Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points

Similar documents
KNOWLEDGE BASED AUTHENTICATION MECHANISM FOR SECURED DATA TRANSFER

Cued Click Point Technique for Graphical Password Authentication

Graphical Password to Increase the Capacity of Alphanumeric Password

DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS

Innovative Graphical Passwords using Sequencing and Shuffling Together

Implementation of Knowledge Based Authentication System Using Persuasive Cued Click Points

Highly Secure Authentication Scheme: A Review

Authentication Using Grid-Based Authentication Scheme and Graphical Password

International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015

KNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS

Authentication schemes for session password using color and special characters

Survey on Various Techniques of User Authentication and Graphical Password

Captcha as Textual Passwords with Click Points to Protect Information

M.Ashwini 1,K.C.Sreedhar 2

Recall Based Authentication System- An Overview

A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method

A Novel Method for Graphical Password Mechanism

ISSN: (Online) Volume 2, Issue 10, October 2014 International Journal of Advance Research in Computer Science and Management Studies

MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE

International Journal of Advances in Engineering Research

Graphical Password or Graphical User Authentication as Effective Password Provider

Influencing Users Towards Better Passwords: Persuasive Cued Click-Points

A Novel Graphical Password Authentication Scheme

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

SECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE

Graphical User Authentication Using Random Codes

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

COMPARATIVE STUDY OF GRAPHICAL USER AUTHENTICATION APPROACHES

Image Password Based Authentication in an Android System

Design & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique

Address for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune

Improved Password Authentication System against Password attacks for web Applications

Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2

CARP: CAPTCHA as A Graphical Password Based Authentication Scheme

Result Based on Graphical Password and Biometric Authentication for High Security Rahul Bora #, Madhuri Zawar*

Available Online through

Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication

User Authentication Protocol

MULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION

A GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES

ChoCD: Usable and Secure Graphical Password Authentication Scheme

Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm

An Ancient Indian Board Game as a Tool for Authentication

A Novel Approach for Software Implementation of Graphical Authentication Methodology

Keywords security model, online banking, authentication, biometric, variable tokens

CARP-A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS

A Hybrid Password Authentication Scheme Based on Shape and Text

Captcha as Graphical Passwords (Security Primitive Based On Hard Ai Problems)

Enhancing CAPTCHA based Image Authentication for ID and Password

3LAS (Three Level Authentication Scheme)

Security Enhancement Using SCTP against Password Stealing in Multi-Homed Networks P.Venkadesh, S.V.Rajalakshmi, S.V.Divya

Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme

Survey Paper on Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud

Graphical Password Using Captcha

Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

MIBA: Multitouch Image-Based Authentication on Smartphones

FORTIFICATION AGAINST PASSWORD GUESSING ATTACKS IN ONLINE SYSTEM

Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices

Randomized Image Passwords and A QR Code based Circumnavigation Mechanism for Secure Authentication

Enhanced Textual Password Scheme for Better Security and Memorability

A VISUAL DICTIONARY ATTACK ON PICTURE PASSWORDS. Amir Sadovnik and Tsuhan Chen. Department of Electrical and Computer Engineering, Cornell University

International Journal of Pure and Applied Sciences and Technology

NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION

Captcha as Graphical Password- Based AI Problems

AN IMPROVED MAP BASED GRAPHICAL ANDROID AUTHENTICATION SYSTEM

A Multi-Grid Graphical Password Scheme

A Survey on Different Graphical Password Authentication Techniques

Usable Privacy and Security, Fall 2011 Nov. 10, 2011

A New Graphical Password: Combination of Recall & Recognition Based Approach

A BIOMETRIC FUSION OF HAND AND FINGER VEIN APPROACH FOR AN EFFICIENT PERSONAL AUTHENTICATION IN HEALTH CARE

ENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION

AES and DES Using Secure and Dynamic Data Storage in Cloud

Implementing a Secure Authentication System

Enhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones

SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD

3D PASSWORD AUTHENTICATION FOR WEB SECURITY

Passwords. EJ Jung. slide 1

Enhancing Reliability and Scalability in Dynamic Group System Using Three Level Security Mechanisms

A STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES

User Signature Identification and Image Pixel Pattern Verification

Stuart Hall ICTN /10/17 Advantages and Drawbacks to Using Biometric Authentication

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 5, Oct-Nov, 2013 ISSN:

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

An image edge based approach for image password encryption

The Design and Implementation of Background Pass-Go Scheme Towards Security Threats

ABSTRACT I. INTRODUCTION

Implementation of Color based Android Shuffling Pattern Lock

MODULE NO.28: Password Cracking

In this unit we are continuing our discussion of IT security measures.

A Methodology for Assigning Access Control to Public Clouds

Writer Recognizer for Offline Text Based on SIFT

Password Guessing Resistant Protocol

Quantifying the Effect of Graphical Password Guidelines for Better Security

Implementation and Design of Graphical Password System Using Image Fusion

Computer security experts often tell us not to choose an easy to guess word as a password. For example, the user name or date of birth.

Simple Text Based Colour Shuffling Graphical Password Scheme

Restricting Unauthorized Access Using Biometrics In Mobile

Finger Print Enhancement Using Minutiae Based Algorithm

Pixel Value Graphical Password Scheme: Fake Passpix Attempt on Hexadecimal Password Style

Transcription:

Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 4, April 2013, pg.211 216 RESEARCH ARTICLE ISSN 2320 088X Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points Karthhik.K 1, Keerthana.R 2, Porkodi.A 3, Udhayakumar.S 4, Kesavan.S 5, Mr.Balamurugan.P 6 1,2,3,4,5 Department of Computer Science and Engineering, Anna University Chennai, India 6 Associate Professor, Department Of Computer Science and Engineering, K.S.R. College of Engineering, Tiruchengode, India 1 kkarthhik@gmail.com; 2 jrk.keerthy@gmail.com; 3 porkodiksr@gmail.com; 4 udhayacs92@gmail.com; 5 kettavan.k7ksr@gmail.com; 6 pookumbala@gmail.com Abstract This paper presents a detailed evaluation of the Persuasive Cued Click Points password scheme which provides high level of security. An important goal of the authentication system is to provide support to users in selecting better passwords thus increasing security by expanding password space. The use of click - based pass words leads to the selection of passwords which can be easily hacked. We use persuasive technique to influence the user in selecting the password in random manner rather than using a particular sequence. Our method significantly reduces the drawbacks of the current authentication method that is being used. Key Terms: - persuasive; authentication; pass points; cued I. INTRODUCTION The problems of using knowledge based authentication are well known. The knowledge based authentication system includes the text passwords, biometric methods and graphical passwords. Users often have their text passwords which are easy to remember. Hence these methods prove an easier way for the hackers to trace the password by using several hacking techniques available. The use of text password scheme is definitely difficult for the users to remember, because in order to provide the better security users may use different text passwords for their purpose. In such cases, it will be difficult for the user to remember the passwords that is being used for the applications. The password authentication system that we use should provide strong passwords and also making it easy to remember. In the click-based password scheme, poorly chosen password will lead to emergence of hotspotsportion of the image where the users are more likely to select the click points. This makes it easy for the hackers to find the password scheme easily in an image. To overcome all these existing defects we provide an authentication scheme in which the user choice of selecting the password scheme plays a vital role. This method also provides a more secure password scheme. The use of persuasive technology persuades the user choice of selecting the password. The other methods include biometric and graphical methods which have their own drawbacks. The graphical passwords use a click based authentication scheme. The persuasive cued click points method uses the concept of persuading the user to select the password. Here the prediction of password is difficult for the hackers as it is generated in a random manner. The paper is organized in the following manner. We discuss about the graphical passwords, biometric passwords, literature survey, persuasive click points, methodology and the applications. 2013, IJCSMC All Rights Reserved 211

II. GRAPHICAL PASSWORDS Graphical passwords provide an alternative to text-based passwords that is intended to be more memorable and usable because graphical passwords rely on our ability to more accurately remember images than text [2]. In the click- based password method we use a concept called as PassPoints [3,4]which consists of sequence of click points on a given image. Graphical password method is a type of knowledge base authentication system. The technique used here is a cued click point s concept. In systems using this concept, the users will have to identify the previously selected locations within the images available. The cued click points concept is based on selecting a particular location in the image that will be displayed to the user during the authentication process. Also this selection of locations or pixels in the image will be based only on the particular sequence. When the location or pixel in the first image is given correctly, then the next image will be displayed to the user in a particular sequence. The user will have to select the correct location or pixel in the sequence of images that will be displayed consequently. The problem that frequently occurred while using the concept of cued click points concept is that, the user will have to select the location or pixel in the given image which will be the same order for the login process. The other classification of the password scheme that is used in the graphical password scheme is pass points. The difference between cued click points concept and the pass points is that in password scheme using pass points the user have to select some specific location or pixel in a particular image. This method proved to be less secure as there are many possibilities to trace the locations or pixels in a single image. III. BIOMETRIC PASSWORDS To overcome the difficulties of the graphical password scheme biometric password method came into existence. The biometric system offers several advantages. They are more reliable than the password -based authentication system as the biometric passwords cannot be forgotten or be lost. They are also difficult to copy and to be distributed. They also require the person to be authenticated should be present at the time of authentication. So it is difficult to forge the identification of the person or user. Some of the different biometric methods used are 1. Face recognition 2. Fingerprint 3. Hand Geometry 4. Iris scan 5. Keystroke 6. Signature 7. Voice Though the biometric methods offer different methods for authentication and have advantages over click points and pass points concepts, the biometric password system also has its own drawbacks. For example, if due to some unforeseen accidents if the fingers or face get damaged, then the biometric system using face recognition and finger print impression will get failed. The similar method is applicable for rest of the biometric concepts too. To overcome the difficulty of using the biometric method, we use the concept of persuasive cued click points. Fig 1 Examples of the different biometric methods used 2013, IJCSMC All Rights Reserved 212

IV. LITERATURE SURVEY Chiasson.S, Oorschot, P.C., and Biddle. R. in their paper, have discussed about the usage of Cued Click points concepts. The Cued Click- points concept is that, in a single image several click points will be present for the authentication purpose. D. Nelson, V. Reed, and J. Walling have discussed about the graphical password scheme. Though the graphical password method has several uses in the authentication system it can be easily hacked. Dirik, A.E., Memon, N., and Birget, J.C. Modeling explains about the problem in the usage of hotspots in click based graphical passwords. The hotspots are more vulnerable to dictionary attacks and reduce the effect of secure password system. Sonia Chiasson and Alain Forget in their paper showed the possibilities of prediction of password by using Cued Click points and Persuasive Cued Click points. The below graph shows such possibilities Fig 2 PPField Hotspot Guesses V. PERSUASIVE CUED CLICK POINTS (PCCP) The persuasive technology was first proposed by Fogg as a technology to make the users to have a better authentication system. The authentication system using the persuasive technology will allow users to select stronger passwords. A precursor to PCCP, Cued Click-Points (CCP) was designed to reduce patterns and to reduce the usefulness of hotspots for attackers. Rather than five click-points on one image, CCP uses one click-point on five different images shown in sequence. The next image displayed is based on the location of the previously entered clickpoint, creating a path through an image set. Users select their images only to the extent that their click-point determines the next image. Creating a new password with different click-points results in a different image sequence. The authentication method using the persuasive click points uses a more secure scheme for passwords. In this method we have to select a location or pixel in the given image. When the pixel value is given correctly then the next image will be opened in a sequence. The pixel value will be generated in a random manner. So it is difficult for the hackers to find the pixel value which will be generated in a random manner. The random order in which the pixel value should be given will be known only to the user. This is made possible by a simple technique. The images that are used for the password will be stored in a database. The random number in which the pixel value is to be given by the user will be intimated to the user through his mail or through his mobile phone. In case if the hacker finds the first image by brute force attack, it will be difficult for the hackers to find the second pixel value as the pixel value will be generated randomly. The other advantage of this method is, if the pixel value entered proves to be wrong, then the next image will be displayed even in such cases. But the secure way that lies here is that only if the correct value is given, the user will be able to login. If the wrong pixel value is entered, next image will be displayed which not lead to the correct login will screen. The other advantage is that, only the user will know the random order of the pixel value generated. This is because the random order will be sent to the user s mobile or to the mail id of the user. 2013, IJCSMC All Rights Reserved 213

VI. METHODOLOGY This system uses the concept of PCCP which provides high security.pccp uses the persuasive technology which was introduced by Fogg encourages the user to select stronger passwords. It makes user to select password in a more secured way. Sequence of images will be presented to the user. The click points which the user should select for the correct login will be generated to the user in a random manner. The user should select one click point per image. Based on the click point chosen next image will be displayed. To login they should use the correct sequence of click points. This system will be difficult for attackers where the sequence of image cannot be predicted easily. This method does not provide any alert messages, if the chosen image is wrong. It will be known to them only during the final click point. So the chance of guessing the sequence is very low. At first, registration of image will be done. There is a location called viewport in the image which will be positioned randomly anywhere in it. The user should select the appropriate point in the viewport for correct login, and they cannot be able to click anywhere outside the viewport. To reposition it shuffle button can be used. Shuffle button can be used only during creation of passwords. Later the image will be displayed normally without viewport to the user and they may click anywhere in the image. We apply this method of authentication in the bank sector. The modules used are described below. This is an example or the application for the persuasive click points concept. VII. MODULES DESCRIPTION The modules used are listed as follows: 1. Authentication 2. Graphical passwords 3. Image Based Registration and Authentication System (IBRAS): 4. Admin Process A. AUTHENTICATION: Authentication is a function where a user presents some credentials to the system. If the system recognizes this set of credentials or the credentials match a given set on the system, then the user is said to be authorized otherwise the user is not authorized. The user needs to be authorized to request services from the system. Before a user can be authenticated to the system, he has to be registered with the system for the first time. This step is called registration. So, for a new user, he has to get registered with a system and then authenticated before he can request services. In a basic authentication process, a user presents some credentials like user ID and some more information to prove that the user is the true owner of the user ID. This process is simple and easy to implement. An example of this type of authentication process is the use of user ID and password. A complicated process involves a user ID, password and a key value generated with time and which changes constantly at fixed intervals. A user is authenticated only if all three values are right. This is better and more secure than the basic authentication process as the user has to be there physically to use the changing key. Our authentication system can be classified under the simple authentication process which is more secure and powerful than the password based system. B. GRAPHICAL PASSWORDS: This is a simple system where a user presents a user ID and a password to the system. If the user ID and password match with the one stored on the system, then the user is authenticated. More details about the graphical passwords have been already discussed above. C. IMAGE BASED REGISTRATION AND AUTHENTICATION SYSTEM (IBRAS): IBRAS is a simple authentication system, which uses images as passwords. The user submits user ID and an image as credentials to the system. If the image matches with the one stored in the system, the user is authenticated. Images are easy to remember. It is not easy to guess images. Performing brute force attacks on such systems is very difficult. A first time user has to register him with the system by providing all his details. The interface guides the user in a step-by step fashion. No major change is to be made to the existing password based Systems to incorporate the use of images. The system remains simple as the Password based one. The images are not stored in the system. Only the hashed values are stored. The user carries the image with him. This system is easy for Internet applications also. 2013, IJCSMC All Rights Reserved 214

D. ADMIN PROCESS: We take the banking application as an example to explain the admin process. The process are explained as follows: 1. Account Creation Create account in user Send User Details Mail & Message. 2. Reports Customer Details Deposit Details Checking all customer Transactions 3. User View(encryption Format) Click Point Mail ID Secret questions and answers In the account creation process an account is created for each of the user who login. The details of the user are entered. The mail id and the phone number is also to be included in the details of user. The click points will be generated and it will be sent to the mail or to the user s mobile. The reports will be generated as we deposit or withdraw or perform any bank transactions. The example of the user authentication is shown below Fig 3: The option to send the random pass key and the image to be clicked using it. 2013, IJCSMC All Rights Reserved 215

Fig 4: A user navigates through images to form a PCCP password. Each click determines the next image. VIII. CONCLUSION The common security goal in password-based authentication systems is to increase the effective password space. This is achieved using user choice and is implemented using Persuasive Cued Click Points. This technique is highly suitable for places where high level security is required. A key feature in PCCP is that creating a harder to guess password is the path of least resistance and is achieved in this method, likely making it more effective than schemes where secure behavior adds an extra burden on users. The approach has proven effective at reducing the formation of hotspots and patterns, thus increasing the effective password space, while maintaining usability. REFERENCES [1] A. Adams and M. Sasse. Users are not the enemy. Communication of the ACM, 42(12):41 46, 1999. [2] Nelson, D.L., Reed, U.S., and Walling, J.R. PictorialSuperiority Effect. Journal of Experimental Psychology:Human Learning and Memory 2(5), 523-528, 1976. [3] Wiedenbeck, S., Birget, J.C., Brodskiy, A., and Memon, N.Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. Symp. on Usable Privacy and Security (SOUPS) 2005. [4] Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., and Memon, N. PassPoints: Design and longitudinal evaluation of a graphical password system. Int. Journal of Human-Computer Studies 63, 102-127, 2005. [5] S. Chiasson, P. C. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In 15th USENIX Security Symposium, August 2006. [6] S. Gaw and E. Felten. Password management strategies for online accounts. In 2nd Symposium On Usable Privacy and Security (SOUPS), July 2006. [7] A. Dirik, N. Menon, and J. Birget. Modeling user choice in the Passpoints graphical password scheme. In 3rd ACM Conference on Symposium on Usable Privacy and Security (SOUPS), July 2007. [8] S. Chiasson, A. Forget, R. Biddle, and P. C. van Oorschot. Influencing users towards better passwords: Persuasive Cued Click-Points. In BCS-HCI 08: Proceedings of the 22nd British HCI Group Annual Conference on HCI. British Computer Society, September 2008. [9] L. Jones, A. Anton, and J. Earp, Towards Understanding User Perceptions of Authentication Technologies, Proc. ACM Workshop Privacy in Electronic Soc., 2007. [10] L. O Gorman, Comparing Passwords, Tokens, and Biometrics for User Authentication, Proc. IEEE, vol. 91, no. 12, pp. 2019-2020, Dec. 2003. [11] A. Salehi-Abari, J. Thorpe, and P. van Oorschot, On Purely Automated Attacks and Click-Based Graphical Passwords, Proc.Ann. Computer Security Applications Conf. (ACSAC), 2008. [12] P.C. van Oorschot, A. Salehi-Abari, and J. Thorpe, Purely Automated Attacks on PassPoints-Style Graphical Passwords, IEEE Trans. Information Forensics and Security, vol. 5, no. 3, pp. 393-405, Sept. 2010. [13] B. Fogg, Persuasive Technologies: Using Computers to Change What We Think and Do. Morgan Kaufmann Publishers, 2003 2013, IJCSMC All Rights Reserved 216

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback