphical Password Authentication
More informationNovel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords
Institute of Advanced Engineering and Science International Journal of Information & Network Security (IJINS) Vol.1, No.3, August 2012, pp. 163~170 ISSN: 2089-3299 163 Novel Shoulder-Surfing Resistant
More informationCOMPARATIVE STUDY OF GRAPHICAL USER AUTHENTICATION APPROACHES
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 9, September 2014,
More informationRemote User Authentication Scheme in Multi-server Environment using Smart Card
Remote User Authentication Scheme in Multi-server Environment using Smart Card Jitendra Kumar Tyagi A.K. Srivastava Pratap Singh Patwal ABSTRACT In a single server environment, one server is responsible
More informationKNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER
KNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER R.T.Narmadha1, R.T.Nivetha2, M.Roobia Fathima 2, P.Vijayalakshmi 2 1 Department of Information Technology, Info Institute of Engineering,
More informationMIBA: Multitouch Image-Based Authentication on Smartphones
MIBA: Multitouch Image-Based Authentication on Smartphones Daniel Ritter daniel.ritter@uni-ulm.de Florian Schaub florian.schaub@uni-ulm.de Marcel Walch marcel.walch@uni-ulm.de Michael Weber michael.weber@uni-ulm.de
More informationA New Graphical Password: Combination of Recall & Recognition Based Approach
A New Graphical Password: Combination of Recall & Recognition Based Approach Md. Asraful Haque, Babbar Imam International Science Index, Computer and Information Engineering waset.org/publication/9997703
More informationAuthentication Objectives People Authentication I
Authentication Objectives People Authentication I Dr. Shlomo Kipnis December 15, 2003 User identification (name, id, etc.) User validation (proof of identity) Resource identification (name, address, etc.)
More informationAddress for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune
Research Article THREE DIMENSIONAL VIRTUAL ENVIRONMENT FOR SECURED AND RELIABLE AUTHENTICATION 1 Gauri Rao, 2 Dr. S.H. Patil Address for Correspondence 1 Associate Professor department o f Computer Engineering
More informationMULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION
MULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION Vinothini T 1, Rajesh I 2, Kirupa Rani D 3 1 PG Scholar, Dept of CSE, Knowledge Institute of Technology, Salem, Tamil Nadu, India 2 Associate
More informationA Survey on Graphical Passwords in Providing Security
A Survey on Graphical Passwords in Providing Security Mrs. Anuradha. V #, Mr.M.Nagesh *, Mr.N. Vijaya sunder sagar # # M.Tech., Dept. of CSE, Ashoka Institute of Engineering & Technology, JNTU Hyderabad
More informationA Survey on Recall-Based Graphical User Authentications Algorithms
A Survey on Recall-Based Graphical User Authentications Algorithms D.Aarthi 1, Dr.K.Elangovan 2 1 School of Computer Science and Engineering, Bharathidasan University, Trichy, India 2 School of Computer
More informationKishore Kumar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 2 (4), 2011,
PassText User Authentication Using Smartcards Kishore Kumar, N. Santhosh Kumar, Aleem Md, M. Sandeep 4 CSE Department, VITS-School of Engineering and Technology, Karimnagar, AP, INDIA Abstract In general,
More informationA New Hybrid Graphical User Authentication Technique based on Drag and Drop Method
A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method Salim Istyaq, Khalid Saifullah Assistant Professor, Dept. of Computer Engineering, EES, University Polytechnic, Faculty
More informationRandomized Image Passwords and A QR Code based Circumnavigation Mechanism for Secure Authentication
IJIRST International Journal for Innovative Research in Science & Technology Volume 2 Issue 04 September 2015 ISSN (online): 2349-6010 Randomized Image Passwords and A QR Code based Circumnavigation Mechanism
More informationThe Design and Implementation of Background Pass-Go Scheme Towards Security Threats
The Design and Implementation of Background Pass-Go Scheme Towards Security Threats L. Y. Por 1, X. T. Lim 2, M.T. Su 3, F. Kianoush 4 Faculty of Computer Science and Information Technology, University
More informationGraphical password authentication using Pass faces
RESEARCH ARTICLE OPEN ACCESS Graphical password authentication using Pass faces Ms Grinal Tuscano*, Aakriti Tulasyan**, Akshata Shetty**, Malvina Rumao**, Aishwarya Shetty ** *(Department of Information
More informationA Tabular Steganography Scheme for Graphical Password Authentication
UDC 004.738.5, DOI:10.2298/CSIS081223028L A Tabular Steganography Scheme for Graphical Password Authentication Tsung-Hung Lin 1, Cheng-Chi Lee 2,4, Chwei-Shyong Tsai 3, and Shin-Dong Guo 4 1 Department
More informationInternational Journal of Advances in Engineering Research
GRAPHICAL PASSWORD AUTHENTICATION SYSTEM WITH INTEGRATED SOUND SIGNATURE 1 Anu Singh, 2 Kiran Kshirsagar, 3 Lipti Pradhan 1 Student, Department of Computer Engineering, Pune University 2 Student, Department
More informationSumy State University Department of Computer Science
Sumy State University Department of Computer Science Lecture 1 (part 2). Access control. What is access control? A cornerstone in the foundation of information security is controlling how resources are
More informationII. LITERATURE SURVEY
Secure Transaction By Using Wireless Password with Shuffling Keypad Shweta Jamkavale 1, Ashwini Kute 2, Rupali Pawar 3, Komal Jamkavale 4,Prashant Jawalkar 5 UG students 1,2,3,4, Guide 5, Department Of
More informationSurvey on Various Techniques of User Authentication and Graphical Password
Survey on Various Techniques of User Authentication and Graphical Password Miss. Saraswati B. Sahu #1, Associate Prof. Angad Singh *2 1(M. Tech Scholar, Dept. of Information Technology, NIIST, Bhopal,
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationMTAT Cryptology II. Entity Authentication. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Entity Authentication Sven Laur University of Tartu Formal Syntax Entity authentication pk (sk, pk) Gen α 1 β 1 β i V pk (α 1,...,α i 1 ) α i P sk (β 1,...,β i 1 ) Is it Charlie?
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationMULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE
MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE P.Shyam Sunder 1, Ballikonda Sai Chaitanya 2, D.Vijay Kumar 3, P.Satya Shekar Varma 4 1,2,4 Department of Computer Science
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationUSING EMOJI PICTURES TO STRENGTHEN THE IMMUNITY OF PASSWORDS AGAINST ATTACKERS
USING EMOJI PICTURES TO STRENGTHEN THE IMMUNITY OF PASSWORDS AGAINST ATTACKERS Dr. Mohammed A. Fadhil Al-Husainy Raghda Ahmed Malih Department of Computer Science, Faculty of Information Technology, Middle
More informationImplementing a Secure Authentication System
Implementing a Secure Authentication System BRUNO CARPENTIERI Dipartimento di Informatica Università di Salerno Via Giovanni Paolo II ITALY bc@dia.unisa.it Abstract: One of the most used techniques for
More informationDESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS
http:// DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS Chalichima Harshitha 1, Devika Rani 2 1 Pursuing M.tech (CSE), 2 Assistant professor
More informationSecurity Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards
Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards Younghwa An Computer Media Information Engineering, Kangnam University, 111, Gugal-dong, Giheung-gu, Yongin-si,
More informationMinimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme
Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme 1 Prof. S. K. Sonkar, 2 Prof. R. L. Paikrao Computer Engineering Dept. Amrutvahini College of engineering Sangamner,
More informationApplying Context to Web Authentication
Applying Context to Web Authentication John Linn, Burt Kaliski, and Moti Yung, RSA Laboratories; Magnus Nyström, RSA Security Inc. Prepared for W3C Workshop on Transparency and Usability of Web Authentication,
More informationInternational Journal of Scientific & Engineering Research, Volume 4, Issue 12, December ISSN
International Journal of Scientific & Engineering Research, Volume 4, Issue 12, December-2013 13 Analysis Of Three-Dimensional Password Scheme Chaitali A. Kurjekar, Shital D. Tatale, Sachin M. Inzalkar
More informationLord of the Rings J.R.R. TOLKIEN
Copyright 1994 AT&T and Lumeta Corporation. All Rights Reserved. Notice: For personal use only. These materials may not be reproduced or distributed in any form or by any means except that they may be
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationOn Limitations of Designing LRPS: Attacks, Principles and Usability
CAP6135 Malware & Software Vulnerability On Limitations of Designing LRPS: Attacks, Principles and Usability By Sagar Patel 04/21/2014 EECS Department Agenda Introduction Leakage-Resilient Password System
More informationPresented By: Miss Samya Ashraf Want Student ID
Paper: Haichang Gao, Xiyang Liu, Sidong Wang and Honggang Liu, Ruyi Dai, Design and Analysis of a Graphical Password Scheme, Fourth International Conference on Innovative Computing, Information and Control,
More informationRay s Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices
Ray s Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices Partha Pratim Ray Department of Computer Science and Engineering, Surendra Institute of Engineering and Management,
More informationPublicly-verifiable proof of storage: a modular construction. Federico Giacon
Publicly-verifiable proof of storage: a modular construction Federico Giacon Ruhr-Universita t Bochum federico.giacon@rub.de 6th BunnyTN, Trent 17 December 2015 Proof of Storage Proof of Storage (PoS)
More informationGraphical User Authentication
Graphical User Authentication LALZIRTIRA (211CS2058) under the guidance of Prof. SANJAY KUMAR JENA Department of Computer Science and Engineering National Institute of Technology Rourkela Rourkela 769
More informationA Hash-based Strong Password Authentication Protocol with User Anonymity
International Journal of Network Security, Vol.2, No.3, PP.205 209, May 2006 (http://isrc.nchu.edu.tw/ijns/) 205 A Hash-based Strong Password Authentication Protocol with User Anonymity Kumar Mangipudi
More informationIn this unit we are continuing our discussion of IT security measures.
1 In this unit we are continuing our discussion of IT security measures. 2 One of the best security practices in Information Security is that users should have access only to the resources and systems
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationSECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 3, March 2014,
More informationA SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS
ISSN 1392 124X INFORMATION TECHNOLOGY AND CONTROL, 2012, Vol.41, No.1 A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS Bae-Ling Chen 1, Wen-Chung Kuo 2*, Lih-Chyau Wuu 3 1
More informationENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION
International Journal of Computer Science Engineering and Information Technology Research (IJCSEITR) ISSN 2249-6831 Vol. 3, Issue 2, Jun 2013, 395-402 TJPRC Pvt. Ltd. ENHANCEMENT OF SECURITY FEATURE IN
More informationIssues, Threats and Future Trend for GSP
Issues, Threats and Future Trend for GSP L. Y. POR 1, X. T. LIM 2 Faculty of Computer Science and Information Technology, University of Malaya, 50603, Kuala Lumpur, MALAYSIA porlip@um.edu.my 1, emilylim1986@hotmail.com
More informationThe Best Keying Protocol for Sensor Networks
The Best Keying Protocol for Sensor Networks Taehwan Choi Department of Computer Science The University of Texas at Austin Email: ctlight@cs.utexas.edu H. B. Acharya Department of Computer Science The
More informationCryptanalysis of An Advanced Temporal Credential- Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks
Cryptanalysis of An Advanced Temporal Credential- Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks Chandra Sekhar Vorugunti 1, Mrudula Sarvabhatla 2 1 Dhirubhai
More informationAn Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards Al-Sakib Khan Pathan and Choong Seon Hong Department of Computer Engineering, Kyung Hee University, Korea spathan@networking.khu.ac.kr
More informationCaptcha as Graphical Password Authentication System with IP Blacklisting
IJIRST International Journal for Innovative Research in Science & Technology Volume 2 Issue 06 November 2015 ISSN (online): 2349-6010 Captcha as Graphical Password Authentication System with IP Blacklisting
More informationExposing vulnerabilities in electric power grids: An experimental approach
Exposing vulnerabilities in electric power grids: An experimental approach International Journal of Critical Infrastructure Protection Luigi Coppolino, S. D Antonio, and L. Romano (Tropea, 24-26 Settembre
More informationIntroduction...1. Authentication Methods...1. Classes of Attacks on Authentication Mechanisms...4. Security Analysis of Authentication Mechanisms...
WHITE PAPER A Security Survey of Strong Authentication Technologies Contents Introduction...1 Authentication Methods...1 Classes of Attacks on Authentication Mechanisms...4 Security Analysis of Authentication
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationImproved Password Authentication System against Password attacks for web Applications
Improved Password Authentication System against Password attacks for web Applications Vaishnavi Yalamanchili, Department of Computer Science & Engineering, Gudlavalleru Engineering College, Gudlavalleru,
More informationA Survey on Different Graphical Password Authentication Techniques
A Survey on Different Graphical Password Authentication Techniques Saranya Ramanan 1, Bindhu J S 2 PG scholar, Department of Computer Science, College of Engineering, Perumon, Kerala, India 1 Associate
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationIdentification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:
Identification, authentication, authorisation Three closely related concepts: Identification and authentication WSPC, Chapter 6 Identification: associating an identity with a subject ( Who are you? ) Authentication:
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More information